How these firms assist organizations with DevSecOps


We requested these software suppliers to share extra info on how their options assist firms with safety in distant or hybrid settings. Their responses are beneath.

Man Eisenkot, VP of product and co-founder of Bridgecrew by Prisma Cloud

As hybrid work environments and cloud infrastructure environments turn out to be the norm, organizations’ assault surfaces are solely getting bigger and extra complicated. With much less cohesive visibility into the multitude of instruments and frameworks used throughout software program provide chains, it’s onerous for organizations to maintain up with safety dangers and greatest practices. To mitigate these dangers caused by cloud complexity and distant work, many organizations are embracing DevSecOps.

Bridgecrew by Prisma Cloud helps organizations undertake DevSecOps seamlessly by means of steady, proactive safety measures for each staff—from engineering and DevOps to safety and compliance.

For engineering, Bridgecrew makes it simpler to forestall infrastructure misconfigurations and vulnerabilities from progressing into construct pipelines and manufacturing environments by surfacing suggestions in developer instruments. Through command traces and built-in improvement environments (IDE), Bridgecrew gives fixes as code so builders can adhere to safe coding practices.

Safety perimeter isn’t any extra as assault floor continues to develop
A information to DevSecOps instruments 

For DevOps, Bridgecrew allows velocity and agility by automating safety guardrails all through the event lifecycle. Bridgecrew additionally comes geared up with the instruments DevOps have to maintain their software program provide chain safe—from the person parts to the model management techniques (VCS) and steady integration (CI) pipelines that ship them. 

Lastly, for safety and compliance, Bridgecrew gives unified visibility into the safety posture of all cloud sources and real-time notifications and ticketing to allow cross-functional collaboration. These are essential for DevSecOps to be efficient within the hybrid work atmosphere when staff work remotely in various time zones. 

With Bridgecrew by Prisma Cloud, organizations can bridge the hole between safety and engineering no matter the place groups are positioned world wide.

Jeff Williams, chief know-how officer at Distinction Safety

Distinction is a platform of merchandise that tries to allow groups to do their very own safety. So in a distant type of atmosphere, it’s actually essential to empower the builders to have the power to check their software program domestically, as a part of each time they alter the code, they’ll get prompt outcomes. And our philosophy is kind of, they shouldn’t have to alter something about the best way that they construct, or check or deploy their code, they need to simply do their regular course of. And the safety tooling must be the factor that does the work, after which alerts them if there’s ever an issue. However we don’t need the builders to should take further steps. As a result of what finally ends up taking place is that they get annoyed with these further steps. If there’s false positives, they should go do further work for no cause to research these issues. So we need to simply empower them to simply take care of the issues that truly matter, make these adjustments themselves and test and clear code. And we need to do that actually early within the improvement course of. In order that’s the position that Distinction performs — we’re simply within the background doing our job. And if something goes exterior the guardrails a little bit bit, we assist steer the builders again on monitor. Now, the safety staff can take part. They function managing the coverage, they watch the metrics, they’ll go assist tasks that aren’t doing very nicely. However by monitoring all of their functions constantly, it provides you a really completely different viewpoint than should you’re simply working instruments, working scanners, type of serially, one after the other by means of your whole software portfolio. And keep in mind, we’re sometimes working with organizations which have a whole bunch or hundreds, and even ten of hundreds of functions, all in improvement at any given time. So it’s actually a posh drawback to take care of.

Ev Kontsevoy, CEO of Teleport

Hybrid is the brand new regular. Hybrid work preparations have put strain on the company community, and staff at completely different ranges of seniority want to have the ability to connect with company infrastructure from anyplace. Moreover, that infrastructure is more and more complicated. A typical buyer atmosphere is itself hybrid with Linux and Home windows servers, Kubernetes clusters, databases, and inside functions like CICD techniques and model management techniques like GitLab. On this atmosphere, defending trendy functions requires the consolidation of all elements of infrastructure entry right into a platform constructed for a hybrid world. That platform is the Teleport Entry Aircraft, the simplest, most safe option to entry all a company’s infrastructure. The open-source Teleport Entry Aircraft consolidates the 4 important infrastructure entry capabilities each security-conscious group wants: connectivity, authentication, authorization, and audit. By consolidating all elements of infrastructure entry right into a single platform, Teleport reduces assault floor space, cuts operational overhead, simply enforces compliance, and improves productiveness. The Teleport Entry Aircraft replaces VPNs, shared credentials, and legacy privileged entry administration applied sciences, enhancing safety and engineering productiveness.

With Teleport, organizations can simply shift to distant work and improve their use of hybrid cloud environments with out impacting safety or productiveness. Teleport allows groups to securely connect with your world infrastructure no matter community boundaries and gives identity-based entry for people, machines, and companies, together with fine-grained entry controls. It allows groups to realize unprecedented visibility into infrastructure entry and conduct to allow them to meet and exceed compliance goals.