When setting up a cloud security program, security teams are often tasked with creating the platform and authoring policies for environments they are not familiar with. While this approach may work for small or less complex environments, how do you scale this to hundreds of environments while considering every stakeholder's security needs and requirements? How do you build the proper controls and checks to ensure all the changes are compliant with your organization's security objectives?
A pragmatic approach is to leverage the expertise of all stakeholders, including cloud architects, DevOps, and developers, to build a more comprehensive and inclusive security program. This approach democratizes and establishes the proper approval process to ensure all policy changes have the appropriate oversight and do not accidentally increase risk. Security teams must review and approve new or existing policies and champion the organization's change control policy. This is where the Wiz GitOps workflows and Terraform come in.
What is GitOps workflow and why should you consider it?
To begin, let's ask ourselves a seemingly simple question: What is GitOps? If you do a search or ask chatGPT, you will find many different definitions. In fact, everyone has his own. For example, HashiCorp and GitHub.
Our Wiz GitOps workflow is simply about implementing development best practices to policy automation.
Version control via Git or an equivalent
The use of code to describe a desired state
Automation tooling
Collaboration between teams, especially for code review
Integration in an automated CI/CD chain
In short, it allows different teams to write their policies related to their specific needs as code and automatically push changes into production. It provides visibility and transparency as everyone who is authorized to do so can read and collaborate on the code.
This makes it easier and more efficient to give more autonomy while having the ability to control, approve and block, if necessary, the deployment of new policies.
At Wiz, we offer thousands of out-of-the-box policies, but we are also aware that each customer has different constraints and needs to implement them.
That's why we are pleased to announce the new capability of our Terraform provider. It is now possible to manage the complete lifecycle of Cloud Configuration rules via code and to integrate into the GitOps process.
We strongly believe that cloud security is a team sport. The combination of WIz project-based management and Wiz Gitops workflow helps accelerate the adoption of Devs and Cloud teams while improving the company's security posture.
How to start with Wiz GitOps workflow?
And this is just the beginning. We'll be adding more features as we go along. So stay tuned. All Wiz customers can start using the terraform provider right now. We recommend that you consult our documentation (login required). Please let us know if you have any questions, comments, or feedback. We love hearing from you.
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.