Auditing and Compliance

HashiCorp Terraform, our infrastructure as code solution, provides a consistent CLI workflow to manage hundreds of cloud services. Terraform allows organizations to ensure infrastructure is built and managed in a compliant manner at scale. Easily create and standardize workflows that ensure tools and processes remain compliant.   

• Infrastructure as code: Terraform allows teams to automate everything through code, to establish and maintain compliance more easily with hardened modules ensuring the organization efficiently provisions vetted, secured, and standardized infrastructure.
• Version control system (VCS) connection: Terraform connects to major VCS providers allowing for automated versioning and running of configuration files.  
• Infrastructure state: State files provide a holistic view of current and previously configured versions of your infrastructure. This allows for easier compliance checks and restoration of previously compliant states through state automation.
• Policy as code: HashiCorp Sentinel creates and enforces policy as code, eliminating the need to review changes as policies are codified and enforced, meaning that noncompliant code isn’t run.

HashiCorp Packer allows for easy creation of identical machine images that are verified as compliant across multiple platforms from a single source configuration.   

• Reliably create and manage machine images: Generate new machine images for multiple platforms, launch and test, and verify that the infrastructure changes work and remain in compliance.
• Improved stability and productivity: By provisioning instances from confirmed stable and compliant images, you can ensure buggy, non-compliant software does not get deployed and reduce time wasted on manual verifications.

HashiCorp Vault enables organizations to easily manage secrets, protect sensitive data, and control access tokens, passwords, certificates, and encryption keys to conform to your relevant compliance framework.  

• Manage secrets and protect sensitive data: To maintain compliance, it is critical to manage secrets that provide access to applications, systems, and endpoints as well as application data itself. Vault allows you to centrally store, access, and deploy secrets across applications, systems, and infrastructure.
• Data encryption and tokenization: Secure application data with one centralized workflow that resides in untrusted or semi-trusted systems outside of Vault. Vault’s various data protection capabilities are designed to satisfy a full range of security and compliance needs to simplify protecting data across clouds and data centers.
• Protect critical systems and customer data: Vault helps organizations reduce the risk of breaches and data exposure with identity-based security automation and Encryption-as-a-Service.
• Advanced auditing and reporting: Audit devices to keep a detailed log of all requests and responses to Vault. Because every operation with Vault is an API request/response, audit logs contain every authenticated interaction. These can be configured to be sent to any combination of multiple audit devices to accelerate reporting, creating duplicates that help prevent data loss or tampering.

HashiCorp Consul is a networking solution built for dynamic, cloud environments, that is optimized to ensure secure networking best practices. Consul helps organizations discover and securely connect services running in any environment. 

• Discover services: Consul is a dynamic service registry that can be leveraged as a single source of truth for any service running across all environments. This allows regulated industries to operate in the cloud with the ability to provide the same auditing and reporting as their legacy data centers.
• Secure networking: Regulations and policies for networking typically center on having a strong security posture and low tolerance for risk. With Consul, organizations can take a “defense in depth” approach, pairing it with tools like Vault and Boundary to implement a zero trust solution.
• Automated networking: Consul provides the ability to automate Day 2+ processes using Consul-Terraform-Sync. This integration enables Consul to trigger Terraform runs based on predefined tasks, triggered when changes are made to specific services. These can then be validated against Sentinel policies, reducing risk and creating added protection.
• Access services: Service mesh provides the means to manage traffic patterns and ensure secure connectivity between services in an east-west pattern. Further leverage Consul API Gateway to manage traffic from a north-south perspective, allowing organizations to control traffic to the service mesh at the point of entry and provide secure connectivity with external clients.