Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight a team struggling with traditional AppSec in serverless and finding security at serverless speed, their security driver and challenges, solution & ultimate results

Security At Serverless Speed – The Challenge  Security at serverless speed

A large Fortune 500 Insurance company recently made significant investments into moving many of its internal applications to the public cloud, and adopted a serverless-first strategy. This strategy let the applications teams deploy new features at nearly three times their previous pace, and reduced the overhead of operations significantly. The security team, however, found itself in a lose-lose situation, forced to choose between delaying deployment of important features at to allow time for proper reconfiguration of their WAF and security posture, or allowing things to roll out and hope to catch risks and vulnerabilities before any breaches occur.

The Solution

The team chose to integrate Protego for automatic runtime protection, which allowed them to embrace serverless speed and:

  • Get real-time visibility and control of their application security posture
  • Create custom rules & exceptions to set zero trust boundaries 
  • Provide the development team with zero-configuration application defense that continuously protected their applications from both known and unknown attacks

The Results

Using Protego for runtime defense the company was able to:

  • Release secure functionality at serverless speed without delaying development
  • Save both development and security teams times with zero manual security configurations

What’s Next?

Enable Protego Proact during CI/CD to improve security posture before functions reach the cloud, and make sure developers are doing the right thing from the start. This allows companies to shift security left and minimize risky deployments to a minimum. 

Share This Article
Share on facebook
Share on linkedin
Share on twitter
Share on email
THE SERVERLESS
SMARTS PODCAST
THE SERVERLESS
SMARTS PODCAST

Join industry experts as they discuss all things serverless including industry news and best practice tips.

podcast_image