CryptoMove's Tholos Key Vault to Secure Cloud Native Development

Tholos is the first API and SSH secrets management key vault to provide enterprise-grade scalability, reliability and a modern user interface—reinforced by moving target defense, an innovative security model that decreases risk by increasing entropy and randomness.

"Modern enterprises that embrace digital transformation are propagating an unmanageable proliferation of keys and secrets that can slow development cycles—or lead to catastrophic data breaches," said Mike Burshteyn, CEO, CryptoMove. "Hardware-based solutions are too cumbersome for hyperscale computing and existing open source solutions introduce their own complexity, but Tholos is purpose-built to seamlessly integrate secrets management into DevOps, enabling a 'shift left' approach to application security."

Digital transformation trends, such as cloud-native environments, multi-cloud infrastructure, containerization, microservices and the Internet of things (IoT) are generating an overwhelming collection of API keys, SSH keys, authentication tokens, certificates and other secrets. However, agile development and lean startup philosophies encourage a fast and easy approach to DevOps, which may result in these secrets being shared—in plain text—over Email, Slack and even GitHub.

Research from GitHub indicates millions of access tokens, account credentials and SSH keys have been left exposed on public repositories. This relaxed attitude toward application security has a clear enterprise risk, as there has been an increasing frequency of major data breaches due to improperly stored cloud keys.

Legacy key management solutions, such as hardware security modules (HSM), are primarily focused on encryption keys instead of API keys, making them ill-suited for DevOps processes. HSM solutions are also devoid of cloud-native capabilities, leaving them unable to support multi-cloud, containerization and microservices. A new wave of open source secrets management solutions have emerged to address some of these challenges, but they introduce their own management complexity and still lack the ability to scale.

CryptoMove Tholos Key Vault is the first cloud-native secrets management key vault to deliver enterprise-grade scalability, reliability and a modern UI/UX, enabling organizations to securely accelerate cloud and containerization development projects. Tholos is delivered as a cloud service, which requires no installation or deployment—account creation takes less than two minutes. Tholos is also available for private cloud deployments. CryptoMove provides high availability through data replication to ensure fault tolerance and disaster recovery.

"With modern devops workflows for cloud and container/services based infrastructure, secrets management becomes a really hard problem at scale," said Tom Pageler, CISO, BitGo. "CryptoMove's Tholos Key Vault is bringing a highly differentiated approach in this area that adds value to both developers and security teams."

CryptoMove use cases have already been developed by the Department of Homeland Security (DHS) via its Silicon Valley Innovation Program and the National Institute of Standards and Technology (NIST) via its Global Smart City Challenge Initiative. Private beta users already include Fortune 500 financial services, healthcare services and entertainment companies. Amazon selected CryptoMove to participate as one of ten startups at Startup Central during AWS re:Invent 2018.