Following a successful beta trial, HashiCorp has announced the general availability of Boundary on their cloud platform, HCP. This adds a key new aspect to HashiCorp's managed solution for zero-trust security.
First released in October 2020, Boundary is an open-source project providing identity-based access to an organization's applications and critical systems with fine-grained authorization. It does this without managing credentials or exposing an organization's network externally.
Many organizations moving to the cloud are adopting zero-trust security postures, with the new default being to trust nothing and no one, and to authenticate and authorize everything. Existing software-defined perimeter solutions such as VPNs and PAM tend to be IP-driven and laboriously manual, whereas Boundary gives transparent fine-grained access to users and hosts. HashiCorp's approach caters to multiple clouds, on-premises, and hybrid environments, reducing attack vectors and protecting data at every stage. HCP Boundary provides the third leg of HashiCorp's zero-trust security solution - alongside HCP Consul and HCP Vault - providing automated workflows for users to access critical cloud-based infrastructure. Seamless onboarding of new users and managed resources also means that the day-to-day configuration overhead of a growing cloud infrastructure is minimized.
"At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce. We think we’ve reached an important milestone for our customers by delivering a security solution built for today’s threat and infrastructure landscape." - Armon Dadgar, co-founder and CTO, HashiCorp
Boundary has been available in the HashiCorp Cloud Platform (HCP) as a beta since June 2022, and now provides a production-ready managed service for remote access to cloud-based installations. HCP Boundary builds on the open-source version by adding enterprise functionality, such as dynamic credential injection through an integration with Vault. This allows users to access Boundary-managed hosts with single-use passwordless authentication, minimizing the possibility of credential leaks.
Boundary integrates with existing identity providers supporting OIDC, such as Microsoft Active Directory and Okta, and can also automatically discover services using dynamic service catalogs from Microsoft Azure and AWS, and can also integrate with Terraform to discover resources to manage. Finally, sessions authorized with Boundary are logged and auditable, to provide usage insights into sessions and events.
As HCP Boundary is a fully-managed service, HashiCorp takes care of maintaining, managing, and scaling production Boundary deployments, relieving admins from this responsibility. HCP Boundary is available for signup now.