HashiCorp, at its HashiConf Digital conference today, announced an open source Boundary project that will enable users to remotely access systems regardless of location based on their specific identity.
At the same time, HashiCorp announced the private beta of HashiCorp Vault secrets management platform on the HashiCorp Cloud Platform (HCP) and the public beta availability of HashiCorp Consul service mesh on the same platform. In both cases, HashiCorp Vault and HashiCorp Consul are managed by HashiCorp on behalf of customers.
Chris Kent, director of product marketing for HashiCorp, said Boundary applies many of the zero trust concepts now being applied to networking to systems that no longer require someone to create and manage credentials for each platform. Remote access is now based on logical services rather than physical IPs, which Kent noted also eliminates the need to have additional network-based remote access.
The Boundary platform makes it possible to authenticate users by assigning trusted identities.
Collectively, Kent said the HashiCorp portfolio will enable a zero trust model to be applied across four pillars of security using Vault for machine authentication and authorization, Consul for machine-to-machine access, Boundary for human-to-machine access and trusted identity providers for authentication and authorization for humans.
Those capabilities longer-term will play a critical role in advancing the adoption of best DevSecOps practices in a way that is platform-agnostic, he added.
In the wake of the COVID-19 pandemic, a shift toward identity-based approaches to security has begun to accelerate. At the core of any zero-trust approach to cybersecurity is an assumption that an IT organization can control access to systems and applications based on unique identifiers. With more end users working from home to help combat the spread of the pandemic, organizations can no longer rely on network perimeters to secure access to systems and applications. It’s not clear whether or how much organizations will be able to transition to identity-based security frameworks, but at this point, it’s more a matter of when rather than if for most organizations. By releasing Boundary, HashiCorp is making a case for an open source approach that should accelerate that shift by reducing the cost of making that transition.
In the meantime, organizations are attempting to meld DevOps and cybersecurity workflows as part of an effort to shift responsibility for application security further left toward developers. Platforms based on software such as Boundary should eventually make it possible to incorporate identity-based frameworks into those workflows.
Of course, HashiCorp is not the only IT vendor focusing on identity. In some regards, the shift toward identity-based security is long overdue. It remains to be seen how much momentum an open source approach to identity management can garner. At the very least, however, there are a lot more IT professionals having a meaningful conversation about identity-based approaches to security than any other time in IT history.