This New Internet Security Tool Guards Goldman Sachs From Eavesdroppers


Goldman Sachs headquarters.

Goldman Sachs headquarters. Associated Press



When security researchers uncovered the Heartbleed bug, it underscored a big problem for companies that want to spread out on the internet without exposing their secrets: Even if they’re using common encryption techniques to secure their data, their sites may still be vulnerable to eavesdroppers.


But five months on, a San Francisco startup called CloudFlare is trying to solve this problem, offering a new kind of encryption tool.


Cloudflare has long offered what’s called a content distribution network, or CDN. Basically, this is what companies use when they want their web services to run quickly, across all parts of globe. Such services cache particularly popular webpages, photos, and videos on computer servers that sit as close as possible to the people accessing them. This kind of thing worked fine when nobody cared about security, but as more and more companies move to SSL—the secure sockets layer technology used to prevent miscreants from reading their web traffic, including, say, credit card transactions or private messages—the situation is getting a bit tricky.


Previously, if a company wanted to spread secure services to an outfit like CloudFlare, they’d have to trust it with their SSL encryption keys. But certain security conscious organizations—banks and government agencies, for example—really don’t want to do that. “There is a certain class of customers that’s using us that has certain secrets they can’t even trust us with,” says Matthew Prince, CloudFlare’s CEO.


Matthew Prince, CloudFlare's CEO.

Matthew Prince, CloudFlare’s CEO. Ariel Zambelich / WIRED



So Prince and company have spent the past two years developing software that gives them another option. It’s called Keyless SSL. And it gives companies like Goldman Sachs, the big-name New York bank, a way to use Cloudflare while retaining control of their SSL keys.


With keyless SSL, Cloudlfare still does most of the heavy lifting, but it offloads part of the SSL process to the customer, who retains control of the master SSL keys. That gives companies a secure way to move more and more of their services out into data centers that are close to their customers—to the edges of the internet. “More and more of the things that you think of as sitting in your locked-in data centers are going to move out to the end-point,” says Donald Duet, the co-head of Goldman Sachs’ technology division. His company is using Keyless SSL as it starts to migrate some of its services to CloudFlare.


The service is available as of today to CloudFlare’s enterprise customers. They pay at least $5,000 a month to use the company’s CDN and online atttack-thwarting services. But Prince wants to eventually make it available to all CloudFlare customers.


It’s part of CloudFlare’s wider efforts to make SSL more affordable to everyone. That’s a good thing. SSL lets you be sure that you’re connecting to the website you want and keeps your browsing history away from prying eyes. Google says that it’s starting to give preference in its search rankings to sites that use SSL. Next month, CloudFlare plans to enable SSL—though not Keyless SSL—for all of its customers. “We’re trying to build a globally scaled trustworthy computing platform,” Prince says.



No comments:

Post a Comment