Vault Enterprise: Aligning the solution for security, scalability

Confidential Client

FORTUNE 100 / GLOBAL INSURANCE CO.

‍

‍

Challenge

Trility has successfully completed previous engagements with this client to assist in the development and evolution of an enterprise cloud security framework. In addition, we helped select and implement HashiCorp Vault Enterprise for storing and managing secrets. Due to attrition, this client had limited capacity to leverage the expanded features and functionality in order to improve security and performance, including more complex requests and managing types and classifications of secrets.

Solution

The client also determined it needed a standalone, automated continuous delivery pipeline for Vault Enterprise that also performed a tier above Terraform Enterprise. The existing implementation was working in parallel and needed several upgrades before the data could be migrated to the new solution for minimal disruption.

Due to the complexity of the project and the existing team’s capacity and limited experience with Vault Enterprise, Trility was invited back to assist in deploying the new pipeline and develop procedures for upgrades and management of the tool, including training and documentation for a seamless handoff to the client’s team. 

Outcomes

A standalone, automated continuous delivery pipeline allowed for:

• Dynamic credentials 
• Closed the gaps for areas that were not fully compliant with internal cloud security framework standards
• Achieved four-nines availability (99.99%) including the implementation of a disaster recovery process using performance clusters
• Minimal disruption to service as the work and data migration was completed during outage windows
• Positioned the team to maintain and customize the solution for future needs by providing hands-on training, videos, READMEs, how-to via code, how-to upgrade, how-to scale horizontally, and troubleshooting what-if scenarios

Recommendations

Trility provided several recommendations throughout the project as Vault Enterprise is a hands-on tool that requires version upgrades that are critical for enterprise security. During the project, Trility determined the client's Vault Enterprise received more than 8 million calls every 30 days. If the pipeline is not kept up to date and highly-available, it could lead to teams across the enterprise coming to a standstill.

Trility provided recommendations for the level of complexity in building the solution and designed it to align with the client’s best practices for how the client manages failovers and deployment locations. The build is easily adjustable for heavy usage and horizontal growth to ensure Vault Enterprise administrators could confidently own the solution and maintain and customize it for future needs and growth.

Due to the number of requests Vault Enterprise handles, Trility also recommended different hardware that would more reliably handle the current and future level of requests. The solution also required a smaller footprint for servers using local storage and less AWS resources.

Results

• Increased automation
• Additional scope delivered
• Met schedule and budget requirements
• Provided recommendations
• Training and documentation
• Created reusable patterns
• Reduced cost of acquisition, cost of ownership, and technical debt
• Increased scalability for current usage and across multi-regions

Automate How You Manage Secrets & Protect Data

Trility helps clients improve security and performance that helps companies achieve top- and bottom-line growth across the enterprise through predictable, repeatable, and auditable methods.

Learn how Trility can help your team leverage HashiCorp Vault and other automated, agnostic cloud solutions.