SaaS Shield Configuration Broker
The IronCore Configuration Broker is an IronCore-hosted web app which is the connection point between SaaS providers (vendors) and their customers (tenants). Vendors and tenants both login into the Configuration Broker to create the configurations necessary to implement CMK.
Vendors use the Configuration Broker to generate Docker environment variables for use by the Tenant Security Proxy (TSP). These configurations contain a cryptographic key that has the authority to decrypt a tenant's KMS configuration as well as a number of other vendor-specific environment variables necessary for successful startup of the TSP.
Multiple environment configurations can be created to support a distributed network of TSP Docker containers. The recommendation is that every distinct pod with a running pool of TSP containers has its own environment configuration. With this approach, vendor administrators can revoke the keys used by an individual pod from the Configuration Broker if that pod's configuration is compromised, without affecting other pods.
The Docker environment configurations produced by the Configuration Broker are all generated within the user's browser and encrypted there so that neither IronCore nor the vendor's admins will ever see any of the configurations generated within this app.
Administrators for the vendor are responsible for onboarding their tenants using the Configuration Broker. When adding a tenant, the vendor admin must provide the unique ID that identifies the tenant within the vendor's application. This ID will be associated with all of the tenant's KMS configurations. Often, this ID will be the tenant's primary ID in the
customerstable of your database. This ID will be required by all SDK methods in the Tenant Security Client.
Another step in tenant provisioning is inviting an administrator of the tenant to sign up. The vendor admin enters an email address as part of the tenant information, and the Configuration Broker generates and sends the invitation via email.
When the tenant admin receives this email, they can simply click on the included link to be directed to the Configuration Broker, where they enter additional information about the tenant and complete their sign-up. Once they are logged into the Configuration Broker, they can enter their configuration information.
When a tenant administrator logs into the Configuration Broker, their main task is to generate a configuration that describes how to access their KMS instance. This configuration varies based on which cloud provider hosts their KMS. The information that is gathered is everything necessary for the TSP to contact their KMS and use it to wrap and unwrap encryption keys. After the configuration information is entered, it is encrypted immediately within the browser before being saved. Neither IronCore nor the vendor's admins will ever see any unencrypted configurations entered by tenant admins. As mentioned above, only the TSP has the ability to decrypt these KMS configurations.
Tenant admins are also able to enter configuration that allows the TSP to send security events to the tenant's logging and Security Information and Event Management (SIEM) system. The tenant may already be directing logs from their KMS into their SIEM, but enhanced event details and other events are provided when direct logging is configured. In addition to richer audit trails, configuring a logging destination allows the tenant to enable key leasing. The information that is gathered includes everything necessary for the TSP's companion LogDriver to write logs to the tenant's TSP. Like the KMS configuration, the logging configuration is encrypted in the browser before it is saved, protecting it from access by IronCore or the vendor.
In order to gain access to the Configuration Broker, please request a demo.