The pain is especially acute, Holmes said, for a customer that wants to spread the same service across different clouds (which is a sensible resilience strategy).
“Customers want to spin up the same service on different clouds, but at the same time, they want to encrypt everything”, he said.
That's not as easy as it sounds, for example, for a user running SSL/TLS-based encryption: “The certificates are bound to host names, but [the user] wants to move the service between different clouds.
“If you have something that roams around, the hostname has to roam around with it instantaneously, and in such a way that you don't lose any traffic.
“And the certificates have to move around with them.”