CASE STUDY

Running Software Solutions Securely under 3rd Party Infrastructure and Operations

Background

A high-tech company in the automotive industry would like to expand its activities to a new market, in which the regulations are very strict and where a local vendor is required to host and operate the software solution on behalf of the company. This is done to ensure only approved vendors process data and that no data leaves the country. However, it also gives a 3rd party (the local, hosting vendor) complete access to all the components of the company’s software, which includes highly sensitive intellectual property assets.

The Challenge:

The company’s main challenges were:

  • How to protect its intellectual property (IP) – in the form of code, scripts and algorithms – in an environment that it has no control over?
  • How can the company make sure that no one steals its intellectual property?
  • How can it protect data from breaches within the hosting vendor, or even from a potential malicious insider in that hosting vendor?
  • How can the company grow and expand to new markets, while keeping their key intellectual property, their “bread and butter”, secure?

Since the solution runs in an environment which is out of the company’s control, the following risks exist and require mitigation:

  • Malicious nodes and workloads may join the cluster, either through a deliberately acting insider, or a breach within the hosting vendor which is out of the company’s control. Such nodes will be able to process and retrieve data as well as reverse engineer the company’s solution (and steal the company’s intellectual property).
  • Solution elements may be attacked directly to either enter code into the environment or to get control of and access to data processed by these workloads
  • Network traffic can be tapped and data and IP that is running over standard http protocols can be gathered
  • Anyone with access to the environment – whether an insider or through a security misconfiguration – can read data and files in the system, which includes sensitive intellectual property and data.

The Solution:

To fully protect the high-tech company’s intellectual property and data, ARMO’s Zero-Trust security plane was deployed on top of the company’s solution, and was therefore installed with the solution in the 3rd party environment.  Since ARMO automatically protects workloads at runtime and data at-rest, in-transit and in-use, all the company IP was sent to the 3rd party environment encrypted – and is only available for the workloads provided by the company. This eliminates the possibility of any other party accessing it. It means that no one, including the hosting vendor, would be able to retrieve the data or obtain the company’s intellectual property (for example by reverse-engineering the code). In addition to this, all the traffic between the workloads is encrypted using mutual TLS, making sure no malicious node is able to communicate with the protected workloads.

Finally, the data that the workloads read/write to the local disk is encrypted. So even if someone steals the data, it’s useless – as only approved workloads can encrypt/decrypt the data.  

Key Elements of the ARMO Solution

1. The company attached ARMO’s micro-agent to its workloads, ensuring that only workloads that it approved can work in the cluster. ARMO’s agent protects the workloads, thus:

a. Eliminating the possibility of adding an untrusted node to the workload

b. Ensuring that no one can change the code or the workload, or add files processes to the workload

2. ARMO encryption keys were used to automatically encrypt Python scripts, configuration and data that is considered intellectual property before shipping it to the 3rd party environment, ensuring that:

a. Only trusted workloads can decrypt and run the Python scripts and access the sensitive data

b. The output of the script, algorithms output artifacts, is encrypted and protected at rest, in transit and in-use

c. The only workloads that can read the encrypted data and continue the processing are the trusted and authorized workloads

d. Keys are kept in the workload memory in a protected way that is virtually unbreakable

3. A Zero Trust micro-segmentation network policy was used to allow only trusted workloads to communicate with each other, and only over encrypted TLS tunnels. This ensures that even if someone was able to break the chain of trust and insert a malicious workload, they will not be able to create damage beyond the policy that was defined.

Using this strategy, the company was able to expand its business while keeping data and intellectual property intact.  It can develop code safely on its premises, and confidently ship it to the new market without worrying that someone will steal its intellectual property or access its data.

Architecture:

 


see more case studies