HashiCorp®, the leader in multi-cloud infrastructure automation software, announced at HashiConf Digital, new identity-based security and access offerings, to help enterprises solve modern security challenges as they transition to dynamic multi-cloud infrastructure.
HashiCorp announced the private beta of HashiCorp Vault™ on the HashiCorp Cloud Platform (HCP), providing its industry-leading secrets management product as a managed service run by HashiCorp. The company also announced HashiCorp Boundary, a new open source, identity-based secure access management project, which allows users to remotely access systems regardless of location based on user identity. Alongside these announcements, HashiCorp Consul®, its widely adopted service networking and service mesh product, is now in public beta on the HashiCorp Cloud Platform.
The HashiCorp approach enables a zero trust approach across the four pillars of multi-cloud security: machine authentication and authorization (via Vault), machine-to-machine access (via Consul), human authentication and authorization (via trusted identity providers), and human-to-machine access (via Boundary).
“With HashiCorp’s approach to identity-based security and access, organizations are able to build the foundation to secure their infrastructure, applications, and data as they transition to multi-cloud architectures,” said Armon Dadgar, co-founder and CTO of HashiCorp. “Hundreds of the Global 2000 have standardized on Vault as the way they protect secrets and data in the cloud. With HCP Vault and HCP Consul, we can help our customers get to the cloud faster, by offloading the operational burden to our own experts, and in doing so, more rapidly unlock the value of the cloud operating model. The HashiCorp portfolio delivers zero trust security in the way that our customers require to deliver mission-critical data and systems in the cloud safely.”
Across the four pillars is a consistent requirement: identity-driven controls. HashiCorp’s security model is predicated on these controls. In order for any machine or user to do anything, they must authenticate who or what they are, and their identity and policies define what they’re allowed to do.
The announcement includes the following updates across each of these security pillars:
Machine Authentication and Authorization with HCP Vault
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data, and was previously available only as self-managed open source or commercial software.
Making Vault available on HCP allows customers to get up and running quickly with Vault while relying on HashiCorp to handle management, upgrades, and scaling of the product. This provides the power and security features of the customer-managed version of Vault, without the complexity and overhead. HCP Vault will offer flexible pricing to fit organizations of different sizes. HCP Vault is the second HashiCorp product available as a service on the managed cloud platform and is initially offered on AWS. The initial offering is in private beta, with broader access to be announced soon.
Human-to-Machine Access with HashiCorp Boundary
As organizations move into new datacenters and multiple public clouds, it exposes critical systems and data to attacks and vulnerabilities. Organizations need to have flexibility regarding where their applications and critical systems are deployed, which is why these low-trust environments are forcing organizations to rethink how they secure and protect applications and systems.
Organizations can reduce the risk of breach and simplify access administration with Boundary. Boundary’s identity-based secure access management ensures that users have access to only the applications and systems they need, rather than exposing an organization’s entire private network. With Boundary, fine-grain access to critical systems and applications can be granted based on trusted identities using solutions like Okta, Active Directory, and other identity platforms. Removing the requirement of issuing and managing SSH keys or VPN credentials simplifies onboarding and reduces risk of a credential compromise. Boundary provides an easier way to protect and safeguard access to application and critical systems by trusted identities without exposing the underlying network or leaking credentials.
With Boundary, organizations and practitioners benefit from:
- On-Demand Access: Securely access applications, systems, and data without the need to create or store credentials, networks, or IP address. Login with your trusted identity to get instant access.
- Dynamic Environments: Eliminate the complexity and time spent managing access to ephemeral and dynamic applications, hosts, services, and cloud resources. Controls are based on logical services, rather than physical IPs. Boundary eliminates the need to have additional network-based controls.
- Ease of Use: Access applications and hosts across clouds, Kubernetes clusters, and on-premises datacenters in a new, platform-agnostic way through an automated workflow that integrates with existing tooling.
