Securing Your CI Pipeline with HashiCorp Vault - P2
Download as PPTX, PDF0 likes147 views
HashiCorp, founded in 2012, offers a cloud infrastructure automation platform valued at $5.1 billion, driving digital transformation by enabling businesses to efficiently provision, secure, and manage applications across multi-cloud environments. Their product, Vault, serves as a foundational cloud security solution for secrets management and data protection, addressing challenges such as increased risk of data breaches and inefficiencies in managing secrets across diverse systems. The document outlines the shift to a multi-cloud model and the need for unified security and operational controls in modern business environments.
Securing Your CI Pipeline with HashiCorp Vault - P2
- 1. Copyright © 2020 HashiCorp HashiCorp Vault David Wright Technical Channel and Alliances APJ
- 2. HashiCorp Overview Leading Cloud Infrastructure Automation Founded 2012 Employees 1000 Funding Round E Our software stack enables the provisioning, securing, connecting and running of apps and the infrastructure to support them. We unlock the cloud operating model for every business and enable their digital transformation strategies to succeed. $5.1B Valuation
- 3. 45Lowered infrastructure and storage costs 41Reported greater customer satisfaction 53Increased operational efficiencies Of enterprise companies that have switched to cloud... How are you unlocking business value with cloud? Source: https://www.accenture.com/us-en/insight-cloud-business-benefits Why Adopt Cloud?
- 4. CLOUD OPERATING MODEL Private Cloud AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development A control plane for every layer of the cloud operating model
- 5. Before multi-cloud Provisioning infrastructure was easy... ● Datacenters had fixed sets of resources that lived for long periods of time ● IT Ops was the central gatekeeper to procure, validate, and provision infrastructure But what happens when your apps and infrastructure extend to multiple datacenters, clouds, or all the above?
- 6. CLOUD OPERATING MODEL The effects of digital transformation
- 7. Cloud adoption is a secular trend Digital experiences are now the primary interface between a customer and a business, or business and business. Experiences are typically device- and cloud-first: rich, personal interface, with large scale data processing and intelligence. This pattern demands a change in the model for software delivery to meet delivery goals, and transformation objectives. Digital transformation means pressure on application delivery
- 8. Accelerating Application Delivery Facets of delivering applications in a multi-cloud world Volume and distribution of services Ephemerality and immutability Multiple target environments ? App App
- 9. THE SHIFT TO MULTI-CLOUD Traditional datacenter “Static” Modern datacenter “Dynamic” Dedicated infrastructure Private cloud SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT Public multi-cloud + Developer agility improved but this creates new issues for Network, Security and Ops Multi-cloud challenges around orchestration, provisioning and automation Security perimeter is much harder to define (zero trust) and secrets are sprawled How can services connect & communicate with each other?
- 10. Reimagining the stack The implications of the Cloud Operating Model Run Development Dedicated Infrastructure Scheduled across the fleet Connect Networking Host-based Static IP Service-based Dynamic IP Secure Security High trust IP- based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
- 11. The Cloud Landscape In search of a common model across multi-cloud environments Run Development Connect Networking Secure Security Provision Operations DEDICATED PRIVATE CLOUD vSphere Hardware IP: Hardware vCenter vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudMap/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager AWS AZURE GCP
- 12. VAULT
- 13. $3.92 Million (average cost of a data breach in 2019) U.S. is the most expensive country with an average cost of USD $8.19M per breach In the last 10 years, 20 companies have experienced massive data breaches of over $1M... 90% of those companies now use Vault *2019 Ponemon Institute: Cost of a Data Breach
- 14. VAULT - Overview Vault provides the foundation for cloud security that uses trusted sources of identity to keep secrets and application data secure in the cloud operating model Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure.
- 15. : Business Challenges Reduced productivity. Increased risk of breach. Secrets sprawled across different systems, files, and repositories. Inefficiencies with managing different systems to manage secrets, HSMs, and cryptographic operations across an organization and different teams Increased risk of data exposure. Multi-cloud creates a larger surface area to secure and encrypting data across hybrid environments with HSMs is painful and hard to use.
- 16. : Single Control Plane for Cloud Security ● Automate, control and secure infrastructure and applications through one API ● Unified support across heterogeneous environments ● Integrate with providers and technologies you’re already using as well as those you plan to acquire
- 17. : How it works Vault tightly controls access to secrets and encryption keys by authenticating against trusted sources of identity such as Active Directory, LDAP, Kubernetes, CloudFoundry, and cloud platforms. Vault enables fine grained authorization of which users and applications are permitted access to secrets and keys.
- 18. : Integrations The HashiCorp Vault Integration Program allows vendors to integrate their products to work with Vault. Vault has a relatively large surface area and thereby a large set of possible integrations some of which require the vendor integration code, like other integrations that result in the solution working tightly with Vault. Vendors integrating their solutions via the Vault Integration Process provide their customers a verified and seamless user experience. The Vault Integration Program currently only supports coding with the Go programming language (run time integrations).