SAN FRANCISCO — October 14, 2020 — HashiCorp, the leader in multi-cloud infrastructure automation software, today announced at HashiConf Digital, new identity-based security and access offerings, to help enterprises solve modern security challenges as they transition to dynamic multi-cloud infrastructure.
The first announcement was the private beta of HashiCorp Vault™ on the HashiCorp Cloud Platform (HCP), providing its industry-leading secrets management product as a managed service. The company also announced HashiCorp Boundary, a new open source, identity-based secure access management project, which allows users to remotely access systems regardless of location based on user identity. Alongside these announcements, HashiCorp Consul®, its widely adopted service networking and service mesh product, is now in public beta on the HCP.
The HashiCorp approach enables a zero trust model across the four pillars of multi-cloud security: machine authentication and authorization (via Vault), machine-to-machine access (via Consul), human authentication and authorization (via trusted identity providers), and human-to-machine access (via Boundary).
“With HashiCorp’s approach to identity-based security and access, organizations are able to build the foundation to secure their infrastructure, applications, and data as they transition to multi-cloud architectures,” said Armon Dadgar, co-founder and CTO of HashiCorp. “Hundreds of the Global 2000 have standardized on Vault as the way they protect secrets and data in the cloud. With HCP Vault and HCP Consul, we can help our customers get to the cloud faster, by offloading the operational burden to our own experts, and in doing so, more rapidly unlock the value of the cloud operating model. The HashiCorp portfolio delivers zero trust security in the way that our customers require to deliver mission-critical data and systems in the cloud safely.”
Across the four pillars is a consistent requirement: identity-driven controls. HashiCorp’s security model is predicated on these controls. In order for any machine or user to do anything, they must authenticate who or what they are, and their identity and policies define what they’re allowed to do. Today’s announcement includes the following updates across each of these security pillars:
Machine Authentication and Authorization with HCP Vault
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data, and was previously available only as self-managed open source or commercial software.
Making Vault available on HCP allows customers to get up and running quickly with Vault while relying on HashiCorp to handle management, upgrades, and scaling of the product. This provides the power and security features of the customer-managed version of Vault, without the complexity and overhead. HCP Vault will offer flexible pricing to fit organizations of different sizes. HCP Vault is the second HashiCorp product available as a service on the managed cloud platform and is initially offered on AWS. The initial offering is in private beta, with broader access to be announced soon.
Human-to-Machine Access with HashiCorp Boundary
As organizations move into new datacenters and multiple public clouds, it exposes critical systems and data to attacks and vulnerabilities. Organizations need to have flexibility regarding where their applications and critical systems are deployed, which is why these low-trust environments are forcing organizations to rethink how they secure and protect applications and systems.
Organizations can reduce the risk of breach and simplify access administration with Boundary. Boundary’s identity-based secure access management ensures that users have access to only the applications and systems they need, rather than exposing the private network. With Boundary, fine-grain access to critical systems and applications can be granted based on their trusted identities using solutions like Okta, Active Directory, and other identity platforms. Removing the requirement of issuing and managing SSH keys or VPN credentials simplifies onboarding and reduces risk of a credential compromise. Boundary provides an easier way to protect and safeguard access to application and critical systems by trusted identities without exposing the underlying network or leaking credentials.
With Boundary, organizations and practitioners benefit from:
- On-Demand Access: Securely access applications, systems, and data without the need to create or store credentials, networks, or IP address. Login with your trusted identity to get instant access.
- Dynamic Environments: Eliminate the complexity and time spent managing access to ephemeral and dynamic applications, hosts, services, and cloud resources. Controls are based on logical services, rather than physical IPs. Boundary eliminates the need to have additional network based controls.
- Ease of Use: Access applications and hosts across clouds, Kubernetes clusters, and on-premises datacenters through an automated workflow that works with existing tooling.
Boundary is free and open source and provides practitioners and operators with a new approach to simple and secure remote access.
Machine-to-Machine Access with HCP Consul
Consul enables secure machine-to-machine connectivity by enforcing authentication between applications and ensuring only the right machines are talking to each other. Consul uses service networking to discover services, automate network configurations, and to enable secure connectivity across any cloud or runtime using Consul service mesh.
With service discovery, organizations can provide real-time network location and health status across both legacy and ephemeral services. With network infrastructure automation, organizations can avoid human intervention and eliminate the hassle and potential errors from manually managing firewalls, load balancers, API gateways, and more. With a Consul service mesh, organizations can secure service-to-service traffic and authorization by encrypting traffic using mutual-TLS.
HCP Consul provides Consul as a managed service and was the first service available on the new HashiCorp Cloud Platform. HCP Consul is now available in public beta. HCP Consul offers secure service networking across EKS, ECS, EC2, and other AWS application environments, and also allows organizations to securely connect AWS environments to other cloud environments and to private datacenters using a Consul multi-platform service mesh.
HCP Vault is now available in private beta on AWS. Request access at hashicorp.com/cloud-platform. HCP Consul is now available in public beta on AWS at that same URL. HashiCorp Boundary 0.1 is now available for free as an open source project at boundaryproject.io.