Cloud infrastructure misconfiguration is a fact of life. In a world of infrastructure-as-code (IaC) and DevSecOps, where software engineers are configuring & deploying infrastructure, it might seem unavoidable.
Today we’re announcing Resourcely Guardrails: cloud infrastructure policies that ensure improper misconfiguration never makes it into production. Guardrails keep your infrastructure safe from harmful actions.
Problem: the wrong configuration is making it into production
If your company is using IaC, and making configuration choices at scale, it is nearly certain that improper configuration is making its way into your production environments. Bad configuration like...
- Public access
- Overly permissive roles
- Costly oversizing
- Accidental deletions
...are causing pain for security, platform, and DevOps teams at companies of all sizes. When these harmful commits make it into production, they routinely cause incidents, outages, breaches, and other security issues.
Incidents have a two-fold impact: potentially millions in cost from downtime or hacks, and the day-to-day triage burden felt by security, platform, and DevOps teams that are responsible for cloud platforms.
Incidents like a data breach have an average cost in the US of nearly $10M, and misconfiguration has caused a variety of notable outages - no company is immune.
Understaffed security and platform teams are often stuck in operations hell, reviewing requests manually and spending all of their time identifying vulnerabilities or triaging issues in production that weren’t caught at commit time.
Guardrails in practice
Guardrails give security and platform teams an automated way to implement, enforce, and track infrastructure rules. They can be customized in the Resourcely UI, or written using Really: our policy language built to be easy to write & maintain.
Rego policy, locking down your GCP SQL Database
Equivalent Really policy
Resourcely Guardrails are unique because they are enforced at both development and deployment time. Guardrails are attached to Blueprints, keeping developers on track with proactive feedback. They are ultimtaely enforced as part of your existing CI tooling, with Guardrail violations flagged for approval and routed to the appropriate team. This way, improper configuration never makes it into production.
Finally, Guardrails support over 3,200 cloud resources from a variety of partners from AWS, Azure, and GCP to Datadog, Snowflake, HashiCorp, and Spacelift.
Security teams ensure the safety of their environments, seamlessly integrated within developer workflows. Guardrails allow them to mitigate risk, eliminate incidents, and build secure defaults without getting in the way of engineers.
Platform teams ensure the health of the cloud they own, getting rid of manual reviews for common issues like accidental deletions, oversized infrastructure, and more.
Conclusion
Guardrails prevent insecure actions by default, without slowing down development teams. The only way to scale while keeping your infrastructure secure and healthy is by building automatic protections.
Getting started with Guardrails is easy: you can start with just 1 Guardrail, and use Resourcely with your existing Terraform. Try them out today at https://www.resourcely.io/sign-up!