As various forms of distributed computing, such as cloud computing, have come to dominate the computing landscape, security has become a bottleneck issue that currently prevents the complete migration of various capabilities and systems associated with sensitive data, such as financial data, to cloud-based computing environments, and/or other distributive computing models. This is because many owners and operators of data centers that provide access to data and other resources are extremely hesitant to allow their data and resources to be accessed, processed, and/or otherwise used, by virtual assets, such as virtual machine and server instances in the cloud.
One mechanism historically used to control access to the data and other resources is the use/application of secrets such as, but not limited to, passwords, encryption keys, and digital certificates, to control and authenticate entities desiring to access various types of data and resources.
There is little doubt the use of secrets is an effective method for ensuring that data and other resources are only accessible by an authorized entity. However, the management and selective application of secrets in a timely manner is a complicated and time consuming task with significant latencies occurring as the secrets data is obtained from secrets distribution systems, often existing in a computing environment, such as a data center, that is remote and distinct from the computing environment, such as a cloud, where the virtual assets needing the secrets exist, and where the secrets are typically used/applied. This is particularly problematic given that, currently, secrets management and processing is largely a manual process.
What is needed is a method and system to manage secrets data, and the data and objects acted on, or associated with, the secrets data, that is highly automated, minimizes latencies, and can operate in multiple environments, without compromising the secrets, the resources accessed using the secrets, and/or any data or objects associated with the secrets.
What is also needed is a method and system to determine that a virtual asset is eligible to receive one or more secrets, then determine the secrets, or secret classes, legitimately needed by that particular virtual asset, then collect the secrets determined to be legitimately needed by the particular virtual asset, and then provide the virtual asset access to only these secrets.