With the integration of One Identity’s privileged access management (PAM) Safeguard for Privileged Sessions, HashiCorp Vault users will now be able to securely manage, monitor, record, and audit privileged and administrative access to their vaulted tokens, passwords, certificates, API keys and other secrets used in DevOps workflows. The integration will enable organisations to better manage and protect critical assets from potential cybersecurity threats and meet compliance requirements.
With IT operations having completely changed over the last decade, with the focus now on rapid innovation and quickly pushing applications to production, DevOps practices have been widely adopted to reduce friction in development workflows but often introduce unforeseen security risks.
These DevOps practices need to evolve to address these security challenges where DevOps environments evolve to include security, commonly referred to as DevSecOps. DevSecOps best practices require full audits of privileged activity to data sources, application services and other vital tools and sensitive information within an enterprise.
With the pressure to accelerate production and scalability, implementing security best practices to protect privileged access and credentials within DevOps environments is often overlooked. In fact, only 46% of developers are addressing security risks during early phases of development, according to recent research.
The integration between One Identity Safeguard and HashiCorp Vault enables organisations to mitigate security risks associated with unprotected secrets while also maintaining the speed and scale that’s necessary for the DevOps environment.
One Identity Safeguard's transparent protocol proxy technology allows humans and machines to be controlled and audited without interrupting or slowing down their workflows. It also enables organisations to gain the needed oversight of privileged access used with HashiCorp and inspects the protocol traffic on the application level and rejects traffic that violates policies. This eliminates unauthorised and unfettered access to resources and protects the network and sensitive data. Organisations can also monitor privileged sessions in real time with the ability to execute various actions if unusual or unwanted behaviour is detected. Actions can include sending an alert or immediately terminating a session.
“The time, education, and skills necessary to secure rapid, and iterative DevOps environments have historically been very limited, despite the severity of the potential pitfalls,” said Asvin Ramesh, director of technology alliances at HashiCorp. “By connecting HashiCorp Vault with One Identity Safeguard, we’re giving our joint customers an integrated solution that offers continuous control, monitoring, and secure access and authentication in real time during this imperative stage of production.”
Implementing the One Identity Safeguard plugin to HashiCorp Vault customers takes minimal configuration changes and provides rapid ROI and increased security to organisations. As a result, the integrated solution helps prevent malicious actions or human error, as well as provides evidence for auditing, troubleshooting and forensics investigations to help customers meet regulatory compliance demands.