Providing the Full Spectrum of Web3 Hosting Options—with Security Features to Match

As the market leading web3 infrastructure provider for Enterprises, Kaleido has launched projects across numerous industry verticals, all of which come with their own requirements related to governance and security. In response to these evolving needs, Kaleido has enhanced its capacity to provide dependable web3 infrastructure tailored to meet the specific tenancy and security requirements of customers.

Hosting Options

The ability to deliver consistent and reliable web3 infrastructure across cloud providers and with varying deployment models is paramount to the architecture of Kaleido’s offering. With that, Kaleido offers a full spectrum of hosting options including, Kaleido-Hosted, Dedicated Cloud, and Self-Hosted.

These hosting options can be enabled for both core blockchain network components running on the Blockchain-as-a-Service platform and the middleware components contained in the Kaleido Asset Platform.

• Kaleido-hosted infrastructure provides a viable path to value for start ups, smaller enterprises, and proof of concept projects which do not explicitly call for dedicated compute and cloud account-level isolation. Customers leveraging Kaleido-hosted infrastructure get to take advantage of Kaleido’s unique ability to manage and scale web3 resources on your behalf all while having the peace of mind made available by our advanced security features and SOC 2 Type 2 and ISO 27k compliant platform. Customers within this environment are isolated from each other via Kubernetes namespaces which afford a strong level of tenant isolation to the solution.

For customers with more advanced security or performance requirements, including those working in highly regulated industries, Kaleido supports more sophisticated deployment options which include:

• Dedicated customer cloud accounts provide a heightened level of isolation beyond that provided by our multi-tenant service. This model solves for the noisy neighbor problem, enabling higher levels of throughput and enhanced network controls by defining specific quality of services to dedicated Kubernetes node groups. In this model, account creation and hosting is still handled by Kaleido but account ownership can be shared and additional levels of access can be granted to customers as desired for the management of various runtimes, including OAuth servers, monitoring stack and more.
• Software deployments into self-hosted environments offer a unique value proposition for organizations with the most sophisticated governance restrictions. This offering leverages Kaleido’s powerful suite of operators and deployment tools to run the core components of Kaleido’s platform in a customer’s own cloud or on-premises.

In summary, Kaleido boasts a robust suite of operators and deployment tools designed to meet customers' needs at each phase of their web3 journey.  

Security Options

In addition to the broad spectrum of hosting options, there are a number of security-oriented services intended to address requirements around business continuity, the security of sensitive data in your stack, and the security of your digital assets. Services include configurable remote key storage, node backups, pluggable custody solutions, and role based controls in your Kaleido stack. These services are extremely useful for organizations looking to ensure the compliance of their web3 stack.

Access Policies

Role-based Access Control is a crucial component of any modern tech stack as it restricts access to specific resources and functionality for specific authorized user types, minimizing security risks and maintaining data integrity.

The Kaleido platform integrates with existing OIDC-compliant identity management systems and user policies and further extends upon them in the Web3 space with capabilities such as unique-to-market Blockchain Application Firewall and a granular policy engine.

There are extensive configuration options supported to restrict access to relevant blockchain resources, either associated with specific users, API credentials or even wallet addresses. Amongst the multitude of access configuration options are read / write access to the chain, the ability to deploy smart contracts, the ability to query historical chain data and much more.

Remote Key Storage

The storage of key material is always top of mind for web3 builders. At a high level, we can think about the utility of keys in two buckets: the encryption of runtimes and the remote signing of transactions.

Encryption of Runtime Materials

Kaleido facilitates seamless integrations with key management services from AWS, HashiCorp, and Azure. This empowers customers to encrypt the contents of their stack using key(s) stored within their own cloud account(s), thereby adding an extra layer of security that remains under their complete infrastructure control.

Remote Transaction Signing

Kaleido supports integrations with AWS, Hashicorp, and Azure-based CloudHSM modules which enable customers to retain control over the private key materials associated with their end users and organizational wallet accounts.

In both of these cases, builders on Kaleido are empowered to take ownership of the web3 components of their stack while still leveraging Kaleido’s specialized services to get to value quickly.

Node Backups

Another common question when exploring blockchain infrastructure vendors is the degree of vendor lock-in associated with using blockchain resources as a service.

To address this concern, Kaleido offers node backup configurations that support AWS and Azure storage destinations of your preference, with the option to back up up to 4 times per day. This feature allows the secure porting of chain data, including node runtimes within your network, to an external location at any time even if it is off Kaleido. As a result, worries related to vendor lock-in and potential data loss are effectively mitigated.

Custody Solutions

Apart from the aforementioned cloud services, Kaleido provides a number of custody solutions for digital assets, including:

• Kaleido Hosted wallets - leverage Kaleido’s hierarchical deterministic (HD) wallets service to easily deploy a secure and efficient asset management approach. HD wallets utilize a single seed phrase to generate over 2 billion unique addresses, each with its own distinct and untraceable private key. These keys can be separated into different wallets across your organization to prevent key reuse and duplicated signing, minimizing the risk of fraud and simplifying the management of multiple wallets.

• 3rd party integrations - recognizing that many corporations may already have existing custody solutions, whether from third-party providers or custom internal setups, Kaleido supports 3rd party integrations with services like Fireblocks, Hashicorp Vault, AWS CloudHSM, AWS Key Management Service, Azure Key Vault, and more. These integrations offer access to multi-party computation (MPC) wallets and other innovative custody technologies.

• Custom keystore solutions- Kaleido offers pluggable support for any PKCS #11 HSM module, enabling pluggability with custom key storage and signing modules as needed while still leveraging the core benefits of the Kaleido stack to facilitate transacting, event consumption and indexing.

The Power of Web3—with Enterprise-Grade Security and Governance

Robust governance and security options for new web3 infrastructure is mandatory for enterprises to truly adopt web3. Kaleido’s platform provides the modern enterprise with a full suite of tools to meet or exceed information security requirements, while retaining the flexibility and transformative power of the web3 infrastructure that it supports.

This is certainly not a comprehensive list of security features, so if this article has prompted any questions about aforementioned features or others that may have not been mentioned, we’d love to talk to you. Reach out to us today to schedule a quick chat with one of our specialists.