Customer Success Story: Hitachi Vantara
Accelerating Secure Pipelines with Multisite, Hybrid DevSecOps
COMPANY
Hitachi Vantara, a wholly-owned subsidiary of Hitachi, Ltd., is a data storage systems provider to more than 6,300 customers in more than 100 countries, including over 80% of Fortune 100 companies. Their hardware and software offerings help provide end-to-end coverage of big data and its applications, in fields such as Internet of Things (IoT), big data analytics, data protection, cloud storage and converged systems.
CHALLENGES
“It’s really critical that we make our pipelines as fast as they can be,” explained DevSecOps Sr. Manager Larry Grill. With as many as 30 teams accrued over several acquisitions operating in siloed systems on-prem and in the cloud, developer groups couldn’t share large, common artifacts across multiple sites at speed, slowing down complex workflows. Without a common approach to managing the organization’s software supply chain, it was also impossible to maintain a consistent security posture against open source vulnerabilities across all pipelines. To achieve Hitachi’s security goals, “compliance has to be baked in.”
RESULTS
JFrog was Hitachi Vantara’s clear choice, persuaded by Artifactory’s industry-leading ability to manage and share binaries with metadata for all 14 required package types across multiple sites. Three on-premises JFrog Platform deployments serve up to 700 engineers by replicating key repositories for geolocality at each site.
This multisite architecture accelerated their pipelines, reducing build times 25-30%. “We use [JFrog] replication to speed that up and make sure they don’t have to pull that over the wire at the moment they need it and potentially wait for a 2, 10, or even a 20 GB file transfer. Artifactory takes care of that for us by moving it over shortly after it’s built.”
Artifactory in an AWS cloud-hosted DMZ provides remote caching of open source components (like those from DockerHub) for all sites. Xray helps protect their entire supply chain against known vulnerabilities. “Something that’s going to scan everything in that central repository of truth, automatically, with zero customization required, that’s really, really powerful.”
“The capabilities of Artifactory are what allow us to do what we can do today…With Xray, [security] is a no-brainer – it’s built in, just turn it on, wow! I’ll take that all day long.”
– Larry Grill, DevSecOps Sr. Manager
INDUSTRY
Information Systems & Telecommunications
PROBLEM
- Siloed systems from acquisitions
- Slow build times across multi-site pipelines
- No consistent security posture
RESULTS
- Consistent software supply chain management practices
- Accelerated pipelines through replicated repositories
- Organization-wide detection of security vulnerabilities
- Shift-left security to prevent vulnerabilities before builds
- Expansion-ready for future growth
SOLUTIONS
JFrog Artifactory
JFrog Xray
Amazon Web Services
Docker Hub