HashiConf Global 2022: HashiCorp builds on Zero Trust for security tools

0
7
hashiconf global 2022 hashicorp builds on zero trust for security.jpg
hashiconf global 2022 hashicorp builds on zero trust for security.jpg

The network and security tools Vault, Consul and Boundary are central pillars of HashiCorp’s Zero Trust strategy – on-premises and in the cloud.

 

After a three-year break, HashiCorp, the provider known for IT infrastructure tools such as Terraform, Consul and Vault, is once again organizing its global in-house exhibition HashiConf Global as a face-to-face event – this time from October 4th to 6th in Los Angeles. Users, developers and fans of the tools can find out about the latest developments on site, exchange experiences and get inspiration and new ideas. At the start of the conference, the opening speeches by CEO Dave MacJannet and CTO Armon Dadgar were also shaped by a central theme: Zero Trust.

 

Attendees witnessed a firework of announcements surrounding the Vault, Consul and Boundary products, which HashiCorp is positioning as key pillars of its Zero Trust approach. The essence of Zero Trust is the lack of “preset” trust relationships – everyone has to identify themselves. Only then is the decision to grant or deny permissions made. Technically, Zero Trust is therefore an identity-based approach. The secrets management tool Vault is supposed to manage the authentication and assignment of authorizations. The Service-Mesh Consul takes care of the mutual access between the computers/machines at the network level, Boundary regulates the access of the users.

A highlight of the announcements at HashiConf Global is certainly the availability of Boundary in the “cloud”, the HashiCorp Cloud Platform (HCP). Announced as a beta at the European HashiConf in the summer, all functions can now be used with the managed service HCP Boundary without users having to worry about installation and maintenance. The Boundary project is only about two years old, making it one of the newer products in the HashiCorp portfolio. For user access to business-critical systems, HCP Boundary abstracts from the actual session (session), its connection, issuance, and granting and revoking of permissions. Boundary offers both operations and security teams the ability to dynamically connect cloud service catalogs and on-premises resources. In addition, policies can be created to which systems, users and groups should have access. In combination with Vault, even passwordless connections with the required authorizations can be provided and discarded again.

SEE ALSO  If you have one of these phones, starting tomorrow you will no longer be able to use WhatsApp

The service mesh Consul, which has been available as an HCP version for some time, has also made a big step forward with version 1.14. Clusters from different data centers can now be connected. This enables real emergency scenarios. In the event of an error in data center A, the application can now also be started in data center B. However, this new feature is still marked as beta in Consul 1.14.

HashiCorp has also revised Consul’s communication with the serverless service AWS Lambda. This is now also possible bidirectionally – albeit at different levels of maturity. The function is generally available towards AWS. The way back is still in beta. Furthermore, with the new cloud manager, Consul offers improvements in terms of administration. The tool is available in technical preview with HCP Consul. With Cloud Manager, various installations in the cloud or locally can be managed via a central interface. Technically, the Consul Dataplanes are a little lower down. They are intended to improve installation and configuration and also provide tighter integration with the Proxy Envoy.

The last set of announcements concerns Vault. The HCP version is now available as a beta in the Microsoft cloud. Also new are multi-factor authentication and additional plug-ins. Users can now also bring their own keys: BYOK (Bring Your Own Key). In the context of PKI, keys can be revoked. In Oracle environments, Vault can be used for TDE (Transparent Disk Encryption). Redis users should also be happy: They can now use the services of Vault. This applies to the open source version and the enterprise product as well as to the caching service AWS ElastiCache, which is tailored to Redis.

SEE ALSO  Raspberry Pi launches operating system with new features and small corrections