Announcing Resourcely Guardrails

How cloud infrastructure policies keep configuration on the rails
AUTHOR
Chris Reuter
PUBLISH DATE
July 29, 2024

Cloud infrastructure misconfiguration is a fact of life. In a world of infrastructure-as-code (IaC) and DevSecOps, where software engineers are configuring & deploying infrastructure, it might seem unavoidable.

Today we’re announcing Resourcely Guardrails: cloud infrastructure policies that ensure improper misconfiguration never makes it into production. Guardrails keep your infrastructure safe from harmful actions.

Problem: the wrong configuration is making it into production

If your company is using IaC, and making configuration choices at scale, it is nearly certain that improper configuration is making its way into your production environments. Bad configuration like...

  • Public access
  • Overly permissive roles
  • Costly oversizing
  • Accidental deletions

...are causing pain for security, platform, and DevOps teams at companies of all sizes. When these harmful commits make it into production, they routinely cause incidents, outages, breaches, and other security issues.

Incidents have a two-fold impact: potentially millions in cost from downtime or hacks, and the day-to-day triage burden felt by security, platform, and DevOps teams that are responsible for cloud platforms.

Incidents like a data breach have an average cost in the US of nearly $10M, and misconfiguration has caused a variety of notable outages - no company is immune.

Understaffed security and platform teams are often stuck in operations hell, reviewing requests manually and spending all of their time identifying vulnerabilities or triaging issues in production that weren’t caught at commit time.

Guardrails in practice

Guardrails give security and platform teams an automated way to implement, enforce, and track infrastructure rules. They can be customized in the Resourcely UI, or written using Really: our policy language built to be easy to write & maintain.

Rego policy, locking down your GCP SQL Database

Equivalent Really policy

Resourcely Guardrails are unique because they are enforced at both development and deployment time. Guardrails are attached to Blueprints, keeping developers on track with proactive feedback. They are ultimtaely enforced as part of your existing CI tooling, with Guardrail violations flagged for approval and routed to the appropriate team. This way, improper configuration never makes it into production.

Finally, Guardrails support over 3,200 cloud resources from a variety of partners from AWS, Azure, and GCP to Datadog, Snowflake, HashiCorp, and Spacelift.

Security teams ensure the safety of their environments, seamlessly integrated within developer workflows. Guardrails allow them to mitigate risk, eliminate incidents, and build secure defaults without getting in the way of engineers.

Platform teams ensure the health of the cloud they own, getting rid of manual reviews for common issues like accidental deletions, oversized infrastructure, and more.

Conclusion

Guardrails prevent insecure actions by default, without slowing down development teams. The only way to scale while keeping your infrastructure secure and healthy is by building automatic protections.

Getting started with Guardrails is easy: you can start with just 1 Guardrail, and use Resourcely with your existing Terraform. Try them out today at https://www.resourcely.io/sign-up!

Ready to get started?

Set up a time to talk to our team to get started with Resourcely.

Get in touch

More posts

View all
July 16, 2024

Why we built Resourcely

Solving the misconfiguration problem
September 23, 2024

Insights from the a16z Security Theme Week 2024

Takeaways from meeting dozens of security leaders at Fortune 250 companies
September 27, 2024

Incident Review: The Arc Browser Vulnerability

How you can prevent Firebase misconfiguration

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!