SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
HashiCorp extends identity-based security portfolio for dynamic cloud
Fri, 23rd Jun 2023

HashiCorp, a specialist in multi-cloud infrastructure automation software, has announced new products and solutions to expand HashiCorp's identity-based security portfolio.

These include a new addition for privileged access management (PAM), HashiCorp Boundary Enterprise, and a simplified secrets management SaaS offering, HashiCorp Cloud Platform (HCP) Vault Secrets. These offerings expand HashiCorps approach to identity-based security for dynamic cloud environments.

According to the HashiCorp 2023 State of Cloud Strategy Survey, conducted by Forrester Consulting, as organisations transition to a cloud operating model, two of the three highest-ranking security initiatives are secrets management and access control/session management. The offerings announced are a key part of HashiCorps identity-based, multi-cloud approach to security.

Armon Dadgar, Co-founder and CTO of HashiCorp, says, "The new Boundary Enterprise and HCP Vault Secrets offerings address critical multi-cloud security challenges. We are working closely with customers as they transition to the cloud and helping them succeed faster by adopting identity-based security, a critical piece of a cloud operating model."

Modern privileged access management with HashiCorp Boundary

As organisations move to the cloud, traditional privileged access management approaches that rely on managing SSH keys and VPNs to manually access applications and systems become cumbersome and can expose the private network, the company states.

HashiCorp's approach improves upon legacy PAM tools that require highly manual configuration and rely on IP-based security. HashiCorp Boundary integrates identity-driven controls to enable secure user access across dynamic environments without exposing the network to users.

Andrew Vezina, CISO and VP at EQ Bank, comments, "HashiCorp Boundary has made it possible to operationalise our zero trust access strategy and improve our privileged access management. With its powerful capabilities and least-privileged access model, HashiCorp Boundary has helped us eliminate manual, time-consuming privilege access management tasks and elevated our security posture to mitigate evolving threats."

The announcements extend the current offering of HCP Boundary and include:

  • HashiCorp Boundary Enterprise: a self-managed commercial offering of HashiCorp Boundary for secure remote user access. Boundary Enterprise leverages just-in-time credentials to deliver a simple and flexible way to access cloud infrastructure and provides least-privileged access to users with single sign-on access using existing cloud service providers. Boundary Enterprise is now generally available and complements our existing HCP Boundary and Boundary OSS offerings.
  • Session recording: a capability that lets organisations track user and application actions when accessing critical systems so they can gain valuable insights into user behaviour and maintain an auditable record of all activities. These capabilities enable organisations to further bolster their security posture and enhance overall compliance. Session recording is now generally available in HCP Boundary and Boundary Enterprise.

Simplified secrets management with HashiCorp Vault

Organisations that leverage multiple secrets management tools may increase their risk of a breach due to secret sprawl across different systems, files, and repositories, the company states.

HashiCorp Vault is the de facto standard for automating access to secrets and sensitive data. It uses trusted identities to broker connections between applications and users.

The new offerings include:

  • HCP Vault Secrets: a new SaaS offering for identity-based secrets management designed for organisations that want to quickly get started managing their secrets with minimal overhead and cost. With HCP Vault Secrets and secret syncing, organisations can centrally manage secrets while allowing developers to use their cloud-native development workflows. Teams can get started for free in a matter of minutes with extensive secrets management capabilities, benefit from simplified workflows, and reduce operational burden via the HashiCorp Cloud Platform. Now in beta, HCP Vault Secrets joins the already available HCP Vault, a managed, single-tenant offering, and HashiCorp Vault Enterprise, a self-managed offering.
  • Vault Secrets Operator for Kubernetes: a new capability enabling users to natively sync secrets from Vault to Kubernetes clusters. The Vault Secrets Operator improves Vault and Kubernetes integration by implementing a first-class Kubernetes operator and a set of custom resource definitions (CRDs) responsible for synchronising Vault secrets to Kubernetes secrets natively. This enables automated rotation of secrets without service disruption using Kubernetes rolling updates. Vault Secrets Operator for Kubernetes is now generally available for HCP Vault and Vault Enterprise.