Palo Alto Networks and HashiCorp Secure the Cloud Operating Model

Sep 21, 2021
6 minutes

Prisma Cloud has partnered with HashiCorp to deliver zero trust security built for an integrated, multi-cloud world

As companies shift to cloud-first business models, they depend on innovative cloud technologies to achieve security, automation, and scale. Together, Palo Alto Networks and HashiCorp have simplified the security of building and operating at scale in the cloud, and you can learn our approach in our Securing The Cloud Operating Model whitepaper.

“By giving our shared customers a roadmap to modernize their existing security investments with Palo Alto Networks, our joint Cloud Operating Model provides a path to automate and secure customer workloads now and, in the future,” said Asvin Ramesh, Senior Director, Alliances at HashiCorp.

“Modern enterprises require a comprehensive cloud security framework, one that is embedded into software development practices and also automated across the lifecycle,” said Matthew Scott, Senior Director of Business Development at Palo Alto Networks. “Together, Palo Alto Networks and HashiCorp empower organizations to securely adopt the cloud operating model. HashiCorp and Palo Alto Networks are committed to enabling enterprises to easily access and gain the significant benefits of a secure cloud operating model with our closely integrated suite of security solutions. We are excited to offer this security whitepaper to our customers to guide them to operate successfully in the cloud.”

Secure Solutions That Solve for Cloud Complexity

The fastest path to security value in modern cloud environments is adoption of infrastructure-as-code (IaC) and security automation. For instance, DevOps teams can automate the building and security of their cloud infrastructure by leveraging Terraform by HashiCorp and DevSecOps by Prisma Cloud. Unlike legacy security tools, the integrated Prisma Cloud and HashiCorp solution reduces human effort to deliver secured, scalable applications faster through automation and with an embedded security approach across the entire lifecycle.

And we know cloud security is complex: four out of five survey respondents (80 percent) in our State of Cloud Native Security Report said their cloud infrastructure is constantly evolving. Indeed, making secure transformation to auto-scaled and dynamic cloud delivery is a challenge when cloud native infrastructure may be easily exploited if not appropriately configured. Likewise, assessing vulnerabilities in your code or open source software (OSS) from public repositories requires an integrated scanning approach for compliance across the full lifecycle of build, deploy, and run phases.

Securing the Cloud Operating Model with Prisma Cloud

Prisma Cloud delivers visibility for your entire cloud infrastructure, including Terraform and Kubernetes cloud security posture, in order to give you a full bill of materials (BoM) of all the library and package dependencies used as part of your applications along with the vulnerabilities that exist in them. Integrated data security by Prisma Cloud also allows you to classify all the data into your Amazon Web Services (AWS) S3 buckets, with many pattern classifications to secure personally identifiable information (PII) and other sensitive data.

With Prisma Cloud, security integrity checks are embedded across networks and throughout the entire application lifecycle to ensure vulnerable packages are never deployed while continually alerting on any new vulnerabilities or compliance policy violations. With our approach, DevOps teams can conveniently perform IDE-integrated scans for library dependencies at the same time they develop their IaC specifications, and—because Prisma Cloud Defenders automatically learn the behavior of your applications—full lifecycle protection is both automated and works seamlessly with HashiCorp technologies.

Figure 1. Secure networks, infrastructure, and secrets management with integrated Palo Alto Networks and HashiCorp solutions
Figure 1. Secure networks, infrastructure, and secrets management with integrated Palo Alto Networks and HashiCorp solutions

Secure Connectivity with VM-Series NGFWs and HashiCorp Consul

The integration between HashiCorp Consul and Palo Alto Networks VM-Series Next Generation Firewalls (NGFWs) automates the discovery and policy updates of new applications and services to free up your security teams.


Figure 2. HashiCorp Consul service discovery integration with VM-Series NGFWs
Figure 2. HashiCorp Consul service discovery integration with VM-Series NGFWs

HashiCorp Consul-Terraform-Sync (CTS) incorporates a publisher-subscriber paradigm that monitors Consul for service updates. Whenever Consul registers a change, CTS triggers a run-book automation workflow through Terraform to appropriately apply security policy to your Palo Alto Networks VM Series NGFW or Panorama instances. Without any manual effort, teams gain the benefit of seamless and automated security supporting the most highly dynamic and elastic cloud workloads.

Shifting Security Left with Prisma Cloud and HashiCorp

To effectively support the explosive adoption of IaC by many DevOps teams, cloud native Prisma Cloud delivers reproducible deployments that natively integrates cloud security and compliance early in the development phase and throughout the lifecycle.


Figure 3. Reproducible IaC practice using layered security for full lifecycle control
Figure 3. Reproducible IaC practice using layered security for full lifecycle control


With integrated Prisma Cloud and HashiCorp Terraform technology, teams can easily embed automated and cloud native security early in the development lifecycle and provide DevOps teams with a way to plan and provision resources inside CI/CD workflows by using their own familiar tools throughout.

Automated discovery and native controls ensure automated compliance enforcement for repository scanning of infrastructure templates and code, and seamless integration with the Palo Alto Networks Cortex platform of pre-built remediation playbooks and best practice guidance.

Integrated, auto-scaling Prisma Cloud security paired with consistent Terraform templates means teams are free to deploy innovation and complex cloud architectures at accelerated rates with full elasticity and automation to meet spikes in demand while saving on operational costs.

Securing Your Secrets with Prisma Cloud and HashiCorp

Cloud teams also have a lot of secrets embedded into their application code (a common challenge with applications running in production). So, enforcement of best practices and best hygiene for secrets management is another cloud security requirement.

With Prisma Cloud and the HashiCorp Vault integration, application developers can create containers and Prisma Cloud will seamlessly intercept, identify any secrets referenced in your application manifests, fetch the secrets from HashiCorp Vault, and perform just-in-time integration and insertion of these secrets into your containers to ensure availability for the duration of the application deployment. This supports a modern, automated, and secure CI/CD pipeline for cloud teams and cloud business success.

Securing Innovation and Scale with Prisma Cloud and HashiCorp

A picture containing chart Description automatically generated

Palo Alto Networks and HashiCorp are committed cloud security and innovation partners that continuously deliver integrated and seamless cloud solutions that perform for customers and accelerate their business.

Our joint paper on Securing the Cloud Operating Model is our guide prepared for you to help move toward integrated infrastructure and workload protection that accelerates operations in a multi-cloud world.

Read our cloud security whitepaper to discover and learn how to provision, connect, and securely build and run cloud native infrastructure and applications. Teams can also gain perspective on how to “shift” cloud security left with our many workshops including the Bridgecrew and HashiCorp Terraform AWS Dev Day and the Consul-to-Terraform Sync workshop.


We hope to see you soon!





Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.