New DevSecOps Capability Brings Active Policy Enforcement and Automated Compliance to Application Delivery and Deployment
SUNNYVALE, Calif. Oct. 23, 2023 – OpsMx, the leader in secure software delivery, today announced the release of the industry’s first deployment firewall, a new approach to ensuring application security without burdening application developers. With a deployment firewall, only application releases that have passed all of an organization’s security checks and operational policies are allowed to be deployed to a production environment. Customers can add a deployment firewall to their existing CI/CD process to support compliance with industry standards such as NIST 800-53, HIPAA, and PCI. Deployment firewall capabilities are included in OpsMx’s Deploy Shield product.
“A deployment firewall gives organizations a simpler, more effective way to enforce their own software delivery process,” said Gopal Dommety, CEO and founder of OpsMx. “Organizations know what they need to do for application security and release compliance, but are too often stuck with siloed data and scattered teams operating on an honor system. The deployment firewall combines rich data sets and good intentions to make security policies actionable.”
Recent efforts on application security and securing the software supply chain have largely focused on the application development process. Security responsibilities have “shifted left” to development teams. While this is a critical part of end-to-end application security, enforcing security policies and demonstrating compliance is challenging when responsibilities are spread across distributed development teams, each with their preferred toolset and operating model.
The deployment firewall is designed to make the CI/CD process a single, consistent point of control for security across releases coming from multiple development teams. Just as a network firewall blocks “bad actors” from accessing a network, a deployment firewall blocks “bad application releases” from being deployed to production environments. A deployment firewall evaluates a release against a wide range of policies, automating the pre-release checklist, which today is often conducted manually by Operations and SRE teams. Examples include:
- Manifest Security. Has the manifest file been modified since last deployment? What changed? Do the specifications for things like service to service communications, open ports, protocols comply with the organization’s security policies?
- Security Vulnerabilities. Has the release been scanned for vulnerabilities? Are there unacceptable vulnerabilities? If the release needs to go out anyway, has a policy exception been recorded?
- Artifact Integrity. Do the images to be deployed match those generated at the last application build? Have images or their dependent libraries been modified post-build?
- Infrastructure Readiness. Does the target deployment platform meet security requirements, such as CIS benchmarks?
Release Quality and Performance. How does the quality and performance of the new release compare to the release currently running in production? This can be used to automate progressive deployments.
- Operational Controls. Has the release been approved, for example with a Jira ticket? Does the release comply with restrictions on when and where applications can be deployed?
OpsMx provides a core set of Deployment firewall rules that customers can extend and customize. Deployment firewall rules can be used to check compliance with specific requirements of industry frameworks, such as NIST 800-53, PCI, and HIPAA. A “Deployment Simulation” feature allows developers to check their release for compliance before it is time to deploy, minimizing unwanted last minute surprises.
OpsMx has designed its deployment firewall to work with an organization’s existing CI/CD tools and processes. As part of the OpsMx Deploy Shield product, the deployment firewall can be added to existing Jenkins, Argo, and Spinnaker implementations, with support for GitHub Actions and GitLab to follow. For customers who need a secure, modern CD platform, the deployment firewall is also available in OpsMx’s Secure CD solution. The data used by the deployment firewall is collected through integrations with existing DevOps tools – developers can continue to use their preferred tools.
OpsMx will be demonstrating the Deployment Firewall at Kubecon 2023, November 6-9, 2023. OpsMx has added deployment firewall capabilities to the OpsMx Deploy Shield and OpsMx SecureCD products. Both are available today.
- OpsMx Deploy Shield product includes the deployment firewall
- OpsMx Secure CD product includes the deployment firewall
- A Deployment Firewall To Keep Bad Code Out keynote presentation at DevOps Conclave 2023 by Shashank Srivastava, General Manager, OpsMx Asia Pacific
- “Why You Need to Worry About Delivery and Deployment Security to Protect Your Software Supply Chain?”, a blog by Gopal Dommety, CEO and founder, OpsMx
- ArgoCon – November 6, 2023 – OpsMx CTO and Gopinath Rebala and Vice President of Product Bob Boule will present, “Enforcing Supply Chain Security and Simplifying Compliance Audit for ArgoCD Deployments”
OpsMx simplifies and intelligently automates secure software delivery, enabling hundreds of thousands of developers at Google, Cisco, Western Union, and other leading global enterprises to ship better software faster. OpsMx is the first platform specifically designed to securely deploy applications in container, virtual machine, and multi-cloud environments. The company’s 120 employees serve customers from offices in Silicon Valley, Hyderabad, and Bengaluru, with funding from Dell Technologies Capital and Foundation Capital. For more information, visit www.opsmx.com.
All product and company names herein may be trademarks of their registered owners