Skip to main content
banner image
venafi logo

Why Key Management Is Critical for Hybrid Clouds

Why Key Management Is Critical for Hybrid Clouds

February 25, 2021 | Scott Carter

Moving to the cloud? So are your peers. According to Cisco Global Cloud Index (2016-2021), 94% of all workloads will be cloud-based by 2021. But cloud implementation strategies are not so clear cut. An Everest Group Survey of 200 enterprises found that over 70% described their cloud as hybrid-first or private-first. As a result, many organizations are faced with the challenge of providing consistent security across implementations.

Key management is no exception. Many organizations that we speak with are struggling with extending machine identity management into their hybrid cloud environments. What many of them don’t realize is that they will still have the same responsibility for protecting machine identities in the cloud as they do in on-premises environments.

Some assume that they won’t have to care about PKI anymore because  whenthey turn over responsibility to the cloud service provider, a wide range of PKI functions will be handled for them. And that's just not true.

In terms of machines, they do operate the same in the cloud as they do on premises. But that also means you will be responsible for managing the same machine identities in the cloud that you manage on premises. Why? Cloud services are the same as other managed services. It's just another kind of infrastructure that organizations can leverage. But would you feel comfortable giving your keys to a managed service provider without some level of control? It’s the same thing with the cloud.

Moving to the cloud will require access to your keys, but you need to think long and hard about how to maintain ownership over your keys in the cloud the same as you do on-premises. Essentially, you must ensure that the cloud instance is available and that there's no issue with its machine identities. You still have to provision the certificates, you have to renew them, and you have to revoke them.

That process will be even smoother if you can get a consistent view of machine identities across both cloud and on-premises. But many organizations aren’t thinking that way yet.

When organizations move to the cloud, it’s tempting for them to ask their cloud provider to provide certificates to secure communications between cloud instances. The cloud provider offers a service for  certificate management. So, no problem, right? Well if you think about it a bit more, you may start to ask security questions, such as where are the private keys located, how many are they using on cloud servers, and who's taking care of the certificates there? Unfortunately, many organizations have trouble fully answering those questions. They simply have no idea where their keys were and who owned them in the cloud.

Do you really want to give up responsibility of your PKI and control of your keys? Ideally, the keys from the cloud are part of your complete machine identity inventory. That way you will know where they are installed, and who owns them.

Granted, most companies understand that there are risks they may not have considered when moving to the cloud. Many have already dealt with similar issues when managing machine identities in their on-premises infrastructure, and taking it to the cloud only adds complexity. Because most organizations use a hybrid or multi-cloud approach, it may be difficult to maintain consistent visibility and protection across all instances.

Organizations need to understand that cloud instances are just an extension of their on-premises infrastructure and should be treated just the same in terms of managing machine identities. They need to secure their keys and certificates in the same way everywhere. They still want to be able to enforce security policies, automate the certificate lifecycle and monitor all machine identity usage and behavior—just as they do in physical infrastructures.

Related Posts

Learn more about machine identity management.

Like this blog? We think you will love this.
Featured Blog

Using mTLS in Kubernetes: Top Reasons

TLS everywhere is a good practice

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more