Leading candidate interviewing platform uses HashiCorp Vault to secure backend systems and sensitive personal information for a safe, seamless recruitment process.
Recruiting high-quality talent is the front line of the battle for corporate supremacy. Organizations of all sizes and across every industry are looking for new and inventive ways to identify and hire qualified candidates before their competitors do — and they’re looking to HireVue for help.
For nearly 15 years, the company has provided enterprises large and small, as well as government contractors and agencies, with a range of AI-powered interview scheduling, video interviewing, and skills assessment tools that help recruiters and hiring managers make better hiring decisions and reduce the time it takes to fill positions by up to 90%.
But in the age of distributed-everything (workloads, teams, and infrastructure), securing the backend systems that power the platform and hold the keys to sensitive personally identifiable information (PII) is a daunting task — especially when it comes to meeting the high-security standards of the federal government.
“The steady growth in the size of our average client engagement and expansion into more highly regulated markets like finance and government contracting dialed up the pressure on us to rethink how we manage secrets and access to our core systems,” says Eric Nelson, HireVue’s director of engineering. “We concluded that our homegrown tools and strategies simply couldn’t keep up with the new demands of the business and that we needed to try something new.”
Many members of Eric’s team had experience with HashiCorp solutions in their previous jobs and agreed that HashiCorp Vault would help solve many of the challenges the small group faced in effectively managing enterprise secrets.
Like many growing companies, HireVue had traditionally used a range of home-grown tools for securing its environment and protecting secrets. But over time the company’s IT footprint grew exponentially, and so did the risks of not optimizing its secrets-management operations. Eventually, the company’s stores totaled more than 8,500 secrets that Nelson’s and other teams were responsible for managing, which significantly outpaced the homegrown tool’s encryption capabilities.
Other secrets-management tools they’d considered didn’t have secrets-encryption capabilities, and native solutions from the company’s main cloud provider, Amazon Web Services, still required a lot of manual configuration and provisioning that increased overhead expenses while slowing overall productivity.
“The other tools we looked at didn’t have the permissions granularity we needed to do things like segment secrets access by team or organizations without a lot of intervention from our team, which is important for FedRAMP compliance,” Eric says. “Vault provides a unique combination of control, transparency, and automation that helps us meet our regulatory obligations as well as the demands of our business.”
Vault provides HireVue with a central repository for storing and distributing dynamic secrets like tokens and certificates while also encrypting data in transit and at rest across clouds and datacenters — perfect for the company’s growing cloud and datacenter footprint.
The solution’s SSH post-key functionality makes it easier for HireVue to enable access for developers across teams and organizations by automating ephemeral key distribution with custom expiration dates and on-demand emergency key revocation for virtually any reason.
“Vault helps us strike the right balance between giving our teams the access to data, services, and systems they need with the ability to prevent internal or external bad actors from doing things like copying our database passwords with unauthorized users, dumping the data, or any number of other security and privacy issues companies of our size usually have to worry about,” Eric explains.
Rocky Olsen, HireVue’s infrastructure architect, emphasizes that Vault’s automation capabilities are what set the tool apart from secrets management options they’ve seen in the past, most of which required a drawn-out process involving adding secrets into a utility, depositing them into a SALT tree, deploying the change, and then seeking approvals.
“With Vault, we can just provision access for individual squads and orgs to update and manage thousands of secrets on their own,” he says. “Now, essential development activities and processes that previously paused while teams waited days or weeks for secrets to be created or updated can continue uninterrupted.
"One of the coolest things about our Vault implementation has been connecting it to our SSO provider, allowing for rapid provisioning of access. Utilizing Vault’s robust policy model and authentication engines we are able to grant ‘least privilege’ access to a cornucopia of backend systems. We breathe easy knowing that Vault brokers this access requiring MFA, the access cryptographically secured and verifiable, and expires after a short time to live."
This breakthrough not only helped to improve productivity and efficiency across HireVue’s development teams, but it also strengthened the company’s compliance with stringent regulations for PCI and FedRAMP through easy-to-use configuration and provisioning templates, as well as employing HSM encryption and Federal Information Processing Standards (FIPS)-compliant single sign-on processes for maximum control and security.
HireVue ‘s Hiring Intelligence platform transforms the way companies discover, hire, and develop talent. By combining online interviews with validated organizational psychology and predictive analytics, HireVue offers hiring teams objective decision support that helps level the playing field by highlighting top candidates from a broader talent pool than ever before.
Learn about our plans for this year’s KubeCon Europe virtual conference and get CNCF- and Kubernetes-related updates on our products.
We're open sourcing How HashiCorp Works, a website that describes HashiCorp's individual, team, and company-wide best practices.
Submit an application or nomination for HashiCorp Ambassador recognition.