HashiCorp expands its identity-based security portfolio

HashiCorp has unveiled new products and solutions to expand HashiCorp’s identity-based security portfolio.

These include a new addition for privileged access management (PAM), HashiCorp Boundary Enterprise, and a simplified secrets management SaaS offering, HashiCorp Cloud Platform (HCP) Vault Secrets. These offerings expand HashiCorp’s approach to identity-based security for dynamic cloud environments.

“The new Boundary Enterprise and HCP Vault Secrets offerings address critical multi-cloud security challenges,” said Armon Dadgar, CTO of HashiCorp.

“We are working closely with customers as they transition to the cloud and helping them succeed faster by adopting identity-based security, a critical piece of a cloud operating model,” Dadgar continued.

Modern privileged access management with HashiCorp Boundary

As organizations move to the cloud, traditional privileged access management approaches that rely on managing SSH keys and VPNs to manually access applications and systems become cumbersome and can expose the private network. HashiCorp’s approach improves upon legacy PAM tools that require highly manual configuration and rely on IP-based security. HashiCorp Boundary integrates identity-driven controls to enable secure user access across dynamic environments without exposing the network to users.

“HashiCorp Boundary has made it possible to operationalize our zero trust access strategy and improve our privileged access management,” said Andrew Vezina, CISO and VP at EQ Bank.

“With its powerful capabilities and least-privileged access model, HashiCorp Boundary has helped us eliminate manual, time-consuming privilege access management tasks and elevated our security posture to mitigate evolving threats,” Vezina added.

HashiCorp Boundary Enterprise — a self-managed commercial offering of HashiCorp Boundary for secure remote user access. Boundary Enterprise leverages just-in-time credentials to deliver a simple and flexible way to access cloud infrastructure and provides least-privileged access to users with single sign-on access using existing cloud service providers.

Boundary Enterprise is now generally available and complements our existing HCP Boundary and Boundary OSS offerings.

Session recording — a capability that lets organizations track user and application actions when accessing critical systems so they can gain valuable insights into user behavior and maintain an auditable record of all activities. These capabilities enable organizations to further bolster their security posture and enhance overall compliance. Session recording is now generally available in HCP Boundary and Boundary Enterprise.

Simplified secrets management with HashiCorp Vault

Organizations that leverage multiple secrets management tools may increase their risk of a breach due to secret sprawl across different systems, files, and repositories. HashiCorp Vault is the de facto standard for automating access to secrets and sensitive data. It uses trusted identities to broker connections between applications and users.

The new offerings include:

• HCP Vault Secrets — a new SaaS offering for identity-based secrets management designed for organizations that want to quickly get started managing their secrets with minimal overhead and cost. With HCP Vault Secrets and secret syncing, organizations can centrally manage secrets while allowing developers to use their cloud-native development workflows. Teams can get started for free in a matter of minutes with extensive secrets management capabilities, benefit from simplified workflows, and reduce operational burden via the HashiCorp Cloud Platform. Now in beta, HCP Vault Secrets joins the already available HCP Vault, a managed, single-tenant offering, and HashiCorp Vault Enterprise, a self-managed offering.
• Vault Secrets Operator for Kubernetes — a new capability enabling users to natively sync secrets from Vault to Kubernetes clusters. The Vault Secrets Operator improves Vault and Kubernetes integration by ​​implementing a first-class Kubernetes operator and a set of custom resource definitions (CRDs) responsible for synchronizing Vault secrets to Kubernetes secrets natively. This enables automated rotation of secrets without service disruption using Kubernetes rolling updates. Vault Secrets Operator for Kubernetes is now generally available for HCP Vault and Vault Enterprise.