The best practice to deploy resources to the cloud is to leverage the power of Infrastructure as Code (IaC). That includes declarative templates, custom-built scripts, the use of available provisioning engines, and custom automation frameworks.
In a typical workflow, the DevOps engineer will author the cloud resource templates. Then she should deploy the resources to the cloud to get feedback on her work. This increases the process’s time and results in many back and forth between the DevOps engineer responsible for the cloud resource creation and the SecOps team responsible for the cloud security.
Prancer platform shifts security to the left and gives the DevOps engineer early feedback on her codes. The security compliance policies available out of the box can show the misconfigurations to the cloud engineer with every commit she is making to the code repo. It also can provide automatic remediation on the code and file a PR on behalf of the user to fix the issue. This increases the speed of deployment while maintaining high-security standards. SecOps team can make sure all of their policies are in place and the code is verified and validated before even the provisioning process starts.
For IaC security, Prancer currently supports Azure ARM templates, AWS Cloud formations, Google Deployment templates, Kubernetes Objects, Terraform and custom json and yaml files. We have a comprehensive database of policies based on industry compliance frameworks like CIS , NIST 800, PCI, HIPPA, HITRUST, CSA CCM and ISO 27001. Moreover, it is possible for the SecOps team to write their custom policies based on enterprise requirements.
Cloud Continuous Compliance
Cloud implementations could grow exponentially over time. For an average company, there are thousands of resources available in the cloud. Maintaining these resources and make sure they are secure is a difficult task.
Also, cloud providers introduce new features and configurations to their cloud resources every week, and it is hard to keep up with these changes from the security and compliance standpoint.
Moreover, cloud security is a dynamic, ever-growing technical field. Usually, it is hard to find professionals who have technical depth in cloud security. And those professionals should keep themselves up to date to make sure they understand all the details and complexities in the cloud.
On top of those, it is very possible that configuration drifts happen in your cloud environment. Cloud engineers using the cloud portal change the configurations on a needed basis, and sometimes, this could introduce security vulnerability to the environment. Due to the scale of resources in the cloud, it is usually hard to find these configuration drifts right away.
Prancer Platform has a continuous compliance scanning engine that can connect to your environment and scan the cloud environment in real-time. Prancer platform can drastically increase your cloud security posture management (CSPM).
Prancer Platform identifies configuration drifts on cloud resources and provides auto-remediation for non compliant resources. From Prancer Portal interface, SecOps team can easily find anomalies in their environment and auto remediate security problems with a click of a button.
Currently, Prancer platform supports Azure, AWS and Google cloud along with Kubernetes clusters. Prancer has implemented the Policy as Code concept for its workflow. We have a comprehensive database of policies with more than 1000 policies based on industry compliance frameworks such as CIS , NIST 800, PCI, HIPPA, HITRUST, CSA CCM and ISO 27001. Moreover, it is possible for the SecOps team to write their custom policies based on enterprise requirements.
Prancer professional services are always available to help you through public channels and private consulting sessions for your security needs.