Enhancing Red Hat OpenShift with hardware cryptography

Click for: original source

The purpose of the blog is to introduce you to incorporating high assurance cryptographic security with hardware security modules (HSMs) into your Red Hat OpenShift projects. Since this might be new territory for some in the developer community, author will take a moment to explain what an HSM is. By Oli-Wade.

An HSM is a specialized hardware device that is designed for the purpose of protecting encryption keys and conducting cryptographic processes such as creating digital signatures. Keys are generated according to strict security standards and based on an internal high-quality entropy source. HSMs are robust, tamper-resistant devices that incorporate innovative security features to ensure the protection of sensitive key material.

Where HSM fits in the context of the OpenShift platform

Source: https://securityboulevard.com/2020/07/self-contained-ready-and-secured-enhancing-red-hat-openshift-with-hardware-cryptography/

The alternative to using an HSM is to store encryption keys in software – which can be risky since skilled attackers can identify critical key material based on its unique, random characteristics. High value keys should be protected to the best achievable standards, since their loss might cause considerable financial and reputational damage – as well as a compliance violation. HSMs provide this protection and many are certified to internationally-recognized standards like FIPS 140-2 and Common Criteria, while also being recognized by security auditors as an effective tool to mitigate cyber risk.

The article describes how to go about:

  • Building container images
  • Running containerised applications in OpenShift
  • Increased application security

To learn more about nCipher nShield HSMs and the integration with Red Hat OpenShift, download their solution brief on the page. Good read!

[Read More]

Tags devops infosec continuous-delivery containers