Security
2 minute read
Trustgrid’s mission is to replace aging Edge connectivity solutions with innovative, software-defined solutions that integrate security and compliance in a way impossible for legacy solutions while improving efficiency in deployment and life-cycle management.
Authentication
Pre-shared keys (PSK) are the most common method for authenticated connectivity and present a significant risk when implemented poorly. Certificate-based authentication is difficult and requires advanced skill sets. Trustgrid is the ‘root of trust’ in a Public Key Infrastructure (PKI) built by our security experts to enable automated certificate management across Trustgrid networks. All devices enroll in the PKI are managed centrally from Trustgrid’s cloud infrastructure. Certificates are issued per device and are used to authenticate, and for encryption of all traffic.
Authorization
Central to the security of the Trustgrid network is an authorization model derived from Google’s Beyond Corp (aka Zero Trust from Forrester) initiative. This places an implicit deny on all traffic that cannot be configured to allow all traffic. Many breaches have been caused by allowing all traffic to overcome the burden of proper security configuration.
Trustgrid uses a token to authorize communication between Trustgrid nodes.
Encryption
TLS Encryption
All data on between Trustgrid nodes for both control and data plane is encrypted using TLS Mutual Authentication. The Internet Engineering Task Force (IETF) recommends TLS as the replacement to IPSec VPN. The TLS tunnels use the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher.
UDP Data Plane Encryption
Trustgrid nodes with UDP enabled use ChaCha20-Poly1305 for encryption. The encryption keys are securely generated on the server and shared with the client of the existing TLS tunnel to the client. The keys are rotated automatically every 5 minutes.
Automated Management
Trustgrid offers tools for automating software updates at scale. A significant difficulty in securing traditional VPNs is the application of patches and updates to hardware appliances. Many vendors own and maintain hundreds or thousands of these devices and are simply unable to efficiently patch them. This leaves significant security vulnerabilities unaddressed in customer and vendor data centers.
Private Data Routing
Trustgrid enables private data connections routed on infrastructure owned by each vendor, not through centralized, multi-tenant gateways that touch hundreds of vendors’ connections concurrently.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.