Secrets management in multi-cloud environments

Cloud computing and the multi-cloud environment

Multi-cloud environments have plenty of benefits, but many of them begin with the benefits of cloud computing in general, things like:

• Initial hardware cost and upkeep: Cloud computing eliminates the need for on-premise physical hardware. Since the server infrastructure is maintained by cloud providers, you can save on storage, server configuration, maintenance, and more.
• Scalability: Cloud computing’s greatest selling point is its ability to dynamically scale with platform needs. Pay-as-you-go business models mean your platform is only ever paying for as much server use as it directly needs. The cloud provider scales up and down what you pay for to match demand.
• IT freedom: Without servers to maintain, configure, and reconfigure, your team can focus on other priorities, like expanding and maintaining more robust platform security or growing your business in other ways.
• Security and recovery: Cloud providers have state-of-the-art security systems in place to prevent vulnerabilities on their end. They also include dedicated teams that automatically update to more secure versions when possible. Dynamic provisioning of resources also makes it easier to automate backups and revert to secure and stable versions in the event of a breach or other platform outage.

So, how does the multi-cloud differ?

When it comes down to it, the most significant addition is adaptability. Reliance on a single cloud solution, public or private, means a platform is tethered to the strengths and limitations of that cloud infrastructure. If that cloud provider operates differently by region or platform size or lacks specific customization, it might not meet your platform’s needs.

Locking a platform into just one provider also means it will be reliant upon that provider and will be subject to future updates and pricing changes. Multi-cloud takes advantage of market competition, allowing your team to more dynamically choose price points from different cloud providers.

For many platforms, this isn’t much of an issue. They may be content with using a single cloud solution, private or public, for their hosting needs. For others, though, multi-cloud solutions allow for more global operations and allow platforms to tailor their compliance strategies in different markets more specifically. Adaptability is customizability.

Downsides of the multi-cloud

Multi-cloud solutions aren’t all sunshine and rainbows, though. Each additional cloud environment compounds the amount of configuration work needed from developers (even with a strong infrastructure as code framework, this can take time). With complex migration and portability mechanisms, the setup or addition of a new cloud environment can take time, effort, and skilled labor while still introducing security risks, not to mention the difficulty of moving a platform from existing infrastructure to the cloud in the first place.

The challenge:

An enterprising platform, let’s name it Sub-Surface Informatics, chooses to expand into a new market. To operate in this new market, either their platform is subject to more strict regulations or they need to configure their platform differently for other reasons. SSI decides to use a different cloud environment and provider to host their platform in this new market.

Sub-Surface Informatics includes several microservices that need to be integrated into the platform for full functionality. These microservices are already operational in their other markets, using authentication tokens verified by a self-hosted secrets management solution. During setup, their DevOps team quickly realizes that this solution is being manually controlled and rotated by the team and that now, with an additional environment, the workload will double since authentication tokens will be needed for each environment.

DevOps then checks the development plans for the platform going forward and identifies an additional microservice soon to be implemented. The storage, communication, and rotation of these authentication tokens are rapidly getting out of hand. SSI chose cloud computing for its speed and versatility, but the logistics of managing their secret sprawl are preventing them from benefiting from that choice.

The solution:

Sub-Surface Informatics needs a secrets management solution that allows them to prevent the increase in secrets sprawl generated by multi-cloud environments with additional microservices. This way, they can take best advantage of their cloud infrastructure benefits.

This secrets management solution will need:

• Centralized, accessible storage: SSI wants to tame its growing sprawl with a secure, encrypted, centralized storage. This storage must be dynamically capable of injecting secrets securely wherever they are called, with customizable privacy controls according to the principle of least privilege.
• Integration with any cloud environment: Doppler injects secrets as environment variables, so it works for any language, framework, platform, and cloud provider.
• Dynamic rotation and revocation: Automate your platform’s rotation and revocation of secrets with Doppler’s automatic, platform-wide features. Doppler’s two-secret strategy prevents platform downtime during secrets rotation.
• Compliance features for more markets with stronger data protection regulations: Encryption, secrets rotation, and audit logs are all common features of strong data protection regulations.

If your platform or team is operating in multiple cloud environments or considering expanding to multi-cloud solutions, you need a robust secrets manager to support the transition. See how Doppler’s features might improve your team’s security posture with a free demo.