.jpg)
Summary
A Canadian Telecommunications company offering commercial and residential networking services was seeking to improve its security posture by implementing encryption-at-rest for all systems in its on-prem data centers. This strategic objective was part of a larger initiative to explore other ways of improving security posture by implementing secrets management across the entire organization. In today's digital landscape, where cyber threats are ever-present, encryption-at-rest has become an essential component of a comprehensive cybersecurity strategy.
Goals Achieved
Encryption-at-rest was implemented without requiring configuration of guest operating systems. Management of encryption keys was centralized. Arctiq designed a solution that met the customer’s requirements and delivered a set of Ansible playbooks to automate the deployment of the solution.
Challenge
Managing physical hardware introduces the possibility of potentially mishandling of physical disks, which represents several problems and risks to the organization. These include exposure of sensitive customer data, operational disruption, financial impact and reputation damage.
Solution
The KMIP secrets engine (which is one of the features of Vault Enterprise Advanced Data Protection) was enabled. By utilizing Vault’s KMIP secrets engine, the organization was able to centrally manage encryption keys, which simplified key administration and enhanced security. VMWare’s vSAN was then configured to use Vault’s KMIP server to enable its encryption-at-rest feature. By combining Vault’s KMIP secrets engine with VMWare’s vSAN encryption-at-rest feature, the organization created a comprehensive and well-integrated solution that addressed data security and management challenges while leveraging proven technologies in the industry.
.jpg)
