SEE™ is complete end-to-end encryption over the entire route between trusted workloads and the encryption can only terminate at trusted workload endpoints. mTLS is not supported everywhere in the cloud. It may terminate at any "boundaries" that occur where PKI credential authorities differ (e.g., the entry to a cloud). And techniques exist for both good and bad actors to remove TLS encryption. This can leave transport layer security gaps and disclose message data.
SEE™ relies on workload identity trust verification at the start of each communication session. mTLS in the cloud relies on automated PKI identity certificates which are generated without vetting the receiving workload identity. They lack the verification of workload trust that is necessary for SEE™. SEE™ is also much simpler and faster to implement. It does not involve the complexity of setting up PKI certificate authorities and managers, or key management systems, or secrets managers.
How does Hopr ensure the security of its products throughout the development process?
We break barriers and open the collaboration across development, security, and operations using automation to focus on rapid, frequent delivery of secure infrastructure and production software. Hopr uses GitLab’s secure cloud development facilities as the DevSecOps development platform for our products. GitLab is a Software-as-a-Service (SaaS) that provides cloud-based secure environments especially tailored to product developments, testing, and code repositories for products such as hopr’s XTRA. Hopr’s GitLab data is encrypted both in transit and at rest.
Can different sidecars be used or must they be identical?
Pre-configured sidecars are identical, and contain tens of thousands of CHIPS algorithms. But XTRA sidecars must be configured to work with the same CHIPS™ algorithm (a process performed by a DevOps engineer) if they are to perform synchronous ephemeral encryption (SEE™) and build a zero trust automated moving target defense around a pair of workloads. For K4C sidecars, a specific algorithm for connecting to Hopr is not configured on deployment, but is instead selected at the time a session with an external workload occurs.
Stay in touch with us
Sign up for our awesome newsletter! No spam ever.
Thank you! Your subscription is confirmed.
Oops! Something went wrong while submitting the form.
