Build Policy Guardrails

Enable DevSecOps by establishing policy guardrails to rapidly detect and remediate risks across resource configurations, network architecture, and user activities.

Ensuring that your organization adheres to your “gold standard” security policies is imperative for managing risks. Unfortunately, security governance is challenging in dynamic public cloud computing environments due to the lack of visibility and control over changes. With the right security service, you can enable DevSecOps by establishing policy guardrails to rapidly detect and remediate risks across resource configurations, network architecture, and user activities.

Prisma Cloud

Successful security governance requires answers to a few key questions to ascertain that your carefully drafted security architecture requirements are being enforced in the cloud.

What is being deployed?

The first step in security governance involves having visibility into the types of resources in your environment. Prisma Cloud uses AI to profile application behavior and identify the role of each cloud resource. This enables you to create relevant policies for each type of resource. For example, just knowing that you have 5000 cloud virtual machines running is not enough, because the policies for web servers will drastically vary from those for databases.

How is it being deployed?

It is important to establish policy guardrails to enable continuous integration and continuous deployment (CI/CD) while ensuring that your organization’s security architecture requirements are continuously verified. Prisma Cloud provides hundreds of policies that reflect established security best practices, and also enables you to create custom policies. It continuously assesses these policies across configurations, networks, users, hosts, and applications. For example, you could monitor your environment for publicly exposed Amazon S3 or EBS volumes.

Who is deploying it?

Effective governance requires accountability to identify the user causing the violation. Prisma Cloud can immediately identify the user who introduced a risky configuration, enabling rapid remediation. For example, if a new Amazon security group is created and left open to the internet, you can pinpoint the user who created the group and discuss if this was done in error.

What is my window of exposure?

When an incident occurs, it must be swiftly remediated to reduce the window of opportunity for malicious actors. Instead of generic alerts, Prisma Cloud provides context on the issue and a risk score attributed to each resource, which helps prioritize and automatically remediate it. This self-healing ability enables you to continuously maintain your organization’s “gold standard” security posture.