The Salt Security API Protection Platform provides API security across modern applications. The platform collects API traffic across the entire application landscape and applies AI/ML and big data to inventory all APIs, identify and stop attacks, and provide remediation insights to harden APIs.
The Salt Security platform identifies vulnerabilities in real time -- in pre-production as well as production environments -- and it integrates into app dev/build systems to ensure security from the moment APIs are created.
Changes in application frameworks, such as the adoption of Kubernetes, containers, and Cloud-Native architectures, as well as innovation initiatives such as digital transformation, cloud migration, and app modernization, have all driven a huge increase in the volume of APIs and therefore the need for API security. As a result, the Salt Security team, backed by Sequoia Capital and CapitalG, began exploring new methods for development and ultimately the infrastructure that supported the testing of their applications.
The Salt Security Challenge
As with many Cloud Native solutions, the Salt Security team believes that software development speed is a competitive differentiator. DevOps is an essential component to their success, just as much as security. While attempting to make DevSecOps a reality, Salt Security began to experience challenges:
Lack of visibility into locally-sourced IaC deployments
Inability to efficiently provision resources
Testing environment control
Infrastructure cost management
The biggest technical challenge was the ability to dynamically create and maintain namespaces within Kubernetes. The team faced configuration management challenges due to the duplication and ultimately struggled with scheduling, maintaining, and keeping these testing environments up to date.
These challenges hindered application delivery, and the teams began to feel the strain at a personal level due to inefficiencies, bottlenecks, and unnecessary overhead. Timing of planned work began to affect developers when their environments would go down without knowledge because of duplication and configuration issues.
The env0 solution
With env0, Salt Security manages and deploys Terraform from a unified platform. They now divide the appdev work into projects and environments, as well as provision, manage, and view all resources from a single platform. Among the ability to support the necessary DevOps and CI/CD solutions, the Salt Security team specified the following areas of improvement:
Developer Self Service The env0 platform enabled developers to provision environments independently while adhering to organizational requirements and standard policies.
Pre-Process Capabilities Salt Security reduced the number of configuration files and variables for most environments.
Finally, env0’s Role Based Access Controls (RBAC) quickly became a key differentiator for the Salt Security team. Their ability to restrict access to environments and projects, at a team, developer and cloud resource level was an extra benefit. Enforcing policies allows for shutting down specific environments during the weekend to save money.
Env0 allows me to enforce policies on specific environments without the need to constantly check and manually deactivate/activate them.
Gal Porat
Director of Devops, IT and Security
The Benefit to Salt Security
With env0, Salt Security further embraces the benefits of Cloud Native technologies and DevOps principles and practices while lowering cloud infrastructure costs and keeping information security top of mind. Developers self-service provision infrastructure when they need it, helping them stay on track with demanding timelines. Self-service saves the business money, and improves developer morale and effectiveness by eliminating bottlenecks and distractions that sap productivity.
About env0
env0 provides an automated, collaborative remote-run workflows management for cloud deployments on Terraform, Terragrunt and custom flows. env0 enables users and teams to jointly govern cloud deployments with self-service capabilities. env0 provides visibility into GitOps workflows of infrastructure changes. Leverage our granular RBAC permissions and limit access to IaC execution (e.g “terraform apply”), on production and other critical cloud resources. Implement any policy or check you desire with the freedom of an open standard Open Policy Agent guardrails. env0 can also help you prevent drifts with centralized remote-runs processes.
