Hybrid Cloud deployments allow businesses to leverage the benefits of both on-premise and externally hosted clouds in order to provide optimal application delivery to their users. In considering application deployment across a hybrid cloud, solution architects need to consider the many challenges posed by a hybrid application environment. One such challenge is the ability to comply with security policies in a consistent and measurable manner.
Application Key management poses a major headache in this regard, as the application keys need to be available across all cloud platforms in use. The simple solution to this challenge is to have a copy of the application private key in each cloud instance. However, this raises further issues – specifically in heavily regulated sectors. Customers in sectors such as government and financial services often store keys on hardware security modules (HSM), and there may be reluctance or even a prohibition on storing keys with a third party.
In these cases, a networked approach to key storage can easily address the challenges outlined. A networked HSM can be securely hosted on-premise and provide private key operations to any authenticated application over the network. The private keys never leave the HSM and the application or load balancer using the networked HSM can be deployed in any location, including on-premise and external clouds. Having the keys secured on-premise makes it easier to consistently apply policies and greatly simplifies compliance with policies and regulations.
So, when facing the challenge of key management in a hybrid or even a public cloud, consider how networked key storage could solve your problems.