SlideShare ist ein Scribd-Unternehmen logo

Zero trust in a multi tenant environment

Ashnikbiz
Ashnikbiz

HashiCorp: Secure Multi-Tenancy with HashiCorp Vault

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Copyright © 2021 HashiCorp Secure Multi-Tenancy with HashiCorp Vault Secure, store, and tightly control access to tokens, passwords, certificates, encryption keys for protecting sensitive data, and other secrets in multi-tenant infrastructure. SEPT 2021
Vault Workflow Clients Auth Provider Policy Secret Engines Login and Generate Token Authentication Attach the policy Secret Management Using the Token Dynamic Secret Audit Vault tightly controls access to secrets and encryption keys by authenticating against trusted sources of identity such as Active Directory, LDAP, and cloud identity platforms. Vault enables fine grained authorization of which users and applications are permitted access to secrets and keys.
Copyright © 2021 HashiCorp The challenges of Multi tenancy How do i maintain separation but allow scalability March 2021
Copyright © 2018 HashiCorp ⁄ ▪ Database management Example – Who has the passwords? – Which Cloud? – How many do I have? SECRETS MANAGEMENT What type of tenancy Single Multi-tenant
Copyright © 2018 HashiCorp ⁄ How do you manage your data end to end encryption?
Copyright © 2021 HashiCorp The Approach Tooling that allows to achieve secure multi tenancy March 2021
Namespaces Namespaces for management, secure multi tenancy Create isolated “Vaults within a Vault” that allow for parent admins to manage configurations but permit teams to manage their own policies, secrets, and identities. ENTERPRISE ▪ Allow teams to self-manage segmented Vault environments with their own auth methods, secret engines, and policy and identity infrastructures ▪ Isolate tenant environments for security, compliance ▪ Enforce organizational compliance across isolated teams
API-driven encryption With the Transit secret engine, Vault can enable users and applications to perform cryptographic workloads without a key management infrastructure. ▪ Automate encryption, decryption, and cryptographic hashing and signing without deploying new infrastructure. ▪ Quickly create and manage keys (including rotation) without deploying complex key management servers. ▪ Support AES 256, RSA (2048 and 4096), ECDSA-p256, ed25519, chacha20-poly1305, and more. Use the Transit secret engine to handle encryption, decryption, and cryptographic signing.
Unified identity With Vault’s unified identity system, Vault can match one identity across cloud environments, applications, etc. ▪ One logical identity can be recognized with multiple aliases from separate cloud, on-prem, app environments. ▪ Use Identity Groups to simplify RBAC logic. Unified Identity: one identity across multiple environments.
Create a namespace dedicated to each team, organization, or app where they can perform all necessary tasks within their tenant namespace. Each namespace can have its own: Policies, Auth Methods, Secrets Engines ,Tokens and a Identity entities and groups Example

Empfohlen

Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultMitchell Pronschinske
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Introducing Vault
Introducing VaultIntroducing Vault
Introducing VaultRamit Surana
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 

Empfohlen

Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultMitchell Pronschinske
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Introducing Vault
Introducing VaultIntroducing Vault
Introducing VaultRamit Surana
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)CAS
 
Managing transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache AirflowManaging transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache AirflowMichael Ghen
 
Vault 101
Vault 101Vault 101
Vault 101Hazzim Anaya
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Adopting HashiCorp Vault
Adopting HashiCorp VaultAdopting HashiCorp Vault
Adopting HashiCorp VaultNicolas Corrarello
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Vault
VaultVault
Vaultdawnlua
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...SSIMeetup
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar Mitchell Pronschinske
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)CAS
 
Managing transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache AirflowManaging transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache AirflowMichael Ghen
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...SSIMeetup
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 

Was ist angesagt? (20)

HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)
 
Managing transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache AirflowManaging transactions on Ethereum with Apache Airflow
Managing transactions on Ethereum with Apache Airflow
 
Vault 101
Vault 101Vault 101
Vault 101
 
Vault
VaultVault
Vault
 
Adopting HashiCorp Vault
Adopting HashiCorp VaultAdopting HashiCorp Vault
Adopting HashiCorp Vault
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Vault
VaultVault
Vault
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite Perimeter
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 

Ähnlich wie Zero trust in a multi tenant environment

Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Ashnikbiz
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubDataWorks Summit
 
The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014Cloudera, Inc.
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data Spain
 
Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challengeStratio
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
Cloudera GoDataFest Security and Governance
Cloudera GoDataFest Security and GovernanceCloudera GoDataFest Security and Governance
Cloudera GoDataFest Security and GovernanceGoDataDriven
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Amanda MacLeod
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Amanda MacLeod
 

