Resourcely

Join us June 11th for an interview-style livestream with former Netflix head of security Jason Chan and Resourcely CEO Travis McPeak. We'll deep-dive into DevSecOps and experiences trying to implement it. We'll cover: - How DevSecOps got started - Hear some real stories about adopting DevSecOps at modern organizations like Netflix - What's wrong with DevSecOps today - The future of security embedded into developer workflows See you on June 11th!

Let's talk about using Blueprints... Blueprints allow you to do 3 things: 1. Define which options are available for properties of your resource(s). 2. Apply guardrails to your resource(s) to prevent misconfiguration. 3. Define what information to collect from your developers before resource provision. Once a blueprint has been configured for use it becomes available in the Resourcely service catalog. There are 2 different types of blueprints - Resourcely Blueprints and External Modules. Blueprints are configurable templates used to provision cloud infrastructure resources - Today, they help produce Terraform configuration. Tomorrow, they will help you produce more types of configuration. The last time we looked there were over 1338+ resources in AWS, 1071+ resources in Azure, & 772+ resources in GCP Our Blueprints support all of them, plus many other services such as Datadog, Okta, Snowflake, GitHub, ConductorOne, and Spacelift... plus more on the way! Provision everything from storage buckets and databases... ