Pulumi today added the Pulumi Insights app for cloud asset discovery in addition to providing a previously launched tool to centralize overall cloud security management.
The offerings were announced at the company's annual PulumiUP conference, and expand the company's portfolio beyond the infrastructure-as-code (IaC) tool the company initially offered.
“Pulumi Insights and Pulumi Environments, Secrets, and Configuration (ESC) do not require organizations to adopt Pulumi’s IaC tool,” said Pulumi CEO Joe Duffy. “However, organizations that do can better implement security controls on cloud computing environments that are typically configured by developers using IaC tools.”
At the heart of the Pulumi platform is Pulumi CrossGuard, its policy as a software engine, which has recently been expanded with a generative artificial intelligence (AI) tool called Pulumi Copilot. In total, Pulumi now supports over 170 public, private, hybrid, and software-as-a-service (SaaS) platforms.
More than a decade after the advent of cloud computing, organizations are still struggling to secure these environments. The challenge many organizations face is that cloud services are typically provided by application development teams that care more about productivity than security. Many of them lack the expertise to configure these services securely. On the other hand, cybercriminals have become particularly adept at discovering and exploiting a misconfigured S3 cloud storage service to exfiltrate data.
Unfortunately, cybersecurity teams often lack the tools to first discover what assets they have in the cloud, and then determine what level of security to enforce. Compounding this problem is a shared cloud security model that often leaves many organizations unsure of what they are responsible for securing versus what their cloud provider will specifically secure on their behalf. Duffy said the latest additions to the Pulumi suite are designed to help bridge that gap.
It is not clear exactly who is responsible for cloud security within organizations now. In many cases, cybersecurity responsibility still lies with cybersecurity teams, but with the emergence of platform architecture as a methodology for managing IT responsibility for cloud security, responsibility is shifting in some cases. The DevOps engineers who make up these teams typically increasingly use DevSecOps best practices to ensure the security of cloud resources programmatically. However, the level of DevSecOps maturity is likely to vary widely from organization to organization.
As more cloud platforms are used by organizations, implementing DevSecOps practices becomes more difficult. The more cloud platforms an organization uses, the more likely it is that one or more of these services will be misconfigured. Even more problematic, application developers often view cybersecurity teams as a hindrance to productivity despite the level of risk that the organization may now inadvertently be exposed to.
Regardless of the approach taken to solve this problem, cybersecurity and emerging platform engineering teams have a vested interest in ensuring cloud security, especially as part of any effort to better secure software supply chains.
The challenge, as always, is to unite people around a consistent set of processes to ensure cloud security goals are achieved and, more importantly, maintained.
