Accurics Enhances Developer-First View of Cloud Security with Channel Program

Accurics is launching a partner program to develop a rich ecosystem around protecting and securing Infrastructure as Code initiatives. IDN reviews the program and looks at early participants.

Tags: Accurics, apps, cloud, IaC, infrastructure, lifecycle, security, threats,

Accurics is expanding its approach to developer-first cloud security, protection and resilience with a partner program designed for firms aligned with Infrastructure as Code (IaC) technologies.  

 

Accurics' platform is designed to self-heal cloud-native infrastructure by codifying security throughout the development lifecycle. This approach allows Accurics to programmatically detect and resolve risks across IoC before infrastructure is provisioned -- and maintain this secure posture in runtime. 

 

"The Accurics channel program reflects the fundamental principle that a developer-first approach is vital for optimizing cloud security," said Alex Ausmanas, vice president of sales and partnerships at Accurics.

 

"Our solution reduces risk by implementing security guardrails early in the development lifecycle, and this strategy takes those benefits even further. We're proud to be joined by some of the greatest innovators in the channel arena who are enabling digital transformation for customers, and we're proud to serve them through a truly differentiated solution supporting cyber resilience,”  Ausmanas added.

 

Technologically, the Accurics solution builds on a developer-first philosophy to complement a comprehensive offering. It features:

  • Policy as Code: Accurics provides 1,800-plus policies across compliance standards, such as CIS Benchmarks, SOC 2, PCI DSS, HIPAA, NYDFS, and GDPR so that that policy guardrails can be enabled in minutes. During development, the technology scans IaC to detect violations and integrates with CI/CD tools to block risky builds. The same policies are assessed in runtime as users make changes to infrastructure configurations.
  • Security as Code: Accurics generates a real-time topology across all infrastructure by identifying resources, configurations and dependencies, then models threats using data such as threat feeds, trust boundaries and IAM privileges to identify potential breach paths in code and runtime.
  • Drift as Code: Accurics enables organizations to establish a secure baseline through IaC during development. It then continuously monitors the cloud infrastructure to detect configuration changes and assesses them for risk.
  • Remediation as Code: Accurics automatically generates code to resolve a misconfiguration and generates a pull request. The appropriate developer will receive notification and simply needs to review, approve, and merge the code. Alternately, organizations may elect to override insecure configurations with secure defaults to self-heal cloud infrastructure.

Accurics' technology integrations empower organizations to integrate security into their existing development workflows in dev, build, and runtime. They can also 

  • Connect to code repositories for continuous IaC analysis
  • Implement policy guardrails in your CI/CD pipelines
  • Monitor cloud infrastructure in runtime
  • Resolve issues via your existing workflows

Accurics Partner Program Follows Findings of Evolving Threats To Cloud Apps

Accurics' partner program comes as numerous studies reveal the ever-evolving threat to cloud-native projects. 

 

In a recent blog post, Accurics' Laura Paine, principal product marketing manager, pointed out results from two major surveys – one report from Enterprise Strategy Group (ESG) and one from the company itself, The Accurics Cloud Cyber Resilience Report

 

The conclusion: The nature of today's complex threats will require a more holistic protection approach. In part, Paine wrote:   

As organizations seek to evolve their cybersecurity programs to strengthen their security posture around cloud applications, they're embracing a shift-left approach and DevSecOps automation.

Although the need to ensure that policy guardrails are in place across the software development life cycle is already of the utmost importance, the adoption of GitOps puts a finer point on that need. Developers are increasingly leveraging technologies such as Helm and Kustomize to automate the build and deployment process, which requires a programmatic approach to cloud security. 

 

It's no longer sufficient to only scan for IaC misconfigurations at runtime. Organizations need developer-first security solutions that are compatible with their workflows, increase independence, and deliver easily consumable code fixes rather than just identifying problems. Cyber resilience requires a fundamentally new approach that self-heals the cloud throughout the development lifecycle.

 

According to ESG's findings, the diversity of the threat landscape is often most evident with cloud-native applications and infrastructure, with only 12 percent of organizations having experienced no cyber incidents targeting their cloud-native apps or infrastructure over the past year. The report suggests that this highlights the need for "an integrated defense-in-depth approach. Such controls will enable a focus on hardened configurations, automation, segmentation, and the monitoring of accounts and services."

 

The recent Accurics Cloud Cyber Resilience Report shows that Identity and Access Management (IAM) has emerged as a new threat vector, and it was the first time that we saw IAM defined through Infrastructure as Code (IaC) in production environments. With some organizations having roles in the thousands or tens of thousands, it isn't feasible to manage them all manually. 

 

We discovered that more than a third (35.3 percent) of the IAM drifts detected in the report originated in IaC, indicating rapid adoption of IAM as Code. This is particularly alarming when we consider that ESG survey respondents reported cloud misconfigurations resulting from the use of default passwords (30 percent), overly permissive user accounts (25 percent), and overly permissive service accounts (25 percent). Respondents also reported externally facing workloads subject to port scanning and unauthorized access to services via open ports. 

 

The results? Survey respondents reported data compromises in the introduction of malware, including crypto miners and ransomware, as well as impact to SLAs, which indicates the need for IaC security automation. Over the last few years, several high-profile breaches, including SolarWinds and Twilio, have given us a taste of what's possible when mal-intended parties have access to code or pipelines.

The Accurics channel program is launching with established partners with expertise in cloud apps and emerging technology, including:

  • DigitalOnUs: A hybrid cloud and DevOps services provider
  • Consortium Networks: A consulting firm for tech professionals
  • ImagineX Consulting: A white glove cyber risk services consultancy focused on emerging technologies 
  • CBTS: A provider of a full suite of flexible technology solutions that improve operational efficiency, mitigate risk, and reduce client costs 

Accurics partner ecosystem includes resellers, Sis, and technology partners with integrations to the company's open source solution and platform technologies. All ecosystem partners support cloud-based innovations by codifying security throughout the development lifecycle, facilitating self-healing cloud-native infrastructure and ensuring end-to-end security for cloud apps. 




back

Share