HashiCorp reveals new HCP Boundary solution for enterprises
HashiCorp has announced the general availability of HashiCorp Cloud Platform (HCP) Boundary, which they say is a new secure remote access product for businesses.
The company says that with this release, Boundary joins HCP Vault and HCP Consul to provide the industry's first zero trust security solution to secure applications, networks, and people built for the cloud.
Zero trust solutions are becoming increasingly needed in today's business climate as security threats change, but HashiCorp says the gap between legacy security postures and the accelerated move to the cloud is still contributing to a significant increase in security breaches.
Research from the recent HashiCorp State of Cloud Strategy Survey revealed that 89% of respondents believed security is the number one determining factor for cloud success. The company says this is one of the main reasons why zero trust security postures are becoming so prominent.
HashiCorp says its approach to zero trust security focuses on using identity to secure applications, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows.
They also say that this ensures people, machines and services are authenticated and that every action is authorised and critical data is protected.
"As organisations continue to expand their cloud estates, they must shift their security strategies to keep up with the growth and complexity of applications, network components, and cloud-based systems," says Armon Dadgar, co-founder and CTO, HashiCorp.
"At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce."
As organisations move out of traditional data centres and into multiple cloud, hybrid, and edge environments, securing critical infrastructure often becomes more complex.
The HashiCorp zero trust solution is said to help mitigate common issues by using various new technologies and solutions.
HashiCorp Vault provides a consistent way to manage application identity by integrating many platforms and identity providers. Vault enables fine-grained access control and authorisation between applications and databases, including dynamically rotating credentials, PKI certificates, and API tokens, while also ensuring application data is always secure in transit and at rest.
HashiCorp Consul secures network traffic between applications and services, enabling fine-grained access control policies, observability, and traffic shaping. Consul integrates with Vault's identity platform to leverage application identity for the policies and to allow dynamic PKI.
HashiCorp Boundary ensures the right people have access to suitable systems and cloud services while removing the need to distribute and issue credentials, expose private networks, or manage static credentials. Boundary integrates with Vault to issue just-in-time credentials and ensure ephemeral access to critical systems.
Another key benefit that HashiCorp says makes HCP Boundary stand out is that it provides a secure remote access solution for a cloud operating model. It will offer improvements over existing software-defined perimeter (SDP) solutions, like VPNs and privileged access management (PAM) solutions that are IP-driven and highly manual.
Teams will have the ability to utilise fine-grained authentication and authorisation controls, rapid user onboarding, and automated workflows for target discovery and credential management for ephemeral resources.
As a cloud-based service, HCP Boundary benefits organisations struggling with security as they transition to the cloud, driven by people and skills shortages.
HCP Boundary also allows teams and users to access the critical systems they need while abstracting the session connection, establishment, credential issuance, and revocation. Boundary provides operations and security teams the ability to dynamically pull in cloud service catalogues and on-premises resources and map out policies to which systems, users, and groups should have access. To do this, Boundary leverages Vault to provide passwordless connections and, after each use, revokes the credentials.
In addition to core secure remote access capabilities, Boundary will also offer organisations:
- Identity platform integration with Microsoft Azure Active Directory and Okta, along with many other identity platforms that support OpenID Connect to onboard trusted identities and delegate authentication
- Role-based access control (RBAC) to provide broad or fine-grained access to people throughout your organisation
- Passwordless authentication for seamless integration with dynamic secrets and Vault
- Automated service discovery for streamlined discovery and configuration of targets. Dynamic host catalogues are currently available with Microsoft Azure and AWS, as well as direct HashiCorp Terraform integration to pull in resources under management.
- Session visibility and logging to get insights into session metrics, events, logs, and traces with the ability to export data to business intelligence and event monitoring tools.
"We think we've reached an important milestone for our customers by delivering a security solution built for today's threat and infrastructure landscape," remarks Dadgar when reflecting on the new announcement.