Machine Identities and Secrets

When Zero is a Good Thing

Tom McNamara

July 8, 2023

In competition a score of zero is never a good thing. No sports team wants to end a contest with the scoreboard displaying their score as zero. It’s also not a good situation for your bank account or your car gas tank. But there are a few areas of life where zero is a good thing. It's a good thing to have zero accidents or speeding tickets on your driving record. And it's good to have zero data breaches if you are a digital businesses; a “zero” that is becoming increasingly uncommon. But is it possible to achieve that record? Maybe, but it won’t happen unless businesses evolve their business strategy in three important "zero" areas.

Zero Trust

The term “zero trust” describes an operational concept where implicit trust is removed from all of the computing infrastructure used by a digital business and replaced with strictly managed, real-time, adaptive trust levels for just in time, and just enough, access to its resources.

With business processes and data migrating from controlled enterprise data centers with hardened, secure perimeters to the cloud and SaaS solutions, the trust that was formerly known can no longer be assured. In the cloud, business processes and data exist on multiple “machines” and workloads, such as containers, VMs, applications, and services are enabled and disabled dynamically.  A business cannot know for certain where their data is moving and on whose hardware the processing occurs. The cloud may bring mores security, but it also obfuscates much of the security that once was managed by employees within its data center.

A “Zero Trust” approach hardens security for the perimeter of a business' processing and data and also within its networks and operations. Machines must explicitly authenticate to one another before sensitive operations occur, and it requires access control policies that limit the machine operations that may occur (equivalent to authorization and ACLs for humans). And the authentication and authorization of machines must be backstopped with monitoring, logging, and auditing to assure the security of critical data and processes.

ACLs, VLANs, IP-based firewall rules, and IAM security policies developed for enterprise data centers lack the intra-application communication visibility required for granular security controls and policies. Merely applying enterprise data center policies to cloud deployments forces security teams to adopt manual communication tracing, which cannot scale.

Zero Attack Surfaces

Another area where zero is a good thing is with attack surfaces. Attack surface area is a metaphor for the size of the “target” an attacker can see and exploit. The larger the surface area, the more opportunities available to attackers and the more difficult it is to defend against them. Although attack surfaces for digital businesses can never be zero (they would have to disconnect from the Internet), it is important to keep the concept in mind for security purposes.

For reasons of cost and performance, businesses are moving more of their critical processes and data to the cloud and modernizing monolithic legacy applications by integrating (or replacing) them with modern architectures such as microservices and serverless, or relying on outsourced SaaS applications. Microservices are small pieces of code performing only a few (or even a single) functions that use and produce data to other workloads, usually through REST API endpoints. Consistent with zero trust principles, each microservice API requires an identity and a key (i.e., a secret) for connection and authentication to other workloads. These credentials are critically important to protect business processes from misuse and assure data integrity. To help businesses secure, monitor, log, and audit the many processes that run on their infrastructure, Machine Identity Management (MIM) and Secrets Management (SM) tools were modeled off of human IAM tools. 

But with many static keys across multiple vendor clouds, a lack of access control governance, multiple non-unique machine identities, high workload volumes, and a reliance on DevOps pipeline processes the machine IAM, adapting conventional human-based IAM tools to machines is not the solution. For one thing, the attack surface of critical business operations is significantly larger than what it might have been in the enterprise data center. Without proper management of machine identities and secrets, the security and continuity of business operations relies only on logging, monitoring, auditing. But these should not be the defense and instead should serve as backup safeguards. Also, conventional logging, monitoring, and auditing functions occur at the perimeter and do not apply to internal operations.

The Solar Winds security incident that captured the attention of the US cybersecurity establishment in December 2020 illustrated how some of the most critical assets of commercial and government operations were exploited by a sophisticated nation state actor. The attack exploited seams between name-brand software vendors, software supply chains, and privileged access management tools across cloud environments to misuse privileged accounts, issue new accounts and privileges and then move laterally inside businesses. With privileged access, the attackers carefully evaded detection by logging and monitoring tools. 

Secret Zero

At some point, machined identities and secrets managed by security tools and  stored in encrypted vaults require additional keys to protect the ones that are encrypted and stored. But eventually, all tools, including machine identity and secrets managers, become the responsibility of a human. This is where ‘Secret Zero’ lives. It is the one secret that controls all of the other secrets. Borrowing from the novel Lord of the Rings, it's the “one ring to rule them all.” For example, certain individuals in an enterprise are entrusted with the authority and credentials to access and operate the security systems and tools that protect critical business operations. Those individuals login to those systems and tools with their usernames and passwords and, hopefully, an MFA service. They configure tools, and establish user accounts and permissions, too. What happens if those get hacked? You guessed it, the attacker has access and authorities to the business’ crown jewels.

