DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Solving the Enduring Pain of Authorization With Aserto’s Co-Founder and CEO, Omri Gazitt
  • Keep Your Application Secrets Secret
  • AI-Based Threat Detection in Cloud Security
  • Building Enterprise-Ready Landing Zones: Beyond the Initial Setup

Trending

  • Building Enterprise-Ready Landing Zones: Beyond the Initial Setup
  • From Zero to Production: Best Practices for Scaling LLMs in the Enterprise
  • Kubeflow: Driving Scalable and Intelligent Machine Learning Systems
  • Microsoft Azure Synapse Analytics: Scaling Hurdles and Limitations
  1. DZone
  2. Popular
  3. Open Source
  4. The Role of Open Source in Cloud Security: A Case Study With Terrascan by Tenable

The Role of Open Source in Cloud Security: A Case Study With Terrascan by Tenable

Open-source software and cloud-native infrastructure are inextricably linked and can play a key role in helping to manage security.

By 
Christina DePinto user avatar
Christina DePinto
·
May. 18, 23 · Opinion
Likes (2)
Comment
Save
Tweet
Share
3.6K Views

Join the DZone community and get the full member experience.

Join For Free

From Kubernetes to Argo to Docker to Terraform, the most influential cloud-native innovations are open source. The high velocity and mass adoption of projects like Kubernetes show that in order to keep pace with innovation, the cloud-native community must come together, share best practices, foster collaboration, and contribute to next-generation technologies. 

Open-Source and Cloud-Native

The Cloud Native Computing Foundation (CNCF),  the largest open-source community in the world and the host of international events like KubeCon + CloudNativeCon and CloudNativeSecurityCon, rallies around the idea that open source and democratizing innovation are the best ways to make cloud-native technologies widely available. As a subset of the Linux Foundation, the CNCF brings together thousands of developers and cloud architects around the world to create and maintain hundreds of cloud-native open-source projects.

With cloud infrastructure becoming increasingly complex, open-source tools like Terrascan by Tenable can help ensure the code developers write to provision cloud resources is secure and compliant with industry standards. By providing transparency and flexibility, open-source software can help organizations customize their security solutions to meet their unique needs and adapt to changing cyber threats. 

Many companies are taking advantage of these benefits. According to Open UK’s “State of Open: The UK in 2021 Phase Three The Values of Open” report that surveyed over 273 respondents, the vast majority (89%) are using open-source software. 

Let’s look at how cloud security might play out using Terrascan by Tenable as an example. 

What Is Terrascan by Tenable? 

Terrascan by Tenable is a static code analyzer that can detect compliance and security violations across infrastructure as code (IaC) to mitigate risks before provisioning cloud-native infrastructure. You can scan many IaC types, including Azure Resource Manager, Kubernetes, Docker, and Terraform (hence the name “Terrascan”). 

Because it’s a code analyzer, Terrascan can be integrated into many tools in the development pipeline. When integrated, misconfiguration scanning is automated as part of the commit or build process. It can run on a developer’s laptop, a software configuration manager (SCM) (e.g., GitHub), and continuous integration/continuous development (CI/CD)servers (e.g., ArgoCD and Jenkins) or in your browser with the Terrascan sandbox. In addition,  it also has a built-in admission controller for Kubernetes, which helps control new resources created on a cluster. With integration into Kubernetes admission controllers, you can prevent insecure resources from entering your Kubernetes environment. 

Terrascan by Tenable in Action: A Case Study

To illustrate the benefits of Terrascan, let's consider a hypothetical scenario based on real-world customer experiences in which a company is migrating its on-premises infrastructure to the cloud. The DevOps team is using Terraform to automate infrastructure provisioning, but the security team is concerned about potential security issues in the company’s code and the propagation of misconfigurations in runtime. Because of this, they have to slow down developers and ensure that all IaC is secure through rigorous manual processes. 

Terrascan scans the company’s Terraform code against a set of policies based on industry frameworks, such as the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST), and identifies weaknesses in the developers’ code that could allow unauthorized access to port 22 (SSH). By discovering the problem in the code, the security team can require the cloud resource to only allow secure shell (SSH) access from a specific subnet classless inter-domain routing (CIDR) that complies with their security policies.

As a result, developers are able to remediate the issue before it leaves a developer workstation, gets pushed to a git repository, or is provisioned in the cloud. They’ve saved time and headaches, ensuring that their cloud environment is secure and compliant with industry — and their security team’s —  standards.

Terrascan has more than 500 built-in policies. By integrating Terrascan into CI/CD pipelines, developers ensure their code is scanned for security issues at every stage of development. They’re making sure that only secure code makes it into production. 

In summary, open-source tools like Terrascan are an important part of ensuring security in cloud infrastructure. By standardizing security policies and democratizing access to them, the cloud-native community can work together to identify and mitigate potential risks, ultimately creating a more secure cloud environment for everyone.

Open source Cloud security

Published at DZone with permission of Christina DePinto. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Solving the Enduring Pain of Authorization With Aserto’s Co-Founder and CEO, Omri Gazitt
  • Keep Your Application Secrets Secret
  • AI-Based Threat Detection in Cloud Security
  • Building Enterprise-Ready Landing Zones: Beyond the Initial Setup

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!