How to automatically integrate security into the software development process
Improving communication between security specialists and developers is always a challenge. Both sides have their own jobs to do on separate timelines and working together is always something that has to be scheduled around other tasks.
Anything that can bring the two sides closer and create a better relationship will result in faster deliver times and better products.
Implementing an early awareness of security issues in the software development cycle is on everyone’s “to do” list but rarely gets done. So how can you integrate security concerns at the appropriate stage?
That was the issue facing AME Digital, a cloud-native Fintech and mobile business platform with over 10M users and 2M merchants. They process millions of transactions, so their applications must be resilient and available at all times very well secured.
AME Digital was in search of a new solution that could offer better reaction times and built-in security measures. They recognized the value of adding an automated layer of secured infrastructure in the early pre-production environment and began to realign their development strategy.
Starting early with Solvo
AME Digital turned their focus to introducing security measures in their cloud infrastructure, which brought them to Solvo. The idea of adding a security project at the development stage isn’t always an easy sell because engineers want to work at their own pace without worrying about a team with a different focus slowing them down. Also, security teams identify issues and ask developers and product owners for fixes, which can create friction in the team and cause further delays.
Infrastructure security and identity and access management (IAM) were top priorities for AME’s security team, which devotes most of their time and resources to keeping user data and funds secure at all times. The mission was always the same, but the task of implementing it without slowing the development process down remained until they started with Solvo.
By onboarding Solvo, AME significantly reduced their excessive permissions, limiting them to those needed and necessary. They also leveraged the AWS IAM feature to improve their network security and key management.
brought immediate benefits to
Visibility into their cloud infrastructure inventory and a graphic representation of their excessive accesses granted
Customized security policies for cloud assets that are updated with each deployment
Improved secret management through IAM Roles for different application functionalities, created automatically and with the right context
Restricted access to sensitive data, done granularly, that updates dynamically based on changed in the profile of the application
“We are very pleased with the way Solvo integrates with new, emerging technologies. From a security perspective, they deliver on the promise of improving the relationships between developers and security teams, helping them work together and be more productive. By using data collected during the development and staging phases, we can make sure that we're only allowing necessary roles and privileges in our applications.”
-Daniel Neto, Head of Cybersecurity at AME Digital
Solvo was the perfect match for AME’s cybersecurity vision because it is built on a foundation of constant improvement and collaboration between developers and security teams.
As AME Digital discovered with Solvo, deploying a security strategy in the pre-production and production environments is key to keeping your entire infrastructure secured. Solvo begins its work by analyzing the current state of your cloud account and looks for deviations from best practices. Based on the data it collects, the next step is creating new security policies from scratch for assets that have been given excessive access. Most active policies contain excessive permissions, often including hundreds that were not needed at all. In fact, based on our experience, about 85% of security permissions in the cloud are excessive.
New policies are easily enforced directly or as part of the CI process, depending on the preferences of the user. Code is dynamic, undergoing frequent updates and changes. Solvo monitors these changes and updates access policies accordingly in real time. When new code or cloud resources are identified, new policies are created automatically using the same process.
Solvo’s protection is always active and never misses a change or update, keeping your data secure at all times and limiting access to the necessary minimum.
During compliance testing and evaluation, you’re often asked to show who can access your data and how. Solvo gives you a clear and updated understanding of all access paths while highlighting any excessive permissions, which are removed automatically.
If you’re ready to enhance your security posture while making demonstrations of compliance easier, get in touch with Solvo and get an up-close look at what it can do during a free demo.