CloudFlare Unveils Keyless SSL for Security in the Cloud

Up until now, banking Web sites and other high-security online services looking to prevent hacking attacks have had to make sure their in-house IT infrastructure was up to the task. But CloudFlare, which provides speeded-up access to Web sites through the cloud, has come out with an alternative solution: Keyless SSL that keeps sites secure without the need for organizations to share their private SSL keys with third-party service providers.

"Private clouds are an oxymoron," CloudFlare CEO Matthew Prince said in a blog post on his company's site Thursday. With Keyless SSL, however, he said organizations can take advantage of the cloud's flexibility "without having to turn over their most guarded secrets: their private SSL keys."

SSL keys are cryptographic keys used to authenticate the identity of someone communicating with another party online. They enable data exchanged between the parties to be encrypted before sending and decrypted upon receipt so communications can be handled securely. Because they don't want to share their private SSL keys with third parties, privacy-minded businesses like banks have had to provide this level of security using their own in-house hardware and software. This makes it harder to scale up network services in times of high demand, something that cloud-based services are designed to do.

In Private Beta for Six Months

We reached out to Prince to learn more about the new Keyless SSL offering.

"We've had the technology in private beta for six months now," Prince told us by e-mail. "Most (of) the organizations using it are large financial institutions who have asked us not to disclose their identity. However, Goldman Sachs has allowed us to reveal that they worked with us on developing the technology and are one of our beta users."

He added: "Keyless SSL is designed to allow companies that had previously needed to...

Comments are closed.