Balance innovation and agility with security and compliance
risks using a 3-step process across all cloud infrastructure.
Step up business agility without compromising
security or compliance
Everything you need to become a Kubernetes expert.
Always for free!
Everything you need to know about Magalix
culture and much more
When starting your compliance journey, applying your first set of Policy-as-code rules and understanding your compliance state will be an eye-opening event. As a general practice, you might want to set your policies in a read-only mode so you can understand your compliance posture before proactively blocking any violations that are triggered. This is where the hard work of fixing violations begins. You should anticipate code changes, education, and coordination amongst your software, ops, and security engineers because each team is impacted in a different way.
Eventually, you’ll get to the light at the end of this compliance tunnel, but that hard work is only to get you compliant right now. Moving forward, you’ll need a 24x7 compliance monitoring solution to capture any new violations. In autonomous organizations where developers have almost complete control over their microservices, each deployment has the potential to trigger a violation. If you didn’t have to, you probably wouldn’t want to be in a situation where you are chasing violations all day, especially the same ones you might’ve just fixed.
Magalix is already a runtime policy engine, but Magalix also provides a solution to catch and prevent violating configurations from entering your environment in the first place. Much like how software tests can catch bugs before a build, Magalix can catch compliance violations before they are deployed or even at the time of deployment. Let’s see how.
What’s great about governing and securing your environment using code is that you can reuse your existing CI/CD toolset and workflow. It doesn’t matter if you have a testing placeholder or strive to keep 100% automated code coverage, shifting your governance left should be as simple as adding another block to an existing test stanza.
Magalix helps you shift left by turning existing Policies into a web service. API-ify your policies and use them within your testing steps. Test your coded configuration against the same policies you are enforcing in your runtime environment. Make decisions based on the results of those checks so you can catch violations even before committing to your local development branch. We can run wherever there is a command line so the same tools you run in a terminal can be run inside your CI/CD job.
A closer look at the policy testing results using CircleCI
The same paradigm can be applied when dealing with infrastructure-as-code. Creating a situation where infrastructure configurations are not standardized can leave you with a hodge-podge of misconfigurations that creates risk and complexity. In certain cases, like provisioning an encrypted disk, configurations can only be set at the time of creation so getting that wrong, and then building on top of that is costly. This accumulates serious technical debt that quite frankly gets harder to pay back as time goes on. I call this the “too late, won’t fix” situation. DevOps teams need a way to standardize their infrastructure alongside governing the applications that sit on top.
Have you ever been in a situation where you were tasked to deploy to production but knew what you were deploying wasn’t 100% right? This has happened to me a few times. Each time, whatever I was deploying was a prerequisite for something else, meaning as soon as I was finished someone else would be building on top of my work. This again put me in a “too late” scenario. The blowback to this decision results in technical debt that realistically won’t get addressed unless there is an extraordinary reason allowing me to do so.
As a part of our offering, Magalix also checks your artifacts at deploy time. Prevent situations that occur when someone tries to deploy a non-compliant artifact. Blocking all violations at deploy time makes compliance a prerequisite for a release. This reinforces the need for everyone involved to treat security as a top-level priority, as opposed to a brief afterthought that goes nowhere.
Achieving compliance is no small feat. Mixing compliance, governance, security, and Cloud-Native in a single initiative may sound intimidating, but thanks to policy-as-code, we now have a way to tackle all of these feats with a single solution. But, just getting compliant isn’t enough. The need to continuously enforce compliance and governance is nothing less than a 24x7 job. To maintain agility while proactively preventing compliance violations, teams shift left to enforce policies at the earliest stages of the development cycle. With so many moving pieces, it’s no surprise that many shy away from it.
Remember, simply getting compliant in a Cloud-Native environment is already a challenge, but it isn’t enough because becoming compliant is different than remaining compliant. Magalix is a solution that provides a single management interface to provide you with commit time, build time, deploy time, and run-time checks so that you can develop one policy, and apply it anywhere in your software development lifecycle.
Here’s why a Zero Trust security approach is one of the most reliable ways to prevent supply chain attacks.