Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight a team struggling with traditional AppSec in serverless and finding security at serverless speed, their security driver and challenges, solution & ultimate results
A large Fortune 500 Insurance company recently made significant investments into moving many of its internal applications to the public cloud, and adopted a serverless-first strategy. This strategy let the applications teams deploy new features at nearly three times their previous pace, and reduced the overhead of operations significantly. The security team, however, found itself in a lose-lose situation, forced to choose between delaying deployment of important features at to allow time for proper reconfiguration of their WAF and security posture, or allowing things to roll out and hope to catch risks and vulnerabilities before any breaches occur.
The team chose to integrate Protego for automatic runtime protection, which allowed them to embrace serverless speed and:
- Get real-time visibility and control of their application security posture
- Create custom rules & exceptions to set zero trust boundaries
- Provide the development team with zero-configuration application defense that continuously protected their applications from both known and unknown attacks
Using Protego for runtime defense the company was able to:
- Release secure functionality at serverless speed without delaying development
- Save both development and security teams times with zero manual security configurations
Enable Protego Proact during CI/CD to improve security posture before functions reach the cloud, and make sure developers are doing the right thing from the start. This allows companies to shift security left and minimize risky deployments to a minimum.