How Vault and Boundary helped BT improve security without compromising user experience
Software nudges culture, and when it comes to adopting modern security approaches, the HashiCorp SLM combination of Vault and Boundary led to a culture at British Telecom (BT) where security tools and practices are seen as enablers rather than hindrances to productivity.
» A security sea change
The telecom industry is not only preparing for the Telecom Security Act, but also trying to manage cloud transformations in parallel. The new regulations require changes, particularly regarding trust boundaries and network segmentation. British Telecom (BT) is dealing with the challenges of managing access to different systems. There's been a traditional reliance on SSH for secure connections, which can lead to poor credential management practices.
» Concerns and goals
The three main concerns in modern security are privileged access management (PAM), identity access management (IAM), and credential / secrets management, emphasizing the need for strong, dynamic credential management to mitigate risks, such as supply chain attacks. The SolarWinds incident is a recent, major example of the harm that can come from these types of attacks.
BT's goal is to secure credentials and facilitate safer remote connections, aiming to improve both security and user experience. But it's a challenge, because those two things are often at odds. Many security professionals feel that it's a trade-off; you can't improve security without reducing the quality of the user experience.
» What BT did
BT is moving toward a passwordless experience. They've already seen it significantly reduce the risk of credential theft. While employees previously had to manage many passwords manually, their new Security Lifecycle Management (SLM) system from HashiCorp, using HashiCorp Vault and Boundary, provides dynamic and one-time credentials that make access easier and more secure.
It was a worthwhile transition from manually managed credentials to automated, machine-to-machine credential management systems (i.e. Vault), which improved security practices. The benefits of Vault and Boundary included:
Increased efficiency
Stronger user engagement
Reduced friction associated with accessing systems
With Vault and Boundary, BT successfully eliminated around 50,000 unnecessary credentials and moved toward a fully passwordless environment for all employees and subcontractors. Overall, their implementation fosters a culture where security enables rather than hinders productivity.