Reviewed applications and databases in urgent need of dynamic rotation of credentials. This assessment involved a deep dive with customer teams, identifying requirements that provided vital inputs for our solution design. This included a review of the existing on-prem and cloud architecture.
"Integrate security into every phase of your cloud journey- Put zero trust into action."
Challenges this customer was facing:
- The database/system administrators and developers were storing the database credentials on their local devices.
- These database credentials were stored in plain text and not encrypted.
- No policy enforcement of password rotation.
- Database passwords were scattered throughout the enterprise in undocumented locations.
- Some databases had unchanged passwords for extended periods of time.
- There were database passwords stored on source control repos that had no audit trails.
- Expensive compliance audit failures.
- High-Level target state Vault architecture (including DR).
- Summary of Phase 1 Vault architecture, including secrets engines, namespace design, authentication design, policy design, workflows, and overall Vault configuration
- High-level documentation of planned future implementation phases, where applicable (e.g.,future functionality expansion such as new secrets engines)
- DevSecOps review (CI/CD workflows, security, IAM, network, etc.)
- Management presentation summarizing findings including a list of assumptions issues/concerns System,
- database admin and application dev training of Vault API, UI and CLI
- Admins and developers relieved of the burden of secure database password management, as Vault now takes care of dynamically rotating passwords, while providing seamless role-based, role-appropriate access .
- Greatly improved application and database security, once developers and admins are trained to use Vault's API to store and retrieve passwords from the Vault.
- Vastly improved access control, auditing and oversight of database secrets.
- Automation/integration of secrets management, reducing overhead, costs and potential for pilot errors.
- Regulatory (e.g., FIPS) compliance capability.
Service Timeline and High-Level Milestones
- Assessment phase: 6-8 weeks.
- Design phase: 2-4 weeks.
- Implementation phase (key phase 1 users): 8-10 months.