How a Large Retail Company Rolled Out Vault
Dec 14, 2018
HashiCorp solutions engineer Lance Larsen shares how one large retail company rolled out Vault to secure their member-rewards program.
Sr. Solutions Engineer, HashiCorp
A customer approached us with a challenge—around encryption as a service. They're a large retail customer of ours, and they were having issues securing data for their rewards program. Some of the challenges that they came to us to try to solve were: They had transparent data encryption at the database level. For technologies like Oracle where there's an Oracle Wall and it secures all that data at rest, but those columns that are very sensitive, that had the rewards data, and those rows, they weren't protected from things like SQL injection or someone just with an authenticated SQL client, looking at those critical entries in the database.
So they asked us really to solve:
- How could we put a developer-friendly platform in front of them?
- How could we meet the scaling needs of the platform? (These were high volume batch workloads as this rewards data was processed.)
- What would this look like from an InfoSec perspective? How would the keys be rotated? Who would have access to the keys? Could they write under-privileged batch jobs to actually handle the rotation and do this as a more autonomous part of the platform, instead of when they were audited every six months?
So they came to us with these challenges, and we sat down with their teams. We looked at their most sensitive apps and phased out how we were going to attack those workloads. First in lower volume areas like Asia/Pacific, eventually moving on to North America and meeting all their needs for high-volume workloads—over 10,000 requests per second for these batch jobs—and providing a stable platform as more and more rewards customers were slowly rolled on to the new encryption solution.