Talk To a CK Expert

M

Use Zero-Trust to Secure Access to Cloud Workloads

Security

The migration to cloud means teams and organizations are rethinking how to secure their applications and infrastructure. Security in the cloud is being recast from static and IP-based – defined by a perimeter – to dynamic and identity-based – with no clear perimeter. This idea is known as zero trust security. HashiCorp’s solution is for enterprises who need zero trust security for multi-cloud environments. It manages secrets across multiple clouds and private data centers, enforces security with identity, and provides governance through policies

Why are enterprises embracing zero trust security?

Here are the top 3 use cases:

  • Machine Authentication & Authorization: Enterprises need to centrally store, access, and distribute dynamic secrets like tokens, passwords, certificates, and encryption keys across any public or private cloud environment.
  • Machine-to-machine Access: Enterprises need to enable machine-to-machine access by enforcing authentication between applications and ensuring only the right machines are talking to each other.
  • Human Access and Authorization: Enterprises need to secure access to applications and critical systems with fine-grained authorizations without managing credentials or exposing a network.

Every ICT professional knows well the story of how Uber became the poster boy of the cloud-native generation of companies and its explosive growth from a startup in 2009 to a global giant with revenues of US$17.46 billion by 2021.

What most people don’t know, however, is how the San Francisco headquartered company scaled its Apache Hadoop deployment to over 21,000 hosts in five years, to support the various analytical and machine learning use-cases – and used HashiCorp Vault and zero trust as part of its solution.

“With the growing complexity and size of Hadoop infrastructure, it became increasingly difficult for the team to keep up with the various responsibilities around managing such a large fleet,” the company reported in a blog post on July 22, 2021. “Fleet-wide operations using scripts and tooling consumed a lot of engineering time. Bad hosts started piling up without timely repairs.”

The company had more than 100 teams that interacted with Hadoop daily. It needed robust security protocols. “We set up persist keytabs in HashiCorp Vault and appropriate ACLs (access control levels) so that it can be read only by Hadoop Worker (nodes),” the company noted. Hadoop Worker nodes comprise most of the VMs in a Hadoop cluster and do the job of storing the data and running computations.

HashiCorp Vault enables enterprises to centrally store, access, and distribute dynamic secrets like tokens, passwords, certificates, and encryption keys across any public or private cloud environment. Unlike burdensome ITIL-based systems, HashiCorp solutions issue credentials to both people and machines in a dynamic fashion, creating a secure, efficient, and multi-cloud solution suited to today’s insecure world.

It’s part of the company’s “zero trust” security which secures everything based on trusted identities. Organizations can use zero trust to manage transition to the cloud while maintaining the level of security required, one that trusts nothing and authenticates and authorizes everything.

There are now thousands of companies who, like Uber, seek to leverage cloud (whether hybrid or multi-cloud) to run mission-critical workloads, it’s imperative that they seriously consider zero trust to secure access to authorized personnel. That’s where Cloud Kinetics (CK) and HashiCorp can help significantly.

“Organizations are rethinking how to secure their apps and infrastructure on the cloud,” says CK’s Chief Revenue Officer Ted Aravinthan. “Security in the cloud is being recast from static, IP-based (defined by a perimeter) to dynamic, identity-based (with no clear perimeter). This is the core of zero trust security.”

This is especially true with emerging and booming markets like Indonesia. Indonesia is becoming a hot spot for global tech companies keen to get into one of Asia’s fastest-growing markets, Nikkei Asia reported on July 8, 2020. It’s where e-commerce and food delivery services are rapidly expanding. 

“CK has operations in Indonesia, Singapore, Malaysia, India, Vietnam, Thailand, Europe, and the US to help companies migrate to a hybrid cloud,” says Sandy Kosasih, CK’s Director for Indonesia. “The trend toward data localization is also drawing the tech titans to the world’s fourth most populous country. HashiCorp’s approach to identity-based security and access provides a solid foundation for companies to safely migrate and secure their infrastructure, applications, and data as they move to a multi-cloud world.”

“Companies use different identity platforms for federated systems of record,” says Mr Suhail, HashiCorp’s Regional Manager of Solutions Engineering for Asia. “Leveraging these trusted identity providers is the principle of identity-based access and security. Our products provide deep integration with the leading identity providers.”

How does zero trust enable human-to-machine access? “Traditional solutions for safeguarding user access used to require you to distribute and manage SSH keys, VPN credentials, and bastion hosts, which creates risks of credential sprawl and users gaining access to entire networks and systems,” says Fitra Alim, CK’s Chief Technology Officer for Indonesia. “CK deploys HashiCorp’s Boundary solution to secure access to apps and critical systems with fine-grained authorizations that don’t require managing credentials or exposing your entire network. This is an excellent security feature to protect the core network.”

If you’re keen to understand how companies like Uber leverage zero trust, or how you can get guidance on your zero-trust journey, join us on July 28, 2022, at this exclusive webinar hosted by CK and HashiCorp. We will discuss the pillars of zero trust security, zero trust in action, managing secrets securely, zero-trust from an infrastructure provisioning standpoint, and other issues.

At Cloud Kinetics, we believe that the right digital strategy can help companies increase their competitive advantage and enhance customer experience. That is where we have built our core expertise. As a certified MSP, we tirelessly work towards accelerating our clients’ business transformation journeys by using cutting-edge platform-driven services. We do this in an agile, responsive and scalable manner, ensuring a significant positive impact on business with minimal disruption. Feel free to Contact our Cloud Experts for a non-obligatory discussion. Write to us at contactus@cloud-kinetics.com

Want to achieve similar results?

Talk to our Cloud Experts today!

Recent Posts

How TVSE Tackled Tough Tasks with CK’s Help

How TVSE Tackled Tough Tasks with CK’s Help

The issues began as unrelated nuisance factors. The enterprise resource planning (ERP) application was bloated and lagged, offsite backups were unreliable, and a failover data centre for business continuity/disaster recovery (BC/DR) was expensive to maintain. It was...

read more
Enabling Ci/Cd Pipeline for Container-Based Workloads

Enabling Ci/Cd Pipeline for Container-Based Workloads

DevOps is a combination of development and operations. It aims to create a faster development environment without sacrificing software quality. In the containerization process, source code goes through a series of transformations to produce Docker images that...

read more