This webinar explores how AWS and HashiCorp are working together to address the challenges of applying enterprise-grade security to dynamic, cloud environments.
Data centers are static infrastructure, with dedicated servers, static IP addresses, and a clear network perimeter. Security was imposed through a “castle and moat” approach of hardening the network, and managing access based on IP addresses using network middleware. The private network was assumed to be inside the castle, and assumed high trust and integrity.
In the cloud, infrastructure is both ephemeral and elastic, IP addresses are dynamic, and the network perimeter is no longer distinct. This strains traditional network based approaches to security. Instead, modern security posture assumes a “low trust” network, where it's assumed a network breach will occur. This new posture pushes for a more integrated approach to security, where access to systems and endpoints is explicitly managed, instead of implicitly granted by virtue of being on a private network. Instead of using IPs as a the unit of access, applications are provided an identity which allows us to handle the ephemeral and elastic nature of cloud infrastructure.
To help with the creation and storage of new application identities, AWS offers tools like AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), and AWS CloudHSM. These tools provide trusted sources for identity, but also increase the number of secrets (passwords, certificates, encryption keys, etc.) that need protection. Using HashiCorp Vault organizations are able to secure, store, and tightly control access to these secrets. Leveraging Vault on AWS enables enterprise to start deploying applications in the cloud, without compromising on security or compliance.
0:00 - Introductions
0:36 - Introduction to the AWS Enterprise Security Approach
23:20 - How Vault Enhances Enterprise Cloud Deployments
31:00 - Demonstrations of Vault and AWS Integrations
54:05 - Q&A