Ähnlich wie Zero trust in a multi tenant environment (20)

Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data Hub
 
The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014The Future of Hadoop Security - Hadoop Summit 2014
The Future of Hadoop Security - Hadoop Summit 2014
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
 
Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challenge
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Cloudera GoDataFest Security and Governance
Cloudera GoDataFest Security and GovernanceCloudera GoDataFest Security and Governance
Cloudera GoDataFest Security and Governance
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
 

Mehr von Ashnikbiz

CloudOps_tool.pptx
CloudOps_tool.pptxCloudOps_tool.pptx
CloudOps_tool.pptxAshnikbiz
 
Webinar_CloudOps final.pptx
Webinar_CloudOps final.pptxWebinar_CloudOps final.pptx
Webinar_CloudOps final.pptxAshnikbiz
 
Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)Ashnikbiz
 
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...Ashnikbiz
 
Deploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environmentDeploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environmentAshnikbiz
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsAshnikbiz
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsAshnikbiz
 
The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2Ashnikbiz
 
The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning Ashnikbiz
 
Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2Ashnikbiz
 
Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1Ashnikbiz
 
Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2Ashnikbiz
 
Reduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhereReduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhereAshnikbiz
 
Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2Ashnikbiz
 
Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1Ashnikbiz
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Ashnikbiz
 
Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2Ashnikbiz
 
Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2Ashnikbiz
 

Mehr von Ashnikbiz (20)

CloudOps_tool.pptx
CloudOps_tool.pptxCloudOps_tool.pptx
CloudOps_tool.pptx
 
Webinar_CloudOps final.pptx
Webinar_CloudOps final.pptxWebinar_CloudOps final.pptx
Webinar_CloudOps final.pptx
 
Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)
 
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
 
Deploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environmentDeploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environment
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
 
The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2
 
The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning
 
Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2
 
Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1
 
Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2
 
Reduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhereReduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhere
 
Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2
 
Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1
 
Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2
 
Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2
 

Kürzlich hochgeladen

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Zero trust in a multi tenant environment

  • 1. Copyright © 2021 HashiCorp Secure Multi-Tenancy with HashiCorp Vault Secure, store, and tightly control access to tokens, passwords, certificates, encryption keys for protecting sensitive data, and other secrets in multi-tenant infrastructure. SEPT 2021
  • 2. Vault Workflow Clients Auth Provider Policy Secret Engines Login and Generate Token Authentication Attach the policy Secret Management Using the Token Dynamic Secret Audit Vault tightly controls access to secrets and encryption keys by authenticating against trusted sources of identity such as Active Directory, LDAP, and cloud identity platforms. Vault enables fine grained authorization of which users and applications are permitted access to secrets and keys.
  • 3. Copyright © 2021 HashiCorp The challenges of Multi tenancy How do i maintain separation but allow scalability March 2021
  • 4. Copyright © 2018 HashiCorp ⁄ ▪ Database management Example – Who has the passwords? – Which Cloud? – How many do I have? SECRETS MANAGEMENT What type of tenancy Single Multi-tenant
  • 5. Copyright © 2018 HashiCorp ⁄ How do you manage your data end to end encryption?
  • 6. Copyright © 2021 HashiCorp The Approach Tooling that allows to achieve secure multi tenancy March 2021
  • 7. Namespaces Namespaces for management, secure multi tenancy Create isolated “Vaults within a Vault” that allow for parent admins to manage configurations but permit teams to manage their own policies, secrets, and identities. ENTERPRISE ▪ Allow teams to self-manage segmented Vault environments with their own auth methods, secret engines, and policy and identity infrastructures ▪ Isolate tenant environments for security, compliance ▪ Enforce organizational compliance across isolated teams
  • 8. API-driven encryption With the Transit secret engine, Vault can enable users and applications to perform cryptographic workloads without a key management infrastructure. ▪ Automate encryption, decryption, and cryptographic hashing and signing without deploying new infrastructure. ▪ Quickly create and manage keys (including rotation) without deploying complex key management servers. ▪ Support AES 256, RSA (2048 and 4096), ECDSA-p256, ed25519, chacha20-poly1305, and more. Use the Transit secret engine to handle encryption, decryption, and cryptographic signing.
  • 9. Unified identity With Vault’s unified identity system, Vault can match one identity across cloud environments, applications, etc. ▪ One logical identity can be recognized with multiple aliases from separate cloud, on-prem, app environments. ▪ Use Identity Groups to simplify RBAC logic. Unified Identity: one identity across multiple environments.
  • 10. Create a namespace dedicated to each team, organization, or app where they can perform all necessary tasks within their tenant namespace. Each namespace can have its own: Policies, Auth Methods, Secrets Engines ,Tokens and a Identity entities and groups Example