We asked these tool providers to share more information on how their solutions help companies with security in remote or hybrid settings. Their responses are below.
Guy Eisenkot, VP of product and co-founder of Bridgecrew by Prisma Cloud
As hybrid work environments and cloud infrastructure environments become the norm, organizations’ attack surfaces are only getting larger and more complex. With less cohesive visibility into the multitude of tools and frameworks used across software supply chains, it’s hard for organizations to keep up with security risks and best practices. To mitigate those risks brought about by cloud complexity and remote work, many organizations are embracing DevSecOps.
Bridgecrew by Prisma Cloud helps organizations adopt DevSecOps seamlessly through continuous, proactive security measures for every team—from engineering and DevOps to security and compliance.
For engineering, Bridgecrew makes it easier to prevent infrastructure misconfigurations and vulnerabilities from progressing into build pipelines and production environments by surfacing feedback in developer tools. Via command lines and integrated development environments (IDE), Bridgecrew provides fixes as code so developers can adhere to secure coding practices.
Security perimeter is no more as attack surface continues to expand
A guide to DevSecOps tools
For DevOps, Bridgecrew enables speed and agility by automating security guardrails throughout the development lifecycle. Bridgecrew also comes equipped with the tools DevOps need to keep their software supply chain secure—from the individual components to the version control systems (VCS) and continuous integration (CI) pipelines that deliver them.
Lastly, for security and compliance, Bridgecrew provides unified visibility into the security posture of all cloud resources and real-time notifications and ticketing to enable cross-functional collaboration. These are crucial for DevSecOps to be effective in the hybrid work environment when employees work remotely in varying time zones.
With Bridgecrew by Prisma Cloud, organizations can bridge the gap between security and engineering regardless of where teams are located around the world.
Jeff Williams, chief technology officer at Contrast Security
Contrast is a platform of products that tries to enable teams to do their own security. So in a remote kind of environment, it’s really important to empower the developers to have the ability to test their software locally, as part of every time they change the code, they’ll get instant results. And our philosophy is sort of, they shouldn’t have to change anything about the way that they build, or test or deploy their code, they should just do their normal process. And the security tooling should be the thing that does the work, and then alerts them if there’s ever a problem. But we don’t want the developers to have to take extra steps. Because what ends up happening is they get frustrated with those extra steps. If there’s false positives, they have to go do extra work for no reason to investigate those things. So we want to just empower them to just deal with the things that actually matter, make those changes themselves and check and clean code. And we want to do that really early in the development process. So that’s the role that Contrast plays — we’re just in the background doing our job. And if anything goes outside the guardrails a little bit, we help steer the developers back on track. Now, the security team can participate. They serve as managing the policy, they watch the metrics, they can go help projects that aren’t doing very well. But by monitoring all of their applications continuously, it gives you a very different viewpoint than if you’re just running tools, running scanners, kind of serially, one by one through your entire application portfolio. And remember, we’re typically working with organizations that have hundreds or thousands, or even ten of thousands of applications, all in development at any given time. So it is really a complex problem to deal with.
Ev Kontsevoy, CEO of Teleport
Hybrid is the new normal. Hybrid work arrangements have put pressure on the corporate network, and employees at different levels of seniority need to be able to connect to corporate infrastructure from anywhere. Additionally, that infrastructure is increasingly complex. A typical customer environment is itself hybrid with Linux and Windows servers, Kubernetes clusters, databases, and internal applications like CICD systems and version control systems like GitLab. In this environment, protecting modern applications requires the consolidation of all aspects of infrastructure access into a platform built for a hybrid world. That platform is the Teleport Access Plane, the easiest, most secure way to access all an organization’s infrastructure. The open-source Teleport Access Plane consolidates the four essential infrastructure access capabilities every security-conscious organization needs: connectivity, authentication, authorization, and audit. By consolidating all aspects of infrastructure access into a single platform, Teleport reduces attack surface area, cuts operational overhead, easily enforces compliance, and improves productivity. The Teleport Access Plane replaces VPNs, shared credentials, and legacy privileged access management technologies, improving security and engineering productivity.
With Teleport, organizations can easily shift to remote work and increase their use of hybrid cloud environments without impacting security or productivity. Teleport enables teams to securely connect to your global infrastructure regardless of network boundaries and provides identity-based access for humans, machines, and services, including fine-grained access controls. It enables teams to achieve unprecedented visibility into infrastructure access and behavior so they can meet and exceed compliance objectives.