In many specific cases, some applications and their data may require higher security measures and controls compared to what is generally available in a typical hosting environment.
In those cases, and when the requirements are high enough, a secure enclave should be established.
A secure enclave is a system that provides the necessary elements to guarantee a standard of quality of the security at every layer of the stack, from the hardware components to the application presentation layer.
Special consideration needs to be applied within the enclave to the lifecycle of secrets and cryptographic keys, the management of identities and authorisations as well as various external aspects, like compliance with well-known standards, establishment of trusted supply chains or management of any identified anomaly.
Any system with such complexity is usually too expensive to build internally, especially for a relatively low number of applications. Also, most secure enclave solutions available on the market are very limited and meant to protect only very specific portions of an application, and they usually require that this portion is ported to their proprietary system and linked to the rest of the application architecture by means of proprietary drivers and communication protocols.
The ARCA architecture is based on well-known security systems at each level of the stack, like Trusted Platform Modules, Hardware Security Modules, Secure Boot, Role Based Access Controls and Vaults that have been chained and made to work together in order to offer secure Container Orchestration and APIs to full and standard modern applications.
The orchestration system is Kubernetes, therefore any application using one of the supported container runtimes, like Docker, can be directly migrated to this system, which offers High Availability, Continuous Integration & Continuous Delivery, automatic scaling, load balancing and many other modern features out of the box.
The network communication between hardware nodes is automatically secured through the establishment of a secure communication Channel, with keys protected like everything else by a FIPS 140-2 Level 3 certified HSM, automatically and strongly protecting not only ARCA’s own network communications but also all exchanges between different application components.
The Vault for application use is offered through standard gRPC APIs, with multi-tenancy built-in to separate different applications.
CYSEC can also offer development assistance during the migration and even colocation or managed hosting in its private racks in a local datacenter. Thanks to the fact that CYSEC has been assigned its own Autonomous System and has built a solid network infrastructure foundation new locations can be easily integrated following customer’s requests.
“By partnering with KYOS, CYSEC joins a recognised network of trusted solutions. KYOS team is highly appreciated for its cybersecurity expertise in the Leman lake area in the high-end industry in general as well as finance industry in particular. The association of both partners sounds compelling as it will fasten the adoption of ARCA in the area !” — Patrick Trinkler, CYSEC CEO