Intelligent CISO Issue 53 - Page 50

FEATURE
• Risk-based insights ( vulnerability prioritisation and triage )
• Flexible security policies with audit / enforce modes
• Deep integration with key Amazon solutions for DevOps
At inception , Bayad involved stakeholders from security , development and cloud deployment teams . Initial implementation activities were deliberate and gradual , accelerating for subsequent projects .
“ In the first application integration , we held weekly project meetings and daily deployment and troubleshooting activities with the local Aqua partner to ensure the successful integration of the solution ,” said Migriño .
With Aqua , Migriño and team is able to assess security risks in the pipeline before applications get pushed into production .
This includes detecting and remediating vulnerabilities in container images and serverless functions , security misconfigurations in cloud environments , and the presence of hidden secrets and sensitive data in application artifacts .
Aqua is also being used to extend security controls into production environments , where Aqua detects and prevents anomalous or disallowed behaviours at runtime .
Additionally , Bayad is better prepared to adhere to industry best practices and compliance requirements , supporting principles of least privilege , detecting anomalies at runtime and hardening cloud infrastructure .
“ Using the Aqua solution has helped prevent potential exposure of sensitive information , credentials and keys that could have led to account takeover and system compromise ,” said Ferrer .
As a result of the relationship with Aqua and its local partner , Bayad has realised its vision for greater security of critical applications , protection of sensitive business and customer data and compliance with industry requirements .
“ With Aqua , we now have visibility on the vulnerabilities of our cloudnative applications ,” said Migriño , “ and it helps us prioritise remediation of these so our security operations team is not overwhelmed .”
“ We are satisfied with the Aqua product and its feature enhancements ,” said Ferrer . “ We also like the visibility and support given by its local partner . In the past 12 months , we have expanded Aqua ’ s footprint twice and added new capabilities to our implementation .”
We caught up with Mel Migriño , Meralco Group CISO , who tells us more .
Can you describe how your legacy systems were falling short of your company ’ s requirements ?
Once we had made the decision to move to a fully cloud-native architect , we were experiencing several challenges with our existing systems . We found that there was a lack of visibility on workloads and the cloud environments . We were wasting time verifying components in the registry .
On a broader level , we wanted systems more suited to our transition from DevOps to DevSecOps and provide assurance to our stakeholders that new practices brought by this transition are effective and stable .
What was the thought process behind the decision to ‘ go serverless ’ and migrate to a cloud-native architecture ?
We decided several years ago to take a proactive stance to carry out our Digital Transformation journey . The appeal of ‘ going serverless ’ and moving to a cloud-native environment was that it offered our developers more agility when building and running applications .
We also wanted to take advantage of the in-built benefits of the serverless environment – it ’ s more scalable and flexible , which lets us focus on writing the code that will create the most business value . We can now run new Bayad applications more smoothly , which leads to an improved experience for our customers .
With Aqua , you are able to assess security risks in the pipeline before applications get pushed into production – Why is this so important to you ?
The shift to the left is a vital part of our overall security strategy . It ’ s becoming widely recognised that security needs to be prioritised at the earliest possible stage to catch potential security risks before they become a real danger . That ’ s the best way to reduce outages that would have a detrimental business effect .
Also , as a major contributor to the country ’ s critical infrastructure , we wanted to show our millions of customers and business partners that our services are resilient .
Can you explain how Bayad has been able to achieve greater security of critical applications and protection of sensitive data ?
With Aqua , we have better visibility over the vulnerabilities of our cloud-native applications . This allows us to prioritise remediation of these , which prevents our security operations teams from being overwhelmed .
Can you explain how Bayad is now better prepared to adhere to industry best practices and compliance requirements ?
We are now better able to secure our data and digital platforms through Aqua ’ s robust functionality , which is a key imperative for adhering to industry best practices . Aqua ’ s solution helps us prevent the potential exposure of sensitive information , credentials and keys that could have led to account takeovers or system compromise .
Furthermore , Aqua ’ s solution provides much greater visibility , which is vital in highly-regulated industries . We are now able to monitor the entire application life cycle , which is crucial for enforcing compliance . u
50 www . intelligentciso . com