Boundary is free and open source and provides practitioners and operators with a new approach to simple and secure remote access.
Machine-to-Machine Access with HCP Consul
Consul enables secure machine-to-machine connectivity by enforcing authentication between applications and ensuring only the right machines are talking to each other. Consul uses service networking to discover services, automate network configurations, and to enable secure connectivity across any cloud or runtime using Consul service mesh.
With service discovery, organizations can provide real-time network location and health status across both legacy and ephemeral services. With network infrastructure automation, organizations can avoid human intervention and eliminate the hassle and potential errors from manually managing firewalls, load balancers, API gateways, and more. With a Consul service mesh, organizations can secure service-to-service traffic and authorization by encrypting traffic using mutual-TLS.
HCP Consul provides Consul as a managed service and was the first service available on the new HashiCorp Cloud Platform. HCP Consul is now available in public beta. HCP Consul offers secure service networking across EKS, ECS, EC2, and other AWS application environments, and also allows organizations to securely connect AWS environments to other cloud environments and to private datacenters using a Consul multi-platform service mesh.
About the HashiCorp Cloud Platform (HCP)
The HashiCorp Cloud Platform is a fully managed platform offering the HashiCorp products as a service to automate infrastructure on any cloud. HCP enables flexibility for multi-cloud environments with a consistent workflow and unified set of APIs for all HashiCorp products across all cloud providers. Enterprises will be able to use consistent HashiCorp identities and centralized access control policies to govern resources across teams and providers. Since HCP is operated and managed by HashiCorp experts, it will reduce the operational burden for enterprises, accelerating delivery of their multi-cloud strategies, and allowing them to focus on building cloud-native applications that can be run in the most appropriate environment.
HCP Vault is now available in private beta on AWS. Request access at hashicorp.com/cloud-platform. HCP Consul is now available in public beta on AWS at that same URL. HashiCorp Boundary 0.1 is now available for free as an open source project at boundaryproject.io.
“According to our primary research, the most significant challenge organizations face in meeting identity security requirements today is enabling the unification of access, visibility, and controls across complex, multi-cloud environments,” said Steve Brasen, research director of Enterprise Management Associates. “By embracing an open approach to access management, HashiCorp is laying the most critical foundation for organizations to solve access security requirements across dynamically hosted services.”
- Solutions Overview: Zero Trust Security
- Blog: Announcing Vault on the HashiCorp Cloud Platform
- Blog: Announcing HCP Consul Public Beta
- Blog: Announcing HashiCorp Boundary
- Webpage: Boundary
- Webpage: HashiCorp Cloud Platform (HCP Vault & HCP Consul)
HashiConf is the flagship event for the HashiCorp community, this year taking place virtually. Attendees meet twice a year to share knowledge, ideas, and experiences around the HashiCorp product suite. Sessions range from product keynotes to customer presentations featuring speakers from organizations including ABN AMRO, Anaplan, Bowery Farming, Comcast, Cloudflare, Eventbrite, National Australia Bank, Q2 Software, Roblox, and State Farm.
HashiCorp expects more than 12,000 individuals to attend its virtual conference, Oct. 14-15, from more than 100 countries. It hosted its annual HashiCorp Partner Summit on Oct. 13, which 500 reseller and systems integrator partners attended. To access any of the sessions, join for free at https://hashiconf.com/digital-october/.
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp’s open source tools Vagrant™, Packer™, Terraform®, Vault, Consul, and Nomad™ are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise and managed service versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco, though 85 percent of HashiCorp employees work remotely, strategically distributed around the globe. HashiCorp is backed by Bessemer Venture Partners, Franklin Templeton, Geodesic Capital, GGV Capital, IVP, Mayfield, Redpoint Ventures, T. Rowe Price funds and accounts, and True Ventures.
For more information, visit hashicorp.com or follow HashiCorp on Twitter @HashiCorp.
All product and company names are trademarks or registered trademarks of their respective holders.
Media & Analyst Contact