Skip to main content

Secure Your Online Databases with Vault, Now!

Is there a point in another scare-tactic blog about online corporate security risks to businesses trying to survive in the Roaring ‘20’s?  We all know the risks with online data access are massive (how long is a piece of string anyway?), but if you want to go swimming, you need to get in the pool, amirite?  And in that pool with you, no doubt fouling it up, are the many different types of hackers trying to get a piece of your data. From rogue employees with a grudge, to banks that still physically send tapes down the road, to the economically vibrant world of ransomware, bad actors wear different hats these days, red, black, white, and everything in between. Why they are after your data is less concerning than what they may do with it – the threats are real, and oh so ever-present.

The hill can seem insurmountable however.  Hax0rs have seemingly endless resources, and of course don’t play by the legal rules, like you must. So you spent boatloads of IT budget on security tooling, you evolved to HTTPS, and (hopefully) use key pairs with a physical HSM to access critical data, but you know that’s no longer enough. The safety of your business requires users to be diligent and proficient in their credential management.  Of course you’re positive that your well trained internal teams aren’t writing passwords on post-it notes, or repeating their master password on all their social media logins, and I’m absolutely sure they are self-rotating their c0mpLex1 passwords monthly….right?!?  Not only do your employees require access to restricted data and apps, your external vendors and partners do as well. We’re all human, the weakest link…and using “Passw0rd” everywhere is so much easier.

Your data and applications require a simple and integrated method for securing access for only your known elements (such as employees, external partners, even applications and databases). You then must ensure those known elements are managing their credentials effectively, all while taking the burden off your people. Lastly you need extreme visibility and auditability. That’s HashiCorp Vault.  Simple, open, and locked down tight.  But it sounds like a big hill to climb…back to that.  Most security platforms promising to let you sleep at night come with big costs, and not just licensing.  Proprietary software, client side code wrappers, disparate versions for different environments, and an endless amount of learning for your developers and users.  It can seem overwhelmingly complicated, and so many organizations end up simply doing “enough”.  Ideally what’s being done is “enough” to keep out of the papers, and “enough” to stay off the ransomware short list, but that’s the risk.  

The good news: Setting up a Vault isn’t as complicated as you might think. Even better, you can adopt Vault capabilities thoughtfully, step-by-step rather than boiling the ocean and rewriting all your code. Why not get started today?  Let’s protect your critical online corporate databases.

How to start protecting your database data in three easy steps:

Step 1 – install HashiCorp Vault
Step 2 – integrate a secrets engine for your DB of choice
Step 3 – generate, store, and rotate your secrets!

Ok, so maybe there are a few more keyboard swipes, but it’s absolutely doable in your organization right now!  With Vault protecting your online databases, you get a secrets engine that integrates with your specific DB (Oracle, Influx, MySQL, Couchbase, etc.), static secrets with forced rotation for your human users, dynamic rotating secrets for your authorized app-to-DB authentications, and you can even offload encryption to Vault.  The value is no long standing shared credential as every service/human is accessing the DB with unique credentials, it makes auditing much easier when questionable data access is discovered.  The only application coding required is to remove those hard-coded plain text passwords and store them in a Vault.  You can also integrate with any Hardware Security Modules (HSM’s) you may have in your datacenter to get full FIPS compliance for unsealing your master codes, and reuse your investments in technology.  

With these simple investments in security, and some assistance from Arctiq consultants, you, your users, and your approved external parties, now have secure audited access to your most critical assets online.  Arctiq designs and deploys custom HashiCorp Vault integrations for our clients’ critical applications and their access to data.  From use-case consulting, to application development sprints, to user education – We Service Vault Innovation.  Join Arctiq’s own Marc LeBlanc at HashiConf Global on October 19th and 20th where he will be showcasing the creation of on-demand Vault secrets for short-lived app-to-app communications.

Arctiq supports our global Fortune 500 level clients on Vault use cases, and we can help secure your use case as well!  Contact us now to begin your Arctiq journey. 

Share this story

Mike Morrison

Mike is President and co-founder of Arctiq.