Skip to main content
Case Study

How Vault and Boundary helped BT improve security without compromising user experience

Published 12:00 PM UTC Sep 19, 2024

Software nudges culture, and when it comes to adopting modern security approaches, the HashiCorp SLM combination of Vault and Boundary led to a culture at British Telecom (BT) where security tools and practices are seen as enablers rather than hindrances to productivity.

»A security sea change

The telecom industry is not only preparing for the Telecom Security Act, but also trying to manage cloud transformations in parallel. The new regulations require changes, particularly regarding trust boundaries and network segmentation. British Telecom (BT) is dealing with the challenges of managing access to different systems. There's been a traditional reliance on SSH for secure connections, which can lead to poor credential management practices.

»Concerns and goals

The three main concerns in modern security are privileged access management (PAM), identity access management (IAM), and credential / secrets management, emphasizing the need for strong, dynamic credential management to mitigate risks, such as supply chain attacks. The SolarWinds incident is a recent, major example of the harm that can come from these types of attacks.

BT's goal is to secure credentials and facilitate safer remote connections, aiming to improve both security and user experience. But it's a challenge, because those two things are often at odds. Many security professionals feel that it's a trade-off; you can't improve security without reducing the quality of the user experience.

»What BT did

BT is moving toward a passwordless experience. They've already seen it significantly reduce the risk of credential theft. While employees previously had to manage many passwords manually, their new Security Lifecycle Management (SLM) system from HashiCorp, using HashiCorp Vault and Boundary, provides dynamic and one-time credentials that make access easier and more secure.

It was a worthwhile transition from manually managed credentials to automated, machine-to-machine credential management systems (i.e. Vault), which improved security practices. The benefits of Vault and Boundary included:

  • Increased efficiency

  • Stronger user engagement

  • Reduced friction associated with accessing systems

With Vault and Boundary, BT successfully eliminated around 50,000 unnecessary credentials and moved toward a fully passwordless environment for all employees and subcontractors. Overall, their implementation fosters a culture where security enables rather than hinders productivity.

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources

Manage cookies

HashiCorp uses data collected by cookies and JavaScript libraries to improve your browsing experience, analyze site traffic, and increase the overall performance of our site. By using our website, you’re agreeing to our Privacy Policy and Cookie Policy.

The categories below outline which companies and tools we use for collecting data. To opt out of a category of data collection, set the toggle to “Off” and save your preferences.