In the public cloud every new component or configuration creates the possibility for a new security flaw. Maintaining enough visibility to spot these flaws can be difficult when using out-of-the-box tools. Teams need the power of third party solutions to keep DevOps units blazing new trails without burning down the entire forest.
One good example of this in action is Apigee. The API company is growing fast in its public cloud operations and is learning valuable lessons as it grows. Apigee is a Dome9 customer, and we recently had the chance to meet with Layne Bro, Head of Information Security at the company, to find out what he’s learned about the importance of third party tools when it comes to public cloud infrastructure security.
Dome9: Can you tell us a bit more about what Apigee does and how it utilizes the resources of the public cloud?
Bro: Apigee is the leading provider of Application Programming Interface (API) technology and services for enterprises and developers. Apigee helps its customers manage API complexity and risk across multi-cloud environments, ensuring security, visibility, performance and accelerating the pace of digital business. The Apigee Edge API management solution covers everything from backend systems of record to the customer who interacts with an application. Over 30% of the Fortune 100, four of the top five Global 2,000 retail companies, and five of the top 10 global telecommunications companies rely on Apigee.
Dome9: As a public cloud power-user, what sort of issues have you come across at these levels of utilization?
Bro: As a 100% cloud-based company, Apigee depends on the cloud for both development and production. The public cloud is a great fit for Apigee’s agile development model and DevOps processes. But with hundreds of security groups across several regions, it was becoming difficult for Apigee to keep track of security policy configurations and ensure that these policies were being enforced. The company needed a tool that not only provided security visualization and management, but ongoing enforcement of security best practices.
Dome9: What were some of the tools that you chose and what value did they offer your organization?
Bro: Apigee turned to Dome9 for the solution to many of our problems. The Dome9 Arc platform delivers comprehensive security and compliance management across public cloud infrastructure, allowing teams to visualize their security posture, identify and mitigate risks and threats, model policies, and conform to security best practices. Dome9 Clarity is a powerful visualization tool that displays the network topology of all cloud assets in real-time, including security groups, instances, templates and more, allowing potential misconfigurations and security threats to be quickly identified and fixed. Dome9 Clarity was a strong selling point for the Dome9 solution within Apigee. Once managers and engineers saw the powerful visual representation that Dome9 Clarity provided, including VPC Flow Log overlays, they recognized that it was not only a security tool but a valuable tool to support operations.
Dome9: What were some ways that Dome9 Arc was able to help you keep your environments secure?
Bro: Dome9 Arc immediately identified over 150 security groups that might be at risk, providing information that Apigee was able to act on without delay. It allowed Apigee to see who was making changes to security groups and lock down the environment using the Dome9 Region Lock feature, so that changes could only be made through authorized administrators using the Dome9 console.
Dome9: Has Dome9 Arc been a direct asset to the unique requirements of your team?
Bro: Apigee has a relatively small security and IT teams. Just a handful of people are responsible for multiple cloud environments and multiple accounts across twelve regions around the world with thousands of security groups. The Dome9 Arc platform automates the entire security environment and sends alerts if something goes wrong. The automation has resulted in substantial security headcount cost savings with Apigee not having a need to hire additional security personnel as the company has grown.
“To succeed in a busy and growing DevOps environment, we need to empower all of our employees to get their jobs done on their own, while maintaining oversight and control over what is changing. Dome9 allows everyone to do what they need to do, without sacrificing the ability to monitor and stop changes that aren’t supposed to happen.”
– Layne Bro, Head of Information Security, Apigee
Apigee pushes code frequently. With just a handful of IT and security people supporting over 400 employees, everything has to be fast and simple. To succeed in a busy and growing DevOps environment, we need to empower all of our employees to get their jobs done on their own, while maintaining oversight and control over what is changing. Dome9 allows everyone to do what they need to do, without sacrificing the ability to monitor and stop changes that aren’t supposed to happen.