Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Case Study

How Vault and Boundary helped BT improve security without compromising user experience

Published 12:00 PM UTC Sep 19, 2024

Software nudges culture, and when it comes to adopting modern security approaches, the HashiCorp SLM combination of Vault and Boundary led to a culture at British Telecom (BT) where security tools and practices are seen as enablers rather than hindrances to productivity.

»A security sea change

The telecom industry is not only preparing for the Telecom Security Act, but also trying to manage cloud transformations in parallel. The new regulations require changes, particularly regarding trust boundaries and network segmentation. British Telecom (BT) is dealing with the challenges of managing access to different systems. There's been a traditional reliance on SSH for secure connections, which can lead to poor credential management practices.

»Concerns and goals

The three main concerns in modern security are privileged access management (PAM), identity access management (IAM), and credential / secrets management, emphasizing the need for strong, dynamic credential management to mitigate risks, such as supply chain attacks. The SolarWinds incident is a recent, major example of the harm that can come from these types of attacks.

BT's goal is to secure credentials and facilitate safer remote connections, aiming to improve both security and user experience. But it's a challenge, because those two things are often at odds. Many security professionals feel that it's a trade-off; you can't improve security without reducing the quality of the user experience.

»What BT did

BT is moving toward a passwordless experience. They've already seen it significantly reduce the risk of credential theft. While employees previously had to manage many passwords manually, their new Security Lifecycle Management (SLM) system from HashiCorp, using HashiCorp Vault and Boundary, provides dynamic and one-time credentials that make access easier and more secure.

It was a worthwhile transition from manually managed credentials to automated, machine-to-machine credential management systems (i.e. Vault), which improved security practices. The benefits of Vault and Boundary included:

  • Increased efficiency

  • Stronger user engagement

  • Reduced friction associated with accessing systems

With Vault and Boundary, BT successfully eliminated around 50,000 unnecessary credentials and moved toward a fully passwordless environment for all employees and subcontractors. Overall, their implementation fosters a culture where security enables rather than hinders productivity.

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources