Cyber Defense Advisors

Cisco Secure Workload: Policy-as-Code Is a Win-Win for Everyone

The last few years have proved to be a catalyst for digital transformation for many of our enterprise customers. Application modernization and adopting multicloud are the foundational building blocks for digitizing business. Customers employ CI/CD (continuous integration, continuous delivery) to modernize their applications, building them on a cloud infrastructure. This evolution has given rise to new application security challenges in terms of speed, scale, as well as new and unfamiliar control points – not to mention siloed organizations and tools.

To address these security challenges, Cisco Secure Workload delivers zero trust microsegmentation in an infrastructure, location, and form factor agnostic way. It safeguards application workloads, wherever they live across the hybrid and multicloud environment. The recent release of Secure Workload 3.7 introduces “policy as code” support – delivering security at the speed of DevOps. It enables Secure Workload to be integrated with the customer’s choice of CI/CD toolchains, such as Jenkins or GitLab, and ingest the application security policy during the build phase of the application. Secure Workload then renders the policies onto the relevant workloads when the application goes live.

As the graphic below illustrates, Secure Workload ingests policies using Terraform or Ansible, which are widely adopted tools used by the DevOps team to automate infrastructure related tasks. Secure Workload integrates with the CI/CD toolchains using a YAML (.yml) manifest to ingest the policy. It then programs the same policies to the relevant enforcement point to achieve least privilege access for the newly built or upgraded application.

 

Secure Workload Policy as Code example

 

Policy as code helps customers automate policy deployment at the speed and scale of modern applications. It also simplifies collaboration between DevOps/DevSecOps and NetSec teams. The policies are written in the application language and give appropriate controls to developers to write their requirements into the application while the NetSec team ensures full compliance to the infosec policies dictated by the CISO organization.

In summary, Secure Workload removes the barriers to achieving automated application deployment across highly distributed multicloud environments, without compromising security, compliance, or user experience. The result – stronger security, faster application deployment, and more efficient collaboration.

For more information on policy as code, contact your Cisco Account Team or Partner Account Manager.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn