Recognizing the Value of Vault

4/30/20

By STS Cloud Security Practice lead, Tony Lutz

What is a Vault solution?

Vault is a secrets manager; a solution where sensitive information, such as passwords, are stored and retrieved securely. To fully understand the value of Vault, you must understand the importance of secrets management. Secrets management refers to the tools and methods that go into managing digital authentication credentials:

  • Passwords
  • Encryption/SSH Keys
  • Certificates
  • Tokens
  • APIs


All of which are used to protect sensitive data within an IT ecosystem. They are critically important tools that allow organizations to authenticate users and applications – providing access to sensitive systems, information, and or services.

Vault functionality allows secure data storage and retrieval. A common use case could include a database connection string. Application servers need a database connection string to communicate with the database, like your own username and password for your personal accounts. What happens, in this case, is a connection string allows an application server to utilize a username and password to login to the desired database. Simply put, Vault allows identities like application servers, the ability to retrieve secrets. With those secrets, the server can access a database or other system that necessitates credentials for access.

The key is to transmit these secrets securely and use best practices to mitigate security risks whether the information is being transferred or stored. Vault accomplishes this by working with trusted identities. Those identities include servers or applications.

Top reasons to choose Vault functionality

Prevents vendor lock-in

Vendor lock-in is common when an organization starts working within a certain ecosystem. Once that happens, experts say, it’s hard to get out. By using a tool like Vault, the customer doesn’t get locked into a specific public cloud (think AWS, Google, Microsoft) provider’s environment. This solution is cloud agnostic. It works with any cloud environment as well as on-premises.

Customer freedom and efficiency

The Vault solution allows the client to move as necessary in the future. Everything is in one centralized place that is compatible with all the cloud systems. Another plus for the customer? A centralized management process can be achieved easily and quickly.

Versatility

Vault allows customers to be more agile and efficient. It also gives them the ability to incorporate dynamic secrets which can be tied to highly configurable leases. Meaning, Vault allows the client to highly customize its secrets management solution while providing many more features for customization than its peers.

Unique features

This customizable, open source solution can run as a plug-in functionality and be used to add additional functionality to other solutions as well. One plugin of note is the SSH/CA engine. This allows administrators the ability to login to Linux machines without needing an automated solution for access. This alleviates the high overhead of managing SSH keys and demonstrates how agile Vault is.

Secrets managers in the cloud are managed solutions – someone is overseeing it. With Vault, IT decision makers do not have to worry about infrastructure. It is important to note that Vault requires a security expert to administer the solution, implement security best practices, and successfully deploy and maintain the functionality.

Bottom line

As security needs become more sophisticated and greater threats to system integrity loom, the right secrets management tools are imperative to creating an agile, efficient, and secure environment to store and transmit privileged information. However, the IT professional must incorporate a holistic approach to security, keeping in mind the customer’s need to scale, access, maintain, and customize its security platforms.

Recent Deals

Interested in advertising your deals? Contact Edwin Warfield.