Post banner
DevSecOps 3 Min Read

How to Ensure Simple and Efficient Security Deployments

On the heels of the recent announcement that Threat Stack has joined the Chef Partner Cookbook Program, it’s a good time to talk about some of the advances we’ve made in our configuration management (CM) and automation tools over the past few months — and to emphasize that these are part of a larger set of criteria that differentiate the Threat Stack platform.

Automation is a key element in security today and it plays an increasingly significant role in successful provisioning and deployment by boosting speed and accuracy. To enhance automation, Threat Stack has added numerous features — some large and some small — so customers can deploy as simply, quickly, and effectively as possible.

The Threat Stack team believes that there are four other characteristics (in addition to automation) — universality, flexibility, reliability, and usability — which, together, mark the difference between a feature-centered solution and a user-centered solution designed to help customers manage cloud security with speed, accuracy, and confidence.

Universality

Configuration management has become an essential part of provisioning, deploying, and maintaining software in the cloud, and therefore Threat Stack made a decision to support all major platforms including:

As part of our product enhancement strategy, we have modified Threat Stack to achieve feature parity among these CM platforms, thereby ensuring that all our customers receive the same level of support regardless of the tools they use.

Flexibility

Cloud environments are inherently complex and vary greatly depending on the way people use them. As such, it’s important to have an integration that is flexible enough to handle a range of use cases. Here are a few that we’ve addressed recently:

  • Supporting AMIs. Our configuration management installs the Threat Stack agent package and registers a host with the platform. But let’s say a customer wants to bake the agent into their AMI to cut the time it takes to scale in new instances. Previously, every new host would end up having the same platform key, so we modified Threat Stack so users can install the agent during AMI creation and leave registration until later when a new host instance is created.
  • Managing Segregated Hosts. We have given customers the ability to use alternative package sites, for example their own, so they can better control their agent distribution. Consider the following scenarios. Perhaps a host is not allowed to talk to the Internet, or a customer prefers to fully own their own availability. We have provided customers with agent packages from our APT and YUM repositories, but this doesn’t work for all organizations. Some may have systems that lack network egress rules to reach us because they’re trying to prevent exposure to sensitive systems. Others might be sensitive to the risk of relying on third parties for packages (which can be particularly important to organizations with dynamic scaling since a failure in a third-party repository could make it impossible to scale in new host resources to meet demand).
  • Performing Controlled Rollouts. To enable organization to perform controlled rollouts across their environments, we modified our configuration so the agent version can be locked.

Reliability & Assurance

As a cloud-native platform, Threat Stack always wants to move fast — but not at the expense of reliability because customers depend on the platform to operate securely and scale as required.

To ensure that customers can reliably install, configure, and operate Threat Stack, we use RSpec to assure full code coverage of the Threat Stack configuration management modules (where possible — keeping in mind that SaltStack does not have a spec testing framework). Tests are then executed using Travis CI before code is merged, tagged, and released.

Usability & Support

Understanding complex software, ideas, and procedures can be difficult at the best of times and almost impossible if they’re presented from an engineering- or feature-centric point of view. Threat Stack’s belief in usability starts deep in the software with logical workflows, extends through the user-centered interface, and continues into platform-specific, user-centered documents that enable customers to understand concepts quickly and execute deployment and configuration tasks with accuracy and confidence.

Conclusion

Threat Stack never sets out to simply meet a set of technical requirements. Development is driven by requirements and by the principles of usability, universality, flexibility, and reliability. Success is measured in terms of customers who can easily use Threat Stack to do the job fast and safely. The customer experience starts with a simple and efficient deployment.