HashiCorp

DevOps teams use infrastructure as code (IaC) tools like HashiCorp’s Terraform to automate infrastructure provisioning, release new features, and keep up with customer demand. Building ‘secure by design’ is critical to reduce the risk of an attack in the cloud when relying on IaC tools.

Wiz provides proactive and real-time security visibility into the cloud, allowing customers to secure their production cloud environments.

The Wiz integration with Terraform’s Run Task helps teams shift security left earlier in the development process by scanning for secrets and misconfigurations in IaC templates before pushing deployments to production.

Integration Benefits

• Reduce risk early: Wiz enables you to take runtime security learnings and apply them as security scans and policies into Terraform pipelines before it provisions infrastructure in production.  

• Improve developer efficiency: Fixing security risks earlier helps reduce the time development teams focus on investigating and fixing production issues and can focus on what they enjoy and what the business values the most: improving and building new applications.  

• Protect production environments: The risk introduced into your production environment is not just isolated to what you’re deploying but becomes a holistic risk to all the existing application crown jewels you have in your cloud.  

Better Together

Wiz starts by providing teams with immediate visibility into the workloads across an organization's cloud environment. Wiz then scans for and combines risks like vulnerabilities, misconfigurations, and secrets exposures to find attack paths that the security team should fix immediately. Terraform streamlines cloud infrastructure deployment for DevOps teams, leveraging automation to minimize errors during cloud deployments.

Integrating Wiz with Terraform Cloud and Terraform Enterprise provides mutual customers with a critical security check either after the planning stage or before applying changes. This check scans Infrastructure as Code (IaC) Terraform configurations for secrets or misconfigurations before these risks reach production environments. By automating the enforcement of security best practices, this integration ensures the deployment of secure infrastructure, effectively lowering the organization’s risk profile.

There have been more security incidents in your cloud environment recently due to risks that expose your critical infrastructure and data to attacks. You want to catch and fix issues before they ever reach production to ensure that deployments don’t introduce new risks.

Challenge

• Gaining visibility into exposure risks across the cloud 

• Having the necessary context to understand if this is a risk worth spending valuable security time 

• Bringing risk context and learnings from production to earlier in the development lifecycle 

Solution

Combining Wiz with Terraform brings posture management earlier in the development process. To start, Terraform takes the IaC configuration and constructs a plan for the code. At the same time, Wiz’s Run Task intervenes to scan, find a misconfiguration or exposed secret, and halt the deployment before it reaches the apply stage. Together, Terraform and Wiz ensure that publicly exposed secrets or misconfigurations that could open exposure points or lateral movements for attackers do not deploy to production.