Want a More Secure, More Effective Cloud? Watch Your Machine Identities.

Want a More Secure, More Effective Cloud? Watch Your Machine Identities.
kdobieski
Fri, 12/14/2018 – 15:45

Long before the invention and adoption of the cloud, the importance of protecting user identities, the identities of people, was obvious. File systems and operating systems going as far back as the 1970s, if not earlier, have had user access built-in. People are assigned usernames and passwords, and files and folders are configured to be accessible only to certain users or user groups.  

There are many different methods of authentication, but passwords are one of the oldest and most frequently implemented. If I want to install a new package on my Linux desktop, I’d better know my root password! An attempt by a cyber attacker to privilege escalate within my operating system may entail trying to crack my root password. This is why organizations spend lots of money and resources to make sure that only authorized users have access to their authentication credentials. These user identities can apply to individual devices, local networks, wide area networks, online services, and cloud networks of all kinds. 
 
Users have identities, but so do machines, including those in the cloud. A classic type of machine identity is a TLS certificate for an HTTPS website, or any other sort of TLS/SSL encrypted internet service. Code-signing certificates are machine identities that help to verify that software is authentic and legitimate. Also, machine identities, such as SSH keys can help assure that only authorized clients can securely gain remote access to sensitive computer systems via the SSH protocol. But what I’d most like to talk about today is how TLS certificates can be used as machine identities for microservices and containers within cloud networks.  
 

Related Articles

 

secure cloud machine identities
Guest Blogger: Kim Crawley

Long before the invention and adoption of the cloud, the importance of protecting user identities, the identities of people, was obvious. File systems and operating systems going as far back as the 1970s, if not earlier, have had user access built-in. People are assigned usernames and passwords, and files and folders are configured to be accessible only to certain users or user groups.  

There are many different methods of authentication, but passwords are one of the oldest and most frequently implemented. If I want to install a new package on my Linux desktop, I’d better know my root password! An attempt by a cyber attacker to privilege escalate within my operating system may entail trying to crack my root password. This is why organizations spend lots of money and resources to make sure that only authorized users have access to their authentication credentials. These user identities can apply to individual devices, local networks, wide area networks, online services, and cloud networks of all kinds. 
 
Users have identities, but so do machines, including those in the cloud. A classic type of machine identity is a TLS certificate for an HTTPS website, or any other sort of TLS/SSL encrypted internet service. Code-signing certificates are machine identities that help to verify that software is authentic and legitimate. Also, machine identities, such as SSH keys can help assure that only authorized clients can securely gain remote access to sensitive computer systems via the SSH protocol. But what I’d most like to talk about today is how TLS certificates can be used as machine identities for microservices and containers within cloud networks. 

*** This is a Security Bloggers Network syndicated blog from Rss blog authored by kdobieski. Read the original post at: https://www.venafi.com/blog/want-more-secure-more-effective-cloud-watch-your-machine-identities