Over a million developers have joined DZone.

How Dyadic Secures Keys on All Devices and Platforms

DZone 's Guide to

How Dyadic Secures Keys on All Devices and Platforms

To be as secure as possible, use DevSecOps principals to build cryptography into the data layer. Data is the new oil, treat it as such.

· Security Zone ·
Free Resource

Thanks to Oz Mishli, V.P. of Products at Dyadic for sharing with me how they provide a virtual hardware security module (vHSM) for all devices and platforms, securing cryptographic in the compute environment whether it’s racks for data centers and cloud or end-point devices. Software-defined cryptography provides a software solution without any need for hardware by ensuring that keys are never exposed in the clear at any point in time.

Q: What do you see as the most important elements of security?

A: Perimeter security is gone. You must assume your environment is compromised. As such, focus on securing the data itself. Build more security into the data and the applications. The data center is either moving to, or already operating in, the cloud. There are a lot of trust issues. There is constant pressure to satisfy regulators when data is hosted on someone else’s infrastructure.

Q: Which programming languages does Dyadic use?

A: C and C++ for cryptography. Java for the higher-level layers of our products.

Q: How is the cybersecurity threat landscape changing?

A: There’s a proliferation of data breaches. There are no bounds for the creativity of hackers bypassing detection tools. Make the infrastructure more resilient by using cryptography to create trust foundations in the architecture. These trust foundations shall constitute the root of trust across all environments.

Q: What kind of security techniques do you find most effective?

A: Building security into the data layer, and building security into the applications. In general, you cannot make assumptions about the security of the environments where your applications and data will reside. Thus, security has to be built into the applications and the data.

Q: What are some real-world problems you are helping clients solve by securing applications and data?

A: 1) Control private keys in the public cloud. Do everything on the cloud, with any cloud service provider while maintaining full control of cryptographic keys without ever exposing them. 2) In a cloud-native environment, securing microservices can be challenging. Microservices are ephemeral, living and dying in short timeframes. Dyadic allows you to store secrets securely and assign IDs to containers without leaks or compromises. Secrets and identities never exist in the clear at any point in time.

Q: What are the most common issues you see affecting security?

A: 1) Key management and cryptography are the core of any security architecture. Because secure key management requires hardware, it didn’t scale well to the cloud. Thus, customers have a hard time keeping their infrastructure secure and resilient across on-premise and multiple clouds. Our solution is a pure-software solution with the security benefits of hardware, abstracting key management across all environments. 2) Crypto-agility is becoming more and more important as crypto vulnerabilities show up. ROCA, a recent example, is particularly difficult because it hurts the security profile of every product built on top of the vulnerable chip. Software is very easy to make changes to and patch when things go wrong, hardware is much more difficult.

Q: What’s the future of security from your point of view?

A: We’re not in good shape in how we treat security, particularly critical infrastructure security. We’re pretty much broken there. We have to look at the critical infrastructure to ensure it is secure. Things like the Ukraine power grid hack is a huge concern, and we’re likely to see more examples, unfortunately. In general, more innovation and focus is needed on protecting data and applications.

Q: What do developers need to keep in mind with regards to security?

A: Build security into the design and development process. Do not wait until you’re going into production to think about security. Give security the upfront planning it deserves.

security ,cryptography ,devsecops ,cloud security ,database security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}