Articles by

Tom McNamara

IAM in a Box

Containers are an important part of modern cloud engineering. They evoke the idea of portability and relocation. But in the cloud this is often inhibited because they become anchored to external services within a particular cloud environment, and it becomes difficult to relocate them to a different environment. This article describes how containers can be freed and portability restored.

Tom McNamara

July 8, 2023

A Short History of Moving Target Defense

Automated Moving Target Defense (AMTD) is emerging in the cybersecurity market as a new form of moving target defense (MTD). Not many people know that MTD is not new. It has been used effectively in communications security and information security for over 50 years before it appeared as a cybersecurity strategy. Today’s AMTD is a generational improvement over MTD, even the MTD from just a few years ago. The latest forms of AMTD are built for the cloud and are far more sophisticated than their predecessors. One new form even combines AMTD with Zero Trust to produce a strategic combination that amplifies the cybersecurity benefits at a relatively low cost.

Tom McNamara

July 8, 2023

Why Is the Trend of API Attacks Still Increasing?

APIs have become essential to delivering business services from the cloud. But they have also become a big vulnerability point for business risk. They can leak a lot of data and are lucrative attack points for threat actors. Many API security solutions are operating, but the attack statistics are still rising. I think I know why, and AMTD is how to fix it.

Tom McNamara

July 8, 2023

An Unintentional Secret - Automated TLS and its Zero Trust Fallacy

Transport Layer Security (TLS) and its companion, mutual TLS (mTLS) are stalwart security protocols known for encrypting communications over the Internet. When they are applied to root domains (such as is the case for Web domains and browsers) they represent identity trust. However when they are implemented with automated PKI certificates, they lose an important security quality: identity trust. Due to the speed and scale of cloud automation, the intermediate certificate authorities that issue PKI certificates eliminate vetting of the receiving identity (a containerized workload).

Tom McNamara

July 8, 2023

Small, Fast-moving Targets

Containerized workloads are the basic building blocks of modern day applications and services. And Application Programming Interfaces (APIs) are the code that stitches the workloads together to build a scalable application or business process. They are attractive targets for sophisticated adversaries that have time and skill to bypass traditional perimeter defenses and gain access to enterprise resources such as workloads, then they can easily move laterally and attack APIs. A moving-target defense (MTD) is a great strategy for protecting sensitive workloads and data. This article describes three components of an MTD for containerized workloads and data.

Tom McNamara

July 8, 2023

A Moving Target Defense for the Cloud

Moving business services to the cloud offers enterprises significant benefits, but it include some big risks and challenges for security and data privacy, too. The marketplace offers many solutions for protecting business systems and data, but many of them were built before the cloud when the systems and data were on-premises. Data on cyber attacks to the software supply chain and APIs indicates that traditional solutions aren't performing too well in the Cloud. A "lift-and-shift" approach to digital transformation won't work and may be very costly. Operating in the cloud requires new thinking about security and a moving target defense is a great "cloud-native" security strategy to consider.

Tom McNamara

July 8, 2023

Four Dilemmas of Keeping Secrets

Secrets are essential to security in cloud operations. Digital Transformation, new cloud and software architectures, and new technologies such as docker and kubernetes are producing an explosion of secrets and APIs. The secrets and APIs are a popular vulnerability path for data theft. The conventional options to manage secrets for humans and monolithic apps in a data center cannot meet the scale, reach, speed, and protection needed in the cloud. In fact, they create four dilemmas for enterprise security and risk professionals: Secrets Chaining, Secrets Leakage, Machine Secrets, and Secrets Injection. In addition to describing the how and why behind each of these secrets dilemmas, the article also presents three principles to solve all four dilemmas with a single innovative approach.

Tom McNamara

July 8, 2023

Vanishing Secrets

Not all secrets need persistence and storage. There are times when encryption secrets can be ephemeral. It's been estimated that 80% of Internet traffic is due to APIs, and nearly every API requires a secret to prove identity and establish trust of the machine making a request. These secrets should be vaulted if they're static. But this requires yet another API and more secrets. We think ephemeral secrets are a better choice for APIs and we invented a novel approach to create secrets that vanish and don't need to be stored.

Tom McNamara

July 8, 2023

Machine Identity - Who’s Who in the Cloud?

Identities for machines operating in the cloud, like humans in the natural world, are an important quality that is essential to trust, authorization, and authentication. Machines are identified by cryptographic material that takes the form of a certificate. But in the cloud, it is challenging to find, track, and manage the many certificates that are dynamically assigned and used. New approaches to managing machine identities in a zero trust cloud environment are needed to realize secure business operations in the cloud.

Tom McNamara

July 8, 2023

Keeping Secrets Is Hard

Keeping secrets is hard because they have to stay secret to deliver security. And for machines and workloads in the cloud the consequences to lost secrecy can ripple through the entire business and bring down many digital operations in an instant. Leakage of digital secrets occurs almost naturally over time; disclosure eventually happens and secrecy is lost. But the risk of lost secrecy and the impact to cloud operations is minimized with the right tools.

Tom McNamara

July 8, 2023

When Zero is a Good Thing

As businesses migrate more of their critical processes and data to the cloud and procure SaaS solutions, their attack surface grows significantly. This makes it harder to achieve a zero trust posture, and more risk occurs for employees with the Secret Zero to everything. While tools such as Machine Identity Managers and Secrets Managers (vaults) are improvements for today, they do not solve the growing problem of competition between zero trust and ever-scaling attack surfaces. A strategic solution that responds to the challenges in new ways is needed. (click to read more)

Tom McNamara

July 8, 2023

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SolutionsHow It WorksUnique FeaturesProductsPricingContact usSecurityAboutPrivacy policiesTerms of service
Hopr provides cloud native cybersecurity solutions that prevent attacks on  workloads, APIs, and data in transit.

Our patented Codes Hidden In Plain Sight (CHIPS™) technology and Synchronous Ephemeral Encryption (SEE™) protocol create a 'verified trust' form of Automated Moving Target Defense (AMTD)

Hopr disables threat actors and their methods and prevents attacks across organizations and cloud environments.
copyright 2021-2023 | Hopr Corporation
CHIPS™ and SEE™ are trademarks of Hopr Corporation
CHIPS™ technology and the SEE™ protocol are
protected by US Patents and patents pending.