Cloud Act Risk Reduction on Public Cloud
TrustNest Platform improves its security by providing new ways to secure your workloads. By adding additional controls, you also reduce the residual risk of Cloud Act.
By default, all the TrustNest services come with a security baseline that includes the 0-Trust principle. For a given environment, you can ask for additional addons to improve the baseline:
- Corporate Add-on: controls the workstations accessing to environments and verifies they are sufficiently mastered by the Thales Group. It reduces the risk of data leakage (coming from laptop theft or malware)
- Confidential Add-on: implements Bring-Your-Own Thales Key Management Service and own Keys. It reduces the risk of “Cloud-Act”.
How does the Confidential Add-on work?
Ciphertrust Manager is a shared portal to create your keys and push them into your own keyvault. Ciphertrust Manager is developed by Thales CPL, hosted and operated by Thales Digital Factory. With the confidential addon, you will have access to a dedicated workspace (domain Customer A, domain Customer B etc…). We recommend to have a workspace per TDFaccountID.
Known Limitations
- Confidential addon is not yet supported on Managed Services such as Kubernetes and Databases. Only Infrastructure Landing Zones support this feature.
- Pricing Model is on quotation for now
FAQ
Could I combine corporate and confidential add-on?
Yes, a landing zone can have both corporate and confidential addon. The environment will have Thales Key encryption managed by CipherTrust AND a control on endpoints. Note: for this use case, the access to Ciphertrust will require all the corporate requirements (ZPA rule for TNAP to access to Thales private IP & resolution name)