HashiCorp’s Tim Silk Shares Thoughts on Cloud, Zero Trust & More

Tim Silk currently serves as director of solutions engineering for HashiCorp’s U.S. public sector arm, a role in which he helps government agencies modernize, secure, codify and automate their information technology systems.

Silk joined HashiCorp in early 2021, bringing over two decades of leadership experience and a passion for building strong teams equipped to take on key challenges facing the public sector to the company. Prior to assuming his current position, he spent 19 years at Cisco, where he held several senior management roles within the organization’s federal unit.

In a recent Executive Spotlight interview, Silk weighed in on what cloud and zero trust mean for the U.S. government and explored the intersection of company culture and market success.

ExecutiveBiz: Migrating to the cloud inherently means an increase in digital assets and infrastructure, and a decrease in physical assets. How do you think cloud has changed the cybersecurity paradigm as traditional organizational perimeters expand and even disappear? 

Tim Silk: Cloud computing is having a profound impact on cybersecurity. All assets, whether physical or digital, must be protected. The secure perimeter of the traditional “four walls” of the agency infrastructure no longer exists. That perimeter has expanded into a heterogenous, multi-cloud environment, so the traditional paradigm of cybersecurity must evolve. With cloud, cybersecurity must expand from network-only controls to identity-based protection. No user, device or application can be trusted. Every entity in the infrastructure, whether on-prem or in the cloud, must be identified, authenticated and then authorized to act within the environment based on well-defined policies. This zero trust approach to security will allow for organizations of all types to move to the cloud in a safe and secure manner.

ExecutiveBiz: What opportunities can be unlocked with the cloud, and how do you think those opportunities will change the federal landscape?

Silk: The opportunities unlocked by the cloud revolve around speed, efficiency and cost savings, and they are already changing the landscape. Cloud computing eliminates the need for do-it-yourself approaches to IT and thus saves time and money on the evaluation, procurement, deployment and maintenance of physical solutions. The ability to lease such services through the cloud rather than build them is profound and helps IT leaders maintain the balance of skills across existing O&M and new tech. A new balance is emerging between owning infrastructure with capabilities that must be permanently in place and services that can be rented for periods of increased demand. IT services will continue to become more of a utility, like electricity. Speed, efficiency and cost savings will accelerate as this balance takes shape.

ExecutiveBiz: Tell us about HashiCorp’s culture and values. What aspects of the company do you think are contributing most to its success in the market while helping to attract and retain top-level talent?

Silk: HashiCorp’s culture fosters innovation and collaboration. The company began as a product-led business and still today upholds a mindset of creativity and collaborative innovation. We make great technology that solves real problems in the growing cloud ecosystem, but we also seek to build relationships and simplify technology so we can help our customers solve real problems to help our government effectively serve, protect and educate the nation.

HashiCorp values pragmatism, communication, vision and execution, which help drive the business and keep the company focused on its priorities and strategic objectives. In addition, HashiCorp holds values that truly define how its employees interact with customers, partners and each other. These values are integrity, kindness, humility, reflection and “beauty works better.” Two of these latter values align with everything we do at HashiCorp. The first is reflection, which speaks to looking back and learning from our experiences, good and bad. The second is “beauty works better.” We believe that a little extra attention to detail can make all the difference. It shows thoughtfulness and purpose in our work that reflects on everything we do and every interaction we have across the company and the marketplace.

ExecutiveBiz: Where are you seeing opportunities for expansion in HashiCorp’s portfolio? What new capabilities or markets are you eyeing?

Silk: Cybersecurity remains a critical aspect of all IT. The focus of protecting systems and assets has shifted toward zero-trust  trust nothing and authenticate and authorize everything. The new paradigm for security centers on identity. We must know who and what are on our infrastructures and what those entities are authorized to do, if anything. Creating an identity-centric security architecture is key to securing today’s IT because the infrastructure is no longer in a single place or controlled by a single provider. Cloud computing changed the game and forced organizations to rethink security. The need for zero-trust architectures is the opportunity.

There are two aspects of zero trust. The first is to increase visibility into our systems and infrastructures to monitor everything that is happening. The second is to architect security with zero trust in mind. Given the complexity of government infrastructures, often built years ago, modified and expanded over years via directives and mandates, visibility can be a daunting task. Many organizations continue to spend on visibility, monitoring and threat detection to keep pace with accelerating threats. However, government organizations must re-orient their core security architectures to zero trust. HashiCorp is poised to answer the challenge with HashiCorp Vault, the core to a zero-trust architecture that includes identity brokering across any set of identity providers and a secure secret store to manage and dynamically inject and rotate secrets for critical systems across organizations. Further, HashiCorp Consul and HashiCorp Boundary work with Vault to provide secure machine-to-machine and human-to-machine communications, respectively. These solutions allow government organizations to establish a core zero-trust architecture that simplifies visibility and monitoring and creates a well-architected, zero-trust security framework.

ExecutiveBiz: In your opinion, what will zero trust success look like, and what is your company doing to help federal customers achieve that success?

Silk: HashiCorp is working with trusted partners to create joint solutions that map to 100 percent of the Department of Defense zero trust security controls. Efforts like this will also help civilian agencies adhere to the White House zero trust directive, which will be a great step towards achieving zero trust success. As stated earlier, HashiCorp is focused on establishing a core zero-trust architecture that simplifies the visibility and monitoring needs of critical government infrastructures. Success will be achieved when government organizations control and maintain well-architected identity security that authenticates every entity and then implements authorization for each identity at a highly granular level. In a zero-trust environment, trust means one identity for one and only one resource within a limited time.