Securing Hitachi Virtual Storage Platform 360 with CyberArk Privileged Access Management

By Karthik Raja Balasubramanian posted 11 days ago

Like

Summary

As organizations scale their storage environments, the number of privileged credentials grows just as fast. Service accounts, administrator logins, and storage device passwords all control access to mission-critical data. When these credentials are managed manually or left static, they quickly become a serious security risk.

This is where the integration between Hitachi Virtual Storage Platform 360 (VSP 360) and CyberArk Privileged Access Management (PAM) delivers real value.

Together, Hitachi Vantara and CyberArk provide a secure, automated way to manage privileged credentials across the entire storage management stack from the VSP 360 control plane down to individual Hitachi VSP block storage arrays.

Why Privileged Access Matters for Storage

Storage platforms sit at the core of the enterprise. A single compromised administrator account can lead to data loss, ransomware, or service disruption.

Yet in many environments:

Passwords are shared across teams.
Service account secrets are rarely rotated.
Device credentials are changed manually, if at all.

Security frameworks such as NIST CSF, PCI-DSS, HIPAA, and SOX require privileged credentials to be securely stored, rotated, and audited. CyberArk PAM solves this challenge and now integrates directly with VSP 360 to do it natively.

What the Integration Covers

VSP 360 manages several types of privileged credentials:

Service accounts used for API and system-to-system communication.
Local user accounts used by administrators to access the platform.
Block storage device credentials used to manage enrolled VSP arrays.

The CyberArk integration provides complete lifecycle management for all of them through three CPM plugins and one PSM web connector.

CyberArk connects to VSP 360 using secure OAuth2 service account credentials and short-lived JWT tokens, with all communication over TLS.

Architecture overview of CyberArk PAM integration with Hitachi VSP 360 and VSP One Block:

Four Components, One Secure Workflow

Service Account CPM Plugin

Automatically rotates secrets for VSP 360 service accounts (Keycloak clients), eliminating long-lived static secrets.

User Account CPM Plugin

Rotates passwords for VSP 360 local users such as admin and secadmin, with built-in reconcile support to recover from out-of-sync scenarios.

Block Device Usage Plugin

Ensures VSP 360 stays in sync when CyberArk rotates a block storage array password, preventing connectivity loss or management gaps.

PSM Web Connector

Provides secure, recorded browser access to the VSP 360 UI. Credentials are injected automatically - administrators never see or handle passwords.

Why the Block Device Plugin Is a Game-Changer

When CyberArk rotates a block storage password, VSP 360 must immediately know the new credential. Without automation, this step often requires manual updates introducing risk and downtime.

The VSP360BlockLink usage plugin closes this gap automatically:

Password rotates in CyberArk.
VSP 360 is updated instantly.
Management continues without interruption.

No manual steps. No broken connections.

Built for Zero Trust

This integration follows modern security principles:

Short-lived JWT tokens.
TLS-only communication.
Least-privilege access using the pam:management role.
No password exposure through APIs.
Full audit trails for every change and session.

CyberArk remains the system of record. VSP 360 executes secure, policy-driven updates.

What Customers Gain

Automated credential rotation.
Elimination of shared and static passwords.
Continuous compliance and audit readiness.
Secure, recorded administrator access.
Reduced operational risk and overhead.

Final Thought

As storage environments grow more centralized, securing the management plane is no longer optional. The VSP 360 and CyberArk PAM integration gives organizations a practical, scalable way to protect the credentials that guard their most critical data without slowing down operations.

To learn more about this integration, visit the Hitachi Vantara Community reach out to your Hitachi or CyberArk account team. Implementation guides and plugin packages are available through the CyberArk Marketplace.

#VSP360

0 comments

24 views