Fortinet earlier this week said they plan to integrate FortiManager with HashiCorp’s Terraform to improve operations in the cloud and help companies automate security provisioning, eliminate errors caused by misconfigurations, and simplify the management of security policies.
According to Fortinet and HashiCorp, as organizations leverage the hybrid cloud and multi-cloud for speed and agility, they aim to automate and scale their DevOps lifecycle through the use of Infrastructure as Code (IaC) to quickly provision, configure, and tear down cloud infrastructure.
As a result, Maddison said cloud and network operational teams are often overwhelmed by managing infrastructure and deployments across the various different cloud environments they use — and “this integration provides organizations with more confidence to implement new applications while reducing their infrastructures’ complexities,” explained Maddison.
This news from Fortinet and HashiCorp stands at the bleeding edge of a market that we term as IaC security, said Frank Dickson, program vice president, security and trust at IDC. Dickson added that misconfigurations are the biggest threat to cloud environments, calling them the "bane of existence" for cloud, developers, and security practitioners.
“By implementing security leveraging Terraform at the creation of the environment, developers can proactively eliminate misconfigurations and reduce implementation complexities, making it easier to reduce threat exposure and eliminate the misconfiguration ‘whack-a-mole,’” Dickson said.
Kevin Dunne, president at Pathlock, said as companies shift resources to the cloud to support remote work, coordinating cyber security between on-premises and cloud in a hybrid environment has become a major area of focus and concern. Adding in the complexity of multi-cloud on top of the hybrid environment makes managing these cloud applications even more challenging, he said.
“Customers are looking for solutions with proven, easy to implement integrations across the multitude of platforms they need to support, to accelerate zero-day operations,” Dunne said. “The integration between Fortinet and Hashicorp will help to streamline these issues for modern enterprises looking to enable digital transformation while maintaining security.”
Although he admires what Fortinet and HashiCorp are attempting, Yaniv Bar-Dayan, co-founder and CEO at Vulcan Cyber, said everyone needs to keep in mind that the bad guys are also automating their exploits. He pointed out that speed is of the essence when it comes to zero-day exploits.
“We need to remember the adage: ‘If you automate a mess, you get an automated mess,’” he said. “Remediation intelligence is the critical piece to doing zero-day ops automation the right way. In other words, IT security teams need to quickly identify risk mitigation steps and then automate where appropriate. In a cloud scale world, automation is often the only way to defend efficiently.”