.jpg)
Summary
This financial services customer is one of the first Canadian banks to have a cloud strategy. Their mandate was to build a cross-datacenter security mesh with robust cryptographic architecture to protect application secrets throughout the application development life cycle, and replicate them to intended destinations with secure encryption and build certificate-as-a-service endpoint to automate the certificate issuance process.
Goals Achieved
By implementing a comprehensive security strategy, the customer achieved a high level of security and protection for their applications and data, especially in a complex and distributed environment involving multiple data centers. This approach helps mitigate security risks, ensures data privacy, and enhances the overall robustness of their system.
Challenge
The Customer faced a complex task of building a secure cross-datacenter mesh to protect application secrets and automate certificate issuance while ensuring compliance and adding new features. The challenge was amplified by different infrastructure across regions, including maintenance of critical banking applications. Their solution required robust cryptographic architecture and secure replication to intended destinations.
Solution
As a leading HashiCorp implementation partner in Canada, Arctiq brought extensive expertise in this complex Vault Enterprise deployment and integration into Kubernetes environments. Arctiq fulfilled Vault Enterprise Network Load Balancing requirements, designed for Vault performance replication of secrets to cloud with selective replication with paths filter. Integration design of HSM for Vault cluster auto-unseal on-premises was done including integration of on-premises Vault for GCP/GKE-based Vault cluster auto-unseal. Arctiq wrapped up the project by providing implementation advisory services for the customer’s production environment.
Results
The production implementation was successfully executed, resulting in smooth deployments.
.png)
.jpg)
