Release Features More Frequently.
Securely.

Embedding Developers Know-how as Security Policy

With the increased complexity of cloud workloads, security configuration and tests must shift left, or move into previous steps in the development pipeline. This means that developers are now also responsible for delivering a secure code. With Alcide embedded policies, developers can bake-in security policies into their microservices at design time, and enforce it automatically at runtime. 

Alcide embedded policy allows deploying security policy configuration into the CI/CD pipeline and enforces security policy for the newly created workload (container, pod or VM) automatically. This ensures that the new entity is immediately granted with the access it requires for normal functioning.

The result: Security teams are more confident with the code they deploy as the developer’s application know-how is already embedded as whitelist into workloads.

Scroll down to read a real-time scenario:

Dean, the developer
Hi Sam, I created this app in this Kubernetes deployment yaml
Sam, the security guy
OK, what does this app need to do?
Dean, the developer
It reads data from twitter and stores it in S3
Sam, the security guy
OK. But I see on the platform that it's also connecting to facebook, on top of twitter. Is this the correct behavior?
Dean, the developer
No! I need to figure this out
Sam, the security guy
You do know that with Alcide you can whitelist the twitter and S3 connections so anything else will be blocked, right?
Dean, the developer
Right, so I will now apply a policy and state that for our nginx deployment, it can only access twitter and S3..I'm adding firewall rules for this specific workload
Sam, the security guy
Great, I can see the firewall rules you’ve added in the yaml
Dean, the developer
Excellent. We're all set now. Any connection to facebook or any other domain, will be dropped and trigger an alert.