Today, CI/CD is becoming a practice for optimum software delivery in almost every organization. What is key is how you manage the secrets in your pipeline, especially in a large organization with multiple projects, across several teams.
Hashicorp Vault helps organizations to centrally manage secrets even in your CI/CD pipelines.
WEBINAR COVERS:
Why is it critical to secure your pipeline which needs to access a lot of important secrets in order to provision and deploy
How Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log
Customer use cases and scenarios
Demo: How to secure your CI pipeline with Vault
Watch on demand: https://bit.ly/35QCq0u
2. HashiCorp Overview
Leading Cloud Infrastructure
Automation
Founded
2012
Employees
1000
Funding
Round E
Our software stack enables the provisioning, securing,
connecting and running of apps and the infrastructure to
support them.
We unlock the cloud operating model for every business and
enable their digital transformation strategies to succeed.
$5.1B Valuation
3. 45Lowered
infrastructure
and storage costs
41Reported
greater customer
satisfaction
53Increased
operational
efficiencies
Of enterprise companies that have switched to cloud...
How are you unlocking business value with cloud?
Source: https://www.accenture.com/us-en/insight-cloud-business-benefits
Why Adopt Cloud?
4. CLOUD OPERATING MODEL
Private Cloud AWS Azure GCP
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
A control plane for every layer of the cloud operating model
5. Before multi-cloud
Provisioning infrastructure was easy...
● Datacenters had fixed sets of resources that lived
for long periods of time
● IT Ops was the central gatekeeper to procure,
validate, and provision infrastructure
But what happens when your apps and
infrastructure extend to multiple datacenters,
clouds, or all the above?
7. Cloud adoption is a secular trend
Digital experiences are now the
primary interface between a
customer and a business, or
business and business.
Experiences are typically device- and
cloud-first: rich, personal interface,
with large scale data processing and
intelligence.
This pattern demands a change in the
model for software delivery to meet
delivery goals, and transformation
objectives.
Digital transformation means pressure on application delivery
8. Accelerating Application Delivery
Facets of delivering applications
in a multi-cloud world
Volume and distribution of services
Ephemerality and immutability
Multiple target environments ?
App
App
9. THE SHIFT TO MULTI-CLOUD
Traditional datacenter
“Static”
Modern datacenter
“Dynamic”
Dedicated infrastructure Private cloud
SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT
Public multi-cloud
+
Developer agility improved but this creates new issues for Network, Security and Ops
Multi-cloud challenges around orchestration, provisioning and automation
Security perimeter is much harder to define (zero trust) and secrets are sprawled
How can services connect & communicate with each other?
10. Reimagining the stack
The implications of the Cloud Operating Model
Run
Development
Dedicated
Infrastructure
Scheduled across the fleet
Connect
Networking
Host-based
Static IP
Service-based
Dynamic IP
Secure
Security
High trust IP-
based
Low trust
Identity-based
Provision
Operations
Dedicated servers
Homogeneous
Capacity on-demand
Heterogeneous
STATIC DYNAMIC
11. The Cloud Landscape
In search of a common model across multi-cloud
environments
Run
Development
Connect
Networking
Secure
Security
Provision
Operations
DEDICATED
PRIVATE
CLOUD
vSphere
Hardware
IP:
Hardware
vCenter
vSphere
Various
Hardware
Identity:
AD/LDAP
Terraform
EKS / ECS
Lambda
CloudMap/
AppMesh
Identity:
AWS IAM
Cloud
Formation
AKS / ACS
Azure
Functions
Proprietary
Identity:
Azure AD
Resource
Manager
GKE Cloud
Functions
Proprietary
Identity:
GCP IAM
Cloud
Deployment
Manager
AWS AZURE GCP
13. $3.92 Million
(average cost of
a data breach in
2019)
U.S. is the most expensive
country with an average cost
of
USD $8.19M per breach
In the last 10 years, 20
companies have
experienced massive data
breaches of over $1M...
90% of those
companies now
use Vault
*2019 Ponemon Institute: Cost of a Data Breach
14. VAULT - Overview
Vault provides the foundation for cloud security that uses
trusted sources of identity to keep secrets and application
data secure in the cloud operating model
Secrets management to centrally store and protect
secrets across clouds and applications
Data encryption to keep application data secure
across environments and workloads
Advanced Data Protection to secure workloads and
data across traditional systems, clouds, and
infrastructure.
15. : Business Challenges
Reduced productivity.
Increased risk of breach.
Secrets sprawled across different systems, files, and repositories.
Inefficiencies with managing different systems to manage secrets,
HSMs, and cryptographic operations across an organization and
different teams
Increased risk of data exposure.
Multi-cloud creates a larger surface area to secure and encrypting
data across hybrid environments with HSMs is painful and hard to
use.
16. : Single Control Plane for Cloud Security
● Automate, control and secure
infrastructure and applications
through one API
● Unified support across
heterogeneous environments
● Integrate with providers and
technologies you’re already using as
well as those you plan to acquire
17. : How it works
Vault tightly controls access to
secrets and encryption keys by
authenticating against trusted
sources of identity such as Active
Directory, LDAP, Kubernetes,
CloudFoundry, and cloud
platforms.
Vault enables fine grained
authorization of which users and
applications are permitted access
to secrets and keys.
18. : Integrations
The HashiCorp Vault Integration
Program allows vendors to integrate
their products to work with Vault. Vault
has a relatively large surface area and
thereby a large set of possible
integrations some of which require the
vendor integration code, like other
integrations that result in the solution
working tightly with Vault.
Vendors integrating their solutions via
the Vault Integration Process provide
their customers a verified and seamless
user experience. The Vault Integration
Program currently only supports coding
with the Go programming language (run
time integrations).