Unlocking the Cloud Operating Model: Security in Multi-Cloud
Nov 04, 2019
In this webinar, HashiCorp Vault technical marketer Justin Weissig describes the necessary shifts in processes, people, and operations for managing security in multi-cloud environment.
Vault Technical Marketing, HashiCorp
The transition from static to dynamic infrastructures as organizations move to cloud and multi-cloud environments is a generational transition for IT. This shift brings great opportunity for organizations to leverage compute capacity on demand and manage their services in novel ways. It also brings a new set of realities for internal security teams—dynamic secrets management, identity brokering, and data encryption on all levels.
As a result, this requires a fundamentally different approach to security. Teams must adapt to a world moving from IP-based high-trust networks to low-trust public clouds with unknown network perimeters where identity based security becomes the new norm.
Learn about security in a multi-cloud environment and how HashiCorp Vault can help in this webinar.
» What You'll Learn
Learn how HashiCorp Vault provides:
- Secrets Management
- Identity Brokering
- Data Encryption
0:00 — Security in dynamic, multi / hybrid cloud environments
10:19 — Introduction to HashiCorp Vault
21:17 — Q&A
- Does Vault integrate with third pary key managers?
- If you're using multiple cloud providers (GCP, Azure, AWS), should Vault be centralized in your private datacenter or in one of the clouds?
- What's a recommended deployment model for Vault in a hybrid environment (e.g. on-prem-GCP-Azure)?
- Are there any reference repositories for Vault plugins (e.g. for SQL Server, DB2)
- Whats the difference between S3 or other storage services and Vault?
- Does Vault require a root encryption to be provided by the underlying cloud provider?
- What are good resource for integration with Terraform? (see: Best Practices for Using HashiCorp Terraform with HashiCorp Vault)
- Is data encrypted in-transit between clients and Vault servers? Is it encrypted with tls-skip-verify?