Hush Security today emerged from stealth to provide an alternative approach to protecting application secrets using a platform that is designed to continuously discover them and then apply access controls based on policies defined by an IT team.
Fresh off raising $11 million in funding, company CEO Micha Rave said the Hush Security platform eliminates the need to rely on legacy vaults and secrets managers that were not designed to meet the requirements of modern application environments based on microservices that need to dynamically access secrets.
Rather than incur the latency overhead created by accessing secrets stored in a vault, Rave said the Hush Security platform is instead able to enforce access controls at runtime using the open source Secure Production Identity Framework For Everyone (SPIFFE) identity control plane now being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).
The SPIFFE framework itself, however, is challenging for DevOps teams to implement, so Hush Security has opted for an approach that embeds it in a platform that dynamically manages access to applications, noted Rave.
That capability will be especially critical in an artificial intelligence (AI) era that will soon lead to the deployment of thousands of AI agents that will need a low-latency method to access secrets to access data and services that also ensure least privilege access policies based on identity are enforced on a just-in-time basis, he added.
Just as importantly, the Hush Security platform, as a result, eliminates the need for credentials, which, when stolen, are now the primary vector that cybercriminals use to steal data and compromise the security of application environments, noted Rave.
At the core of the Hush Security platform is an ability to continuously discover and map every workload, service, and AI agent from code to runtime, said Rave. Armed with those insights, the platform can then detect, assess, and prioritize risks and compliance issues based on runtime behavior, the criticality of an issue, and the potential blast radius, he added.
The company is also now offering a free assessment to detect secrets, including application programming interface (API) keys, credentials, and service accounts in code and identify their owners. Once mapped, organizations will then have the option of mitigating them to the Hush Security platform with a single click to reduce secret sprawl.
In effect, Hush Security is improving application security by subtraction by eliminating the need to store secrets, which all too often are easily discovered as plain text by cybercriminals that have been inadvertently left exposed after an application has been deployed in a production environment.
It’s not clear to what degree any effort to eliminate secrets will be led by DevSecOps teams or cybersecurity teams that no longer want to manage credentials after an application is deployed. The one certain thing is that, given the number of cybersecurity incidents that are caused by stolen credentials, just about everyone involved is going to be open to considering an alternative approach to securing access to applications.
