Implementing and configuring TLS and mTLS is a complex process that requires skills and time. It is prone to errors and even when implemented correctly it cannot guarantee that data transferred between endpoints is private. Session keys are vulnerable to misuse and can remove encryption. Also, the encryption is often terminated at cloud boundaries and servers and may not be restored afterwards.
The SEE™ protocol is automated with sidecars at endpoints. Hopr's sidecars are simple for DevOps to configure and deploy with each workload. SEE™ operates autonomously to create hardened communication channels that are continuous across all cloud environments at each new session. There is no key exchange so data protection is assured all the way to a trusted endpoint!
Currently, workload identity is based on automated tools that issue "PKI certs" to workloads when needed. But unlike root domains, these certs do not verify the workload identity before providing the cert, and when the workload certs are replaced at expiration (if they ever do expire) the workloads receive an entirely new identity credential that lacks any trace to its prior identity.
Hopr equips workloads with an identity credential that we call a MAID. MAIDs rotate frequently and are verifiable by Hopr at the start of each session to ensure identity trust.
Common workload identity certs rely on keys that are static and passed between endpoints. They require secure storage, and may be discovered by threat actors who can steal and misuse them.
Hopr issues workloads a MAID when trust is first established at registration. From then on, Sidecars manage and rotate their MAID frequently using the workload's history. They cannot be spoofed or used if stolen.