[vc_row][vc_column][vc_column_text]Companies choose to transition to serverless computing for various reasons; two main reasons including faster time-to-market and reduced infrastructure costs. However, their serverless security requirements differ based on a myriad of factors. One of those factors is compliance. Today we highlight compliance in serverless, with a compliance-driven client. We will showcase their security driver and challenges, their chosen solution, and ultimately, results.

Compliance in Serverless – The Challenge  use case: compliance in serverless

A large multi-national bank had a number of teams building customer-facing applications using serverless-based architectures. Maintaining compliance with both internal and external regulations has always been a priority. With the migration to serverless applications, the security team struggled to keep up with compliance at the accelerated pace of deployment. They were searching for a way to regain visibility and control of the compliance of their applications, without getting in the way of fast deployments.

The Solution

After searching for a solution that would allow them to quickly implement security into development, and not delay deployments, they identified Protego. The team was able to easily integrate the Protegos Proact solution into their monitoring dashboards and, through a quick integration with their DevOps counterparts, into the applications’ CI/CD pipelines. This allowed for:

  • Automatic assessment of security posture including IAM roles, 3rd party dependencies, credential leaks and other vulnerabilities and embedded secrets
  • Automatically generate least privilege IAM roles
  • Identify security risks across functions, 3rd party libraries and triggers to remediate prior to deployment
  • Block deployment if the security posture is not up to standard

The Results

Using Protego Proact for compliance in serverless the team was able to regain meaningful visibility of their applications’ security, and where their key risks resided. By integrating Protego’s code-centric security into their build pipelines, they were able to eliminate over-permissioning and other human errors, as well as: 

  • Save developers time and allow them to focus on innovation
  • Save security team time in verifying that security was done right during build
  • Provide faster deployment of important features and services while maintaining the highest security standards, keeping customers happy, and their information secure.

What’s Next?

The team plans to integrate the Protego Defend runtime protection for continuous security assurance and microsegmentation to provide the highest levels of isolation, all while allowing zero manual configuration, and creation of custom rules and exceptions to address policies and regulations unique to their business.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_cta h2=”It’s easy to maintain compliance with serverless.” h4=”Download this free eBook to find out how.” txt_align=”center” add_button=”bottom” btn_title=”Read Today” btn_color=”warning” btn_align=”center” btn_link=”url:https%3A%2F%2Fkoi-3QND6MRGMI.marketingautomation.services%2Fnet%2Fm%3Fmd%3DmwwISZ%252F079Ae%252BskcjlBSbaBO5New2NH5||target:%20_blank|”][/vc_cta][/vc_column][/vc_row]

Share This Article
Share on facebook
Share on linkedin
Share on twitter
Share on email

Join industry experts as they discuss all things serverless including industry news and best practice tips.