Client story Fortune 100 Insurance and Financial Services Provider Modernizes Security
A U.S.-based insurance and financial services company faced with secret sprawl across its enterprise sought to consolidate secrets and modernize its security processes.
By Insight Editor / 21 Apr 2023 / Topics: Data center Consulting services
Facts at a glance
Client industry:
Insurance and financial services
Challenge:
Secure interactions for the client and its customers for on-premises and cloud-based services.
Solution:
Fully automated Vault clusters for large set of enterprise use cases
Insight provided:
- Roadmap for HashiCorp Vault adoption
- Onboarding for DevOps team
- Automation to monitor SSL certificate expiration
- Self-service API templates
Outcomes:
- Consolidated secrets across enterprise
- Self-service and customizable API templates
- Eliminated numerous secret-zero scenarios
- Automatically managed compliance of SSL certificates through renewal purchases
The vision: Seamless secret management and standardized process management
As a financial services company, this client knows how important it is to secure data and provide around-the-clock interface access for its customers. Internally, this client was facing secret sprawl — where credentials weren’t stored in a secure central location. This can sometimes lead to mismatched credentials across the different applications employees use, potentially delaying access and exposing secrets in a breach. Additionally, the client was looking for better management of its SSL certificates to ensure an uninterrupted and secure experience for its customers.
Implementing HashiCorp Vault for the client would prevent interrupted employee access to applications necessary for their day to day and protect credential data in a potential breach.
Addressing secret sprawl
To address the client’s secret sprawl, Insight implemented HashiCorp’s Vault™ offering. Vault consolidated and standardized secrets across the enterprise, meaning that employee access to applications and integrations would not be interrupted as their credentials would update across everything at once. Additionally, with Vault came the power to delimit credentials (set an expiration on them), providing extra protection in the case of breaches and helping eliminate some potential secret-zero scenarios.
Modernizing to tackle multiple challenges
The first step to modernizing this client’s security was providing a roadmap for HashiCorp® Vault adoption. Due to its sophisticated nature, Insight coordinated the different aspects of the client’s enterprise that would need to be adjusted to accommodate Vault smoothly. This included implementing multi-cluster Kubernetes and writing the necessary automation to provide seamless credential communication across the client’s integrations.
Insight ensured the client was set up for a smooth exit and would be able to autonomously manage the new system.
The DevOps team processes were also solidified, and those individuals were onboarded to confidently manage and monitor Vault. One challenge many organizations face is keeping up with their SSL certificate renewals — the lapse of which can result in interrupted service for users. Automation was implemented to monitor the numerous SSL certificates as well as a process to allow for automatic purchase renewal. Additionally, the client was provided with self-service API examples, which can be customized by the client going forward for different teams and uses within the company. Prior to exit, Insight also completed an analysis of how the client can approach Vault integration with its Oracle® databases and other legacy environments in the future.
The outcome: Seamless credential management and automated compliance
The new Vault security system has allowed the client to consolidate credentials that reduce the possibility of employees temporarily losing access to applications and integrations necessary for their role. Uses of automation across different teams can be expanded through the provided self-service API templates. The automation of SSL certificate management has allowed an uninterrupted interface for customers without requiring individual employee involvement. These motions have set the stage for rollout to their legacy environments, allowing the client to continue its modernization journey.
