HashiCorp Delivers Sentinel, a Policy as Code Framework for Cloud Infrastructure Automation

Sentinel Will Help Large Organizations Accelerate Cloud Adoption by Setting Policy Guardrails for Automating IT Operations via the HashiCorp Enterprise Products


AUSTIN, TX--(Marketwired - Sep 19, 2017) - Today at HashiConf 2017, HashiCorp, a leader in cloud infrastructure automation, released Sentinel, a policy as code framework that the company is embedding into its enterprise product suite to enable automated, fine-grained, logic-based policy decisions to control the many types of infrastructure supporting modern applications.

"We see Sentinel and its policy as code framework as the next phase of HashiCorp's infrastructure automation mission," said Mitchell Hashimoto, founder and co-CTO of HashiCorp. "Infrastructure as code was the first phase, which enables codification and automation for the four main components of infrastructure -- core infrastructure, security, networking, and the application runtime. While infrastructure as code empowers more users to create and manage infrastructure, it comes with risks as less experienced users could make significant mistakes that impact business operations. Sentinel limits exposure by codifying business and regulatory policies to ensure infrastructure changes are safe, and making organizations' adoption of cloud more manageable. Together, infrastructure as code and policy as code empower users to safely and quickly provision, secure, connect, and run any infrastructure for any application."

HashiCorp announced Sentinel integration today as part of the newest enterprise releases of HashiCorp Vault, HashiCorp Consul, and HashiCorp Nomad. In addition, HashiCorp plans to release HashiCorp Terraform Enterprise with Sentinel integration within 30 days.

"We're pleased to have had the opportunity to collaborate on such an innovative solution," said Kieran Broadfoot, CTO of Hosting at Barclays. "Sentinel's policy as code approach will give us the ability to implement regulatory control in a more proactive manner, giving us more confidence in our automation stack. With Sentinel, our investment in the HashiCorp enterprise suite will go much farther."

Integrating Sentinel into the HashiCorp enterprise products has several benefits, enabling customers to:

  • Treat policy as code. Sentinel lets customers handle policy in the same way they develop an application -- with version control, code review, and automated tests. Customers can use flexible, high-level logic to determine policy decisions beyond the limited constraints of typical ACL systems
  • Enforce fine-grained, condition-based policy. Sentinel can reject actions on any available input rather than coarse-grained read, write, and administration policies. Sentinel can make policy decisions using rich logical constructs
  • Prevent violations before they happen. Sentinel is embedded so it can enforce policy in the data path, actively rejecting violating behavior instead of only passively detecting it. It can also provide continuous passive enforcement to handle drift or changing policies
  • Integrate external information for dynamic policies. Sentinel can source external information to make context-sensitive policy decisions. For example, a policy can query change management tools to ensure proper procedures have been followed before making changes. Service traffic information can be used to prevent causing outages of online services
  • Use in multi-cloud environments. Sentinel allows users to manage the nuances of multi-cloud environments to ensure infrastructure changes are within business and regulatory policy for each cloud infrastructure provider
  • Enforce policy at multiple levels. Advisory, soft-mandatory, and hard-mandatory levels allow policy writers to alert on or reject offending behavior

By integrating Sentinel with each HashiCorp enterprise product, HashiCorp gives customers a broad range of possible uses, at multiple layers of an organization's infrastructure. In addition, Sentinel includes a simple, flexible language that lets customers write their own, very specific policies linked to one of these products.

Using Sentinel and the HashiCorp enterprise products, customers can create policies that:

  • Do not allow resources to be provisioned without tags (Terraform)
  • Restrict which types of cloud resources can be provisioned (Terraform)
  • Enforce secure defaults for network ingress/egress rules (Terraform)
  • Only allow jobs that use the Docker driver (Nomad)
  • Restrict applications to using less than 500 MB of memory (Nomad)
  • Only allow access if the user logged in within the last hour (Vault)
  • Only allow access to users that authenticated via a specific backend (Vault)
  • Restrict service discovery to particular geographic regions (Consul)

For detailed information and documentation about Sentinel and policy as code, visit https://www.hashicorp.com/sentinel/ or the HashiCorp blog announcing the Sentinel capabilities.

About HashiConf 2017
HashiConf 2017 is HashiCorp's third annual user and technology conference for organizations adopting cloud technologies and accelerating their use of DevOps principles. The conference takes place September 18-20 at the J.W. Marriott in Austin, TX, and features speakers from Adobe, Barclays, Box, eBay, Fastly, Google, Joyent, Microsoft, PagerDuty, Under Armour, and others. Google Cloud is the Platinum Sponsor; other top-level sponsors include AWS, Microsoft, Bridgewater Associates, Datadog, DigitalOcean, Gruntwork, and LogicMonitor. For more information, visit https://www.hashiconf.com.

About HashiCorp
HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.

Contact Information:

Media and Analyst Contact:
Amber Rowland
amber@therowlandagency.com
+1-650-814-4560