Dome9 Security, the public cloud security company, today announced support for automated security and compliance assessment of†AWS CloudFormation templates†(CFT) in the Dome9 Compliance Engine. Customers will now be able to test the security and compliance posture of their infrastructure templates and proactively harden security before deploying software-defined infrastructure in live environments. Dome9 is the only company to offer security testing for AWS CFTs prior to deployment.
According to the†2017 State of DevOps report†from Puppet, organizations that incorporate security and quality early and often in the development process spend 50 percent less time remediating security issues. Much of the focus of security in DevOps, or DevSecOps, has been on application security tools and practices. A considerable gap for the development community is security testing for infrastructure blueprints. The powerful new capabilities of the Dome9 Arc platform speed up the compliance lifecycle and protect against accidental exposure and external attacks.
“Organizations are dealing with the challenge of building security into their DevOps processes to minimize incident risk without slowing down the pace of innovation,”†said Zohar Alon, CEO, and co-founder of Dome9. “Dome9 offers DevOps and security teams an automated and, more importantly, a faster and more accurate way to ensure their infrastructure meets compliance requirements and security best practices.”
Testing CFTs is a manual process today. DevOps teams create CFTs, and then submit them to the security teams for review. The back-and-forth between security and operations teams to better understand and assess CFTs creates lengthy delays and slows DevOps down while introducing the risk of errors into the process.
Dome9 solves this problem by automating the assessment of CFTs against compliance standards such as PCI DSS and industry best practice specifications such as the CIS AWS Foundations Benchmark. More specifically, the Dome9 Compliance Engine:
- Takes care of resolving CFT parameter values and intrinsic functions and simulating the deployment of the CFT
- Offers customers a way to run assessments programmatically using the Dome9 API, allowing security and compliance checks for CFTs to be built into DevOps scripts and workflows
Dome9 is a sponsor of the AWS Summit in New York on August 14, 2017. Visit Dome9 at booth #217 to learn more about the Dome9 Arc platform and the Dome9 Compliance Engine.