Introduction
DevSecOps is all about allowing the participants – Developers, Security, and Operations, to work together in securely developing, deploying and running applications in hybrid cloud infrastructures. The main goal is to reduce the drag on application deployment in legacy and multi-cloud infrastructures without sacrificing data security. Ultimately, organizations want to remain compliant with major data privacy regulations and protect their sensitive data in applications from being exposed when data breaches occur.
DevOps (Development Operations) is always trying to maximize the velocity of software delivery, whereas SecOps (Security Operations) is always lagging behind to ensure that sensitive data does not get into the hands of bad actors or the competition. The CipherTrust Platform Community Edition bridges the gap between DevOps and SecOps, by providing a clear separation of duties for those who implement security policies, and those who manage/monitor the policies to assess compliance.
Adding Data Protection to Multi-cloud Applications can be Challenging
DevSecOps teams face the following problems when protecting sensitive data in multi-cloud applications:
- Cloud applications need to be modified: DevSecOps teams have to modify cloud applications to insert RESTful calls for encrypting/tokenizing data. They cannot modify these applications when they do not have access to the source code or they do not have rights to modify the database where the application’s data is stored.
- Data protection across a multi-cloud infrastructure is complex: Protecting data using each cloud provider’s native security services can soon become complex to manage, unless you choose a single data security platform that works across a multi-cloud infrastructure.
- Implementing data security requires specialized skills: Data protection involves knowledge of data security platforms that provide centralized key management and encryption/tokenization functionality to anonymize sensitive data. Cryptographic-specific knowledge of incorporating data security functionality is difficult to find in general application developers.
CipherTrust Platform Community Edition Simplifies Data Protection
The CipherTrust Platform Community Edition enables DevSecOps to rapidly deploy data protection controls into hybrid and multi-cloud applications. It simplifies deployment of centralized key management, encryption and tokenization controls into multi-cloud applications in minutes instead of weeks, as compared to other data security solutions available in the market today.
The CipherTrust Platform Community Edition includes the following CipherTrust Data Security Platform products enabling DevSecOps to quickly deploy data protection into multi-cloud applications.
- CipherTrust Manager Community Edition: Includes a Virtual free-forever version of the CipherTrust Manager that enables developers to protect sensitive data by modifying applications using RESTful calls for centralized key management and encryption operations.
- CipherTrust Data Protection Gateway: Enables DevSecOps to transparently protect sensitive data in REST APIs, without modifying cloud native or on-premise applications.
- CipherTrust Transparent Encryption for Kubernetes: Enables DevSecOps to transparently protect data inside containers or external storage accessible from containers, without modifying containerized applications.
Community Edition is available from Microsoft Azure and Google Cloud Marketplaces.
Ways to Protect Sensitive Data in Cloud Applications
With CipherTrust Platform CE, DevSecOps have the following options to deploy data protection controls in a fraction of the time it takes with other solutions available in the market today.
- Centralized Key Management: Developers can use this option independent of the CipherTrust connectors if they know data protection technologies and have access to the source code of the corresponding applications. Developers can insert RESTful calls into applications, to incorporate key management and encryption/ tokenization services centrally provided by the Virtual CipherTrust Manager. This has to be done during application development and test phase - well before deploying applications in multi-cloud infrastructure.
- App-level Data Protection: DevSecOps who do not have access to the application source code, can rapidly protect data in REST APIs by using CipherTrust Data Protection Gateway. They can set up data protection policies in CipherTrust Manager, to selectively encrypt/decrypt sensitive data in specific REST API calls for specific applications, without modifying the application. Community Edition is fully compatible with Kubernetes orchestration systems, such as Helm, Ansible, and Terraform, and includes three Data Protection Gateway licenses to protect three applications registered on CipherTrust Manager.
- Data Protection for Kubernetes environments: DevSecOps who do not have access to the source code of containerized applications, can transparently protect data inside containers and external storage accessible from containers with CipherTrust Transparent Encryption for Kubernetes. Community Edition includes three licenses to protect file-systems/volumes accessible by a three-node Kubernetes cluster.
Speedup DevSecOps Processes
Thales’ CipherTrust Platform Community Edition makes it easy for DevSecOps to deploy data protection controls into hybrid and multi-cloud applications in a fraction of the time it takes with other data protection solutions available in the market today.
-
Improve efficiency:
Enables DevSecOps to rapidly deploy data protection controls into hybrid and cloud-native infrastructure, with full separation of duties. It speeds-up continuous integration and cloud (CI/CD) processes required to protect data in cloud-ready applications. -
Simplify centralized key management and encryption functions:
Developers can centralize key management and encryption policies across multi-cloud applications using a Virtual CipherTrust Manager. When required, one can upgrade to a version of CipherTrust Manager that works with a FIPS 140-2 Level 3 certified Thales' Luna Hardware Security Module to provide a secure root of trust. -
Transparently Deploy Data Protection into Multi-cloud Applications:
DevSecOps can rapidly protect data in legacy and cloud-native applications in minutes rather than weeks. They can protect sensitive data in RESTful calls and containers without modifying a single line of application source code.
Learn More about CipherTrust Platform Community Edition.
Launch CipherTrust Platform CE from:
- Microsoft Azure marketplace
- Google Cloud Platform marketplace (Coming soon)