Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight an entertainment company struggling to maintain security posture with developers owning security in a code-centric environment.
An entertainment company developed a serverless application for media processing and delivery, built on AWS. During the move to serverless, developers were now owning security configurations such as IAM roles. As a result, developers found themselves spending more time on security, trying to ensure that their functions were configured properly, which delayed production. At the same time, periodic security audits found an increase in the frequency of overpermissioned functions and security gaps.
Using Protego’s developer toolkit the development team could do the right thing from the beginning. With Protego’s continuous code scanning and optimal configuration suggestions in real time, the team now had:
Automatic configuration and application hardening during development resolved the developers owning security issue and enabled the team and the company to:
Integrate Protego into the CI/CD pipeline so that configurations are done correctly before functions hit the live environment.