Rethink / Cyber / Akeyless: finally, an alternative to HashiCorp Vault

Akeyless: finally, an alternative to HashiCorp Vault

Liran Grinberg April 29, 2021
Akeyless finally an alternative01

Earlier this year, we published our Cybersecurity Brief for 2021, where we predicted that cloud security, the perimeterless world and consolidation would be among the leading cybersecurity themes in the next few years. It should be no surprise that we have followed this up with an investment into Akeyless, a ground-breaking cybersecurity company that provides both secrets management and zero-trust access products in a SaaS model.

Anyone who works in the cloud knows how vital secrets management is to their critical business processes. It refers to the ways that digital authentication credentials (secrets) can be stored, used, and authenticated. These secrets are the currency of the cloud: they allow things to happen. They include automatic, user-generated and database credentials and passwords, API and SSH keys, private data certificates and private encryption keys. These are heavily used between workloads as well as by privileged users, across DevOps and IT security platforms and teams.

Given their importance to business processes, it is critical to manage secrets in a highly secure and safe manner. Especially because secrets leak regularly: Ember in 2016, Uber in 2017, HBO in 2018 and a leading global bank in 2019.

A market dominated by one single provider is never optimal

What was previously solved by plain key management systems (KMS) or privileged access management (PAM) solutions has become much more challenging given the scale and ephemeral nature of the new cloud-native distributed infrastructure, which requires a new approach to managing privileged access for machines and humans.

Until now, one player has dominated the secrets management space, an open-source project called HashiCorp Vault. But it is cumbersome, expensive and requires extensive expertise and knowledge to reach enterprise production grade. We saw that there is a critical opportunity to make secrets management better by speeding up time to production, lowering costs and enhancing the user experience.

This is where Akeyless comes in. What attracted us was that it can deliver secrets management as a service, making it frictionless and easy to consume. Clients can onboard Akeyless in minutes, compared with the weeks of DevOps time it can take for HashiCorp Vault. And it’s highly secure.

Advanced cryptography enables a secure SaaS offering

Akeyless provides an innovative Secrets Orchestration Platform that successfully unifies several related use cases via a single solution. It offers secrets management, zero-trust access (PAM 2.0) and data protection (encryption, signing and KMS), based on Akeyless DFC™, the company’s unique virtual HSM FIPS-certified technology, ensuring that Akeyless itself is secure and trustworthy.

The platform leverages Distributed Fragments Cryptography™ (DFC), its proprietary, patent-pending IP, to provide a SaaS-based root-of-trust in a non-trusted distributed environment. This innovative zero-knowledge KMS performs cryptographic operations using fragments of encryption keys without ever combining them, ensuring that Akeyless or any third party cannot access a customer’s secrets and/or keys. As a result, this provides protection in relation to the CLOUD Act as well as any supply chain attacks.

We at Team8 are very familiar with such advanced cryptography technologies that enable the building of innovative and secure products in the cloud. PayPal recently acquired our portfolio company Curv which utilizes Multi-Party Computation (MPC) cryptography to protect digital assets, and Intel joined us in backing Duality, the world’s leader in homomorphic encryption.

Managing Secrets in Hybrid and Multi-Cloud Environments

Another improvement by Akeyless on the secrets management solutions offered by cloud companies themselves is that it can work with multiple cloud providers at the same time. It can also work with hybrid environments that need a single, unified solution for both on-premises and cloud secrets management. This multi-cloud capability allows Akeyless to scale with the increasing number of businesses putting their processes in the cloud.

Combining secrets management with zero trust

Akeyless has realized that most of the technology that it has built for its secrets management offering can be redeployed as a zero-trust access product. This allows companies to secure their infrastructure and applications by enabling a unified authentication and ephemeral just-in-time access permissions. It sounds technical and it is. But it is also crucial to the smooth and secure running of any business. The ability to offer both products to the same clients on top of the same platform is a real differentiator.

A unique team, positioned to build the market leader in secrets management

Akeyless is already making strides — it was recently recognized by Gartner as a key player in the realm of workload identities and it is trusted by enterprises in multiple sectors, including web-scale companies, pharmaceuticals, consumer goods, internet technology, adtech and gaming, with partners and customers such as OutbrainVenafiProgress/Chef and Cimpress.

We believe that the SaaS model, the unique security model, the hybrid and multi-cloud support, and the complementary products will allow Akeyless to grow rapidly. Adding to our confidence is the execution capabilities of the founders of the company. Shai Onn, Oded Hareven and Refael Angel (joined by Ori Mankali on the executive team) are phenomenal technologists and business builders. They have worked at Fortune 500 companies, built companies that have been acquired by leading technology vendors and have been awarded patents based on their research. They are a formidable trio.

Onn brings 30+ years’ experience as Founder and Chairman of FireGlass, which was sold to Symantec for $250 million; Israel Country Manager for CA Technologies; and EVP at Ness Technologies. Hareven, a veteran of the Israeli Defence Forces Cybersecurity elite unit, has held multiple product and project management positions, including as a Director of Product Management at Moovit, which was acquired by Intel for $900 million. Angel, a seasoned cryptographer, was previously a senior engineer at Intuit.

The digital transformation we see around the world, will only ever be as good as the cybersecurity that protects it. Akeyless is able to radically improve the global cybersecurity mosaic and become the leader in Secrets Management and Workload Identity and we are excited to be on this journey with them.

Originally appeared on Medium

Related Articles