Introducing Secure, Automated IaC Deployments with Terraform
April 22, 2021
Automation is key to achieving true scale, and cloud security is no exception. Cloud innovators are increasingly deploying their workloads using Infrastructure as Code (IaC), and they are also looking for ways to automate the deployment of their security tools.
Tackling the Problem of Modern Cloud Security at Scale
Lacework has released comprehensive Terraform modules and CloudFormation templates for AWS that enable organizations to automatically add visibility and security to their rapidly-changing AWS environments.This allows customers to:
- Quickly and efficiently deploy Lacework workloads using Infrastructure as Code (IaC)
- Automatically add visibility and security to your rapidly-changing AWS environment, regardless of size
- Leverage industry-standard Terraform modules to get up and running quickly
- Send different types of alerts the proper response team, via the best channel (PagerDuty, DataDog, Slack, etc.)
- Deliver greater value to your business by eliminating the most time-consuming manual processes
Bringing State-of-the-Art Automation to Lacework Customers
Many Lacework customers running on AWS have embraced the new Terraform modules. In fact, over the past month, there have been over 20,000 deployments of the Lacework Terraform module. In fact, one AWS customer recently leveraged these new automations to deploy Lacework cloud security coverage into 150+ AWS accounts in under an hour.
Lacework has been able to build these extensive new integrations over the past several months with the tremendous support of HashiCorp and Coveo, a customer and critical development partner.
Looking to for more information about Lacework’s automated deployment capabilities? You can learn more by watching the “Automating Seucirty Deployment with Lacework Terraform Modules” demo video. You can also visit the Lacework blogs for an in-depth article entitled “Up and Running with Lacework Terraform Modules for AWS”.
For more information about the other AWS-related capabilities that Lacework recently announced, visit the blog “Lacework Expands Security, Visibility, and Automation Across AWS Environments”.
Following is a transcript of the embedded video “Automating Security Deployment with Lacework Terraform Modules”
Hi my name is Scott Ford, and I’m the Principal Architect of Technology Alliances at Lacework, and I’m going to do a short video for you on AWS deployment automation. Today we are going to talk about why the work we’re doing around automation, and why it matters, both to the company and to our customers. Lacework, of course, is our security platform that was built to tackle the challenges of modern cloud security at scale. And when we talk about scale, we’re talking about our largest customers who are securing often hundreds, many hundreds of AWS accounts with lots of variety and lots of changes that are going. Lots of different services and applications that are being deployed continuously.
Lacework is purpose built to be able to understand all of that change, build out baselines, and raise out relevant information for our customers so they can operate as securely as possible, and focus on their top challenges, which are really shifting their own digital businesses.
Now, we run at the scale problem. What I mean by that is that when a customer or a prospect comes to us, they may say “listen, our environment is really big. It’s really big. We’ve got 100, AWS accounts that we need to secure we need to integrate those into lacework and we need to secure that.” We run it that challenge we say “great, please, even in the trial, bring us your largest environments. We want to show you how this platform can handle the largest environments that exist out there.”
Now, when you’re talking about managing large environments, there are patterns that have been developed for many years, around how you manage large environments at scale. AWS is, you know, undeniably the largest cloud on the planet today. And one could look at all of the services for AWS and say if that’s the reason why AWS is so big. They’ve got the largest selection of services for you to build your digital business off of. But actually, there’s something else that’s really powering the reason why so many companies are able to adopt AWS, to automate AWS, to deploy applications at scale and to get their businesses running. This is the philosophy behind a lot of the work that we’re doing at Lacework.
What we’ve got here is a diagram of an application that’s deployed on AWS. If I want to deploy an application, do you think really that a developer is coming into the console here and looking for a elastic Kubernetes service and clicking through the console to launch out a new cluster and type it all out and do everything in the GUI? No. That’s not how elite performing companies operate. They operate AWS through AWS API’s through automation.
In this example, here is a big environment on the right of complex services that are running. But on the left, there’s code, there’s automation code that’s actually configuring these services, so they hit Amazon’s API’s and and tell Amazon to spin me up a Kubernetes cluster or to spin up a load balancer to create a VPC a virtual private network and get all of that launched out. This is really how the elite performers are operating. They automate everything from their cloud environments. This isn’t just AWS, but this could be your DataDog deployments or it could be your GitHub repos that you use for all the source code inside of your environment.
They’re all just services with API’s that need to be configured. And that’s not a job for human beings. Not for elite performing companies anyway. That is a job for automation to solve.
Undeniably one of the largest automation companies on the planet today of course is HashiCorp. HashiCorp has built a framework called Terraform, which allows you to automate all kinds of different cloud environmens.
We’re looking here at some examples of the cloud environments, AWS, Azure and Google Cloud – our big top three. Kubernetes also really important to Lacework. When you look inside of any one of these providers, their services have been made available for customers to build off of. At the same time, HashiCorp has made Terraform resources, which allow you to automate any of the configuration of the platform. And this allows customers like Lacework who use AWS to quickly spin up services, get value out of it and of course, spend more money with AWS. So AWS is winning there.
Now this philosophy is really no different when it comes to Lacework. As an example, we did a recent trial with a customer and they needed to want to really see how lacework handled their scale. It was as a gaming company who wanted to deploy 166 AWS accounts and integrate them into Lacework as quickly as possible. Now of course, all the settings that you need to go and configure Lacework to do those integrations do exist inside the UI. I could go through this process and I could click create new and do this 166 different times and get that all integrated. But that is a project that could take weeks to do, and it’s error prone. That is not a job for human beings.
For this reason, Lacework has invested a ton of time over the last year plus to develop our own Terraform providers. We’re really proud of this! You can see right now we’re, we have been building this Terraform provider and Terraform modules for integrating our customers cloud environments into Lacework. We’ve already had close to 20,000 installs of our Terraform provider in just a single year, which is just amazing.
Now it’s through these this work that that customer we taked about a minute ago was able to integrate all 166 AWS accounts in under an hour, in a single deployment session. This is really important for them to be able to get integrated get their environments, under observability of Lacework, and then to be able to start to realize the value of the platform.
But integration is just one step. When you look inside of Lacework, every single one of these things are different settings. I may have Lacework as a multi tenant platform so I may have many different sub accounts and I may have many different teams that are responding to events that Lacework is raising up. And so for each one of those accounts, I may have to go in and configure them and configure different alert channels. When we raise an alert, where do you want to send that? Do you want to send it to Pager Duty, DataDog, or Slack? Which team do you want to send that to? Those are all configurations that need to be put in place to get a customer, really getting value out of the platform.
Additionally, as you move down to newer capabilities that are coming down the line, we have custom policies that we’re going to be able to create and custom compliance reporting that we may need to to configure. All of these are an opportunity for configuration with automation.
To show you where we are today, we are down the path to providing custom resources for every single configuration of the Lacework platform. It’s not just the integration into AWS, for instance. It’s every single configuration inside of the Lacework platform. These are the same principles that are used to automate AWS itself, or to automate GCP,or automate Azure, or on and on…
Every single SaaS platform out there is something that a team has to manage, and if they’re spending time managing that using manual processes, then they’re not actually delivering real value to the business. And so Lacework has taken a different approach where we are focused on providing state-of-the-art automation for our customers so that they can automate more, get more value out of the platform and and continue to be a customer for life.