Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight an entertainment company struggling to maintain security posture with developers owning security in a code-centric environment.
An entertainment company developed a serverless application for media processing and delivery, built on AWS. During the move to serverless, developers were now owning security configurations such as IAM roles. As a result, developers found themselves spending more time on security, trying to ensure that their functions were configured properly, which delayed production. At the same time, periodic security audits found an increase in the frequency of overpermissioned functions and security gaps.
Using Protego’s developer toolkit the development team could do the right thing from the beginning. With Protego’s continuous code scanning and optimal configuration suggestions in real time, the team now had:
- Clear visibility into the security posture of the applications, where they were accessed from, and what they were accessing.
- Notifications of potential issues, making it easy to quickly validate and correct risks such as over-permissioned IAM roles.
- Additional custom rules and exceptions providing the development team the tools they needed to implement code-based security within the function
Automatic configuration and application hardening during development resolved the developers owning security issue and enabled the team and the company to:
- Save time and focus efforts on developing code rather than the manual tasks of security
- Fast release of new and important features and functionality
- Significant cost savings as expected when migrating to serverless
Integrate Protego into the CI/CD pipeline so that configurations are done correctly before functions hit the live environment.