As a way to confirm the security of their digital resources, security-conscious businesses use professional “red teamers” (think ‘white hat’ attackers) to independently evaluate all possible vulnerabilities and exploitation paths into their networks and infrastructure. Red teamers love the human elements of an attack surface the most. They consider humans to be prime security vulnerabilities. Even with all of the sophisticated and automated MIM and SM technology, humans are still a weak point because they have the key (Secret Zero) that controls access to everything else. They are the soft underbelly of security that can bring down everything. And sophisticated attackers are patient; they aren’t in a rush and will spend the time needed to find and exploit human vulnerabilities.

What is the best defense?

As businesses migrate more of their critical processes and data to the cloud and procure SaaS solutions, their attack surface grows and competes with efforts to achieve a zero trust posture, and the risk for employees with the Secret Zero also increases. While today’s MIM and SM (vaults) tools are improvements, they do not solve the growing conflicts between zero trust, ever-scaling attack surfaces, and human vulnerabilities. These need a strategic shift in thinking and new solutions. At hopr, we’re re-thinking the problem and innovating solutions such as: secrets that self-rotate and self-synchronize at operational scales; workloads with identities that increase trust with time; decentralized secret storage with centralized secrets management; and secret zeros that remain hidden. Our innovations ensure machines, workloads, secrets, trust and security scale together and deliver security and cost benefits to digital businesses.

Keep Reading

Machine Identity - Avoid the Crisis

Machines operating across the Internet outnumber humans by a ratio of three-to-one. This will rise dramatically as more Internet of Things (IOT) devices arrive. Existing approaches for managing identity and trust for a massive number of machines rely on centralized and legacy solutions that won't work for the machine era. A decentralized solution capable of speed, trust, and agility is needed to avoid a crisis and enable a graceful transition to high trust machine identities.

Author Avatar
Tom McNamara

December 9, 2023

IAM in a Box

Containers are an important part of modern cloud engineering. They evoke the idea of portability and relocation. But in the cloud this is often inhibited because they become anchored to external services within a particular cloud environment, and it becomes difficult to relocate them to a different environment. This article describes how containers can be freed and portability restored.

Author Avatar
Tom McNamara

July 8, 2023

An Unintentional Secret - Automated TLS and its Zero Trust Fallacy

Transport Layer Security (TLS) and its companion, mutual TLS (mTLS) are stalwart security protocols known for encrypting communications over the Internet. When they are applied to root domains (such as is the case for Web domains and browsers) they represent identity trust. However when they are implemented with automated PKI certificates, they lose an important security quality: identity trust. Due to the speed and scale of cloud automation, the intermediate certificate authorities that issue PKI certificates eliminate vetting of the receiving identity (a containerized workload).

Author Avatar
Tom McNamara

July 8, 2023

Machine Identity - Who’s Who in the Cloud?

Identities for machines operating in the cloud, like humans in the natural world, are an important quality that is essential to trust, authorization, and authentication. Machines are identified by cryptographic material that takes the form of a certificate. But in the cloud, it is challenging to find, track, and manage the many certificates that are dynamically assigned and used. New approaches to managing machine identities in a zero trust cloud environment are needed to realize secure business operations in the cloud.

Author Avatar
Tom McNamara

July 8, 2023

Keeping Secrets Is Hard

Keeping secrets is hard because they have to stay secret to deliver security. And for machines and workloads in the cloud the consequences to lost secrecy can ripple through the entire business and bring down many digital operations in an instant. Leakage of digital secrets occurs almost naturally over time; disclosure eventually happens and secrecy is lost. But the risk of lost secrecy and the impact to cloud operations is minimized with the right tools.

Author Avatar
Tom McNamara

July 8, 2023

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Use CasesHow It WorksUnique FeaturesHopr ConnectHopr Connect GatewayPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr enables on-demand, verified-trust, ultra-secure application networking across clouds, organizations, and ecosystems.

Our patented technology and  protocols form Cloud Native Automated Moving Target Defense (AMTD) around workloads, API endpoints, and data in transit.

Hopr's AMTD disrupts threat actors and proactively prevents cyber attacks to increase cyber resilience.
copyright 2021-2023 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ technology the MAID and SEE™ protocols
are protected by US Patents and patents pending.