Business
Qualys CloudView Adds Security for Infrastructure as Code Enabling DevSecOps Teams to Start Secure and Stay Secure
New capability shifts security left by detecting security risks in cloud resource configurations before they are deployed FOSTER CITY, Calif., Nov. 2, 2021
About this update from Qualys, Inc.
[{"type":"text","content":"New capability shifts security left by detecting security risks in cloud resource configurations before they are deployed\n\n\nFOSTER CITY, Calif., Nov. 2, 2021 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is adding Infrastructure as Code (IaC) scanning to its CloudView app. This will enable detection and remediation of misconfigurations early in the development cycle, removing risk in the production environment.\nAs noted in the (ISC)2 2021 Cloud Security Report , security professionals' biggest threat with public clouds is the misconfiguration of resources. Misconfigurations are often detected post-deployment, leaving companies with a much larger attack surface and more vulnerable to exploits. Increasingly, organizations are using IaC to deploy cloud-native applications and provision their cloud infrastructure. Thus, it's important to shift security left to identify and remediate misconfigurations at the IaC template stage. Detecting security issues earlier in the development cycle accelerates secure application delivery and fosters greater collaboration between DevOps and security teams. More importantly, it enforces better security policies in the production environment. \n\"Security and risk management leaders managing cloud infrastructure security should create safe-to-fail environments to facilitate developer innovation by integrating intelligent security tooling with delivery pipelines (such as infrastructure-as-code [IaC] scanning) to identify risks early and alert on unsafe workloads before they are deployed.\" Gartner®, Cool Vendors™ in Cloud Security Posture Management, Tom Croll, Neil MacDonald, Mark Wah, Prateek Bhajanka, June 9, 2021. \nQualys CloudView allows complete visibility and security control of public cloud workloads and now assesses IaC templates for misconfigurations. IaC assessments are integrated into the software development cycle to ensure that only code conforming to the organization's security standards is deployed. Qualys' Cloud Platform approach delivers complete visibility, bringing together runtime and build-time posture and the drift between the two into a single view.\nThe new capabilities enable organizations to: \nAssess security posture throughout CI/CD pipelineOrganizations ...