K4C provides AMTD threat protection for public-facing workloads and API endpoints that interact with external organizations.
“The Kerberos security pattern is well-proven. What Hopr has developed is a novel implementation of Kerberos that will enhance protection of cloud workloads.”
Senior Director, Global Technology Analyst
Secure East-West and North-South traffic with a zero trust
automated moving-target defense
Have your suppliers and other external partners register with Hopr and deploy Hopr K4C sidecars with their workloads. This is necessary to connect with your organization’s workloads using K4C.
Make sure K4C is enabled in your Hopr license. DevOps deploy K4C sidecars just the same as XTRA. Edit a YAML file to select a specific CHIPS algorithm and configure any other Envoy proxy configurations.
Run the YAML file to pull the K4C-enabled sidecar from Hopr’s container repository and deploy it in the same infrastructure pod with its host workload.
Once deployed, the K4C sidecar begins protecting your public facing workload API endpoint and its messages/data immediately. A new hardened tunnel is built with trusted external workloads at every session.
To have verifiable trust, your partners must have a K4C sidecar with their own configured CHIPS algorithm. For security reasons, algorithms are not shared outside your enterprise.
Yes. K4C can broker trust and establish workload session in any cloud environment and client and server workloads do not have to be in the same environment.
Of NIST’s seven Zero Trust principles, K4C meets six of them. The principle that is not met (by choice) is “monitoring.” Due to our desire to lower customer cyber risk, none of our code touches customer data.
K4C is identical to XTRA with one exception. K4C has the added capability to connect with Hopr to enable identity trust verification with external (public-facing) workloads operated by outside organizations.
Yes. K4C can be deployed with any containerized system (e.g., Kubernetes, Docker Swarm). It can also work with containers deployed in VM architectures.
Very little. K4C is simple for DevOps and DevSecOps engineers to deploy to production. They only need to edit a familiar YAML file to configure a sidecar container and deploy it. Once deployed maintenance is infrequent.
None of Hopr's proprietary code is in contact with company data as it moves through the sidecar. The code that performs message routing and encryption/decryption is open source software that is well-maintained.
With K4C, Hopr operates as a trusted identity verification agent and session broker. Before external workloads connect with each other. Hopr separately verifies trust in each organization's workload using their MAID and the decryption of their messages to Hopr.