Episode Summary for Bridgecrew: Cloud Security with Barak Schoster
Introduction to Bridgecrew
As cloud technology begins to grow, maintaining security of vulnerable data can become a pressing issue for many companies. The CTO of Bridgecrew, Barak Schoster, explains the vision behind the company as it aims to monitor infrastructure and security errors from being deployed into production. Bridgecrew focuses on ‘bridging the gap between code and security’. Often, teams may neglect best practices of security and this can result in time-consuming and expensive errors for the future. Barak discusses common sources of misconfiguration, including copying solutions from websites that lack knowledge of best practices. In fact, almost 50% of any open source repository is misconfigured by default, so remaining mindful of the information used is critical. This is an issue that can be dangerous if not addressed earlier as it can put valuable company data at risk.
Development life cycle of Cloud Infrastructure
Barak expresses the importance of reviewing code after each stage before production. The earlier an issue is identified, the easier it is to fix.
- Stage 1: Identify misconfiguration when writing the actual code – Bridgecrew offers a VSCode extension, Chekov, that guides developers to fix security issues
- Stage 2: CI/CD running process – Bridgecrew enables collaboration and visibility to different teams to resolve issues alerted by automated bot.
- Stage 3: Continuous deployment – scan the plan of a Terraform before applying the change to a running environment.
- Stage 4: Runtime configuration scanning – provides continuous assurance that the production environment is in a good state.
Bridgecrew leverages services provided by AWS to build their platform.
- AWS Lambda – core compute infrastructure for short leaving tasks and supports any scale of scanning without issues.
- To account for a Lambda timeout, they added SQS queues and partitioning logic.
- ECS Fargate – core compute infrastructure for long leaving tasks.
- Chose Fargate over Kubernetes as it was more simple to configure and maintain.
- API Gateway and CloudFront – simplifies CDN, manages different access keys and scaling, integration to a web application firewall.
- AWS Cognito – manages different users and tenants of customers.
- APM – proactive approach to define a threshold and alert the owning team.
Future of the Company
With the rise of cloud computing, Bridgecrew has many opportunities to create more productivity tools for engineers to solve larger security problems. Moreover, Barak wants to ensure that Bridgecrew has a strong integration with different version control systems to enhance team collaboration. It is also important to offer fast onboarding and guidance to new users to reduce confusion. Barak shares some important lessons learned that he hopes to carry through his journey at Bridgecrew.
- Listening to the needs of your customers
- Giving professional services to understand the daily experience of SRE teams
- Learning how to improve internal communication amidst a pandemic
- Maintaining an open source tool and community