HashiCorp solutions engineer Lance Larsen shares how one large retail company rolled out Vault to secure their member-rewards program.
A customer approached us with a challenge—around encryption as a service. They're a large retail customer of ours, and they were having issues securing data for their rewards program. Some of the challenges that they came to us to try to solve were: They had transparent data encryption at the database level. For technologies like Oracle where there's an Oracle Wall and it secures all that data at rest, but those columns that are very sensitive, that had the rewards data, and those rows, they weren't protected from things like SQL injection or someone just with an authenticated SQL client, looking at those critical entries in the database.
So they asked us really to solve:
So they came to us with these challenges, and we sat down with their teams. We looked at their most sensitive apps and phased out how we were going to attack those workloads. First in lower volume areas like Asia/Pacific, eventually moving on to North America and meeting all their needs for high-volume workloads—over 10,000 requests per second for these batch jobs—and providing a stable platform as more and more rewards customers were slowly rolled on to the new encryption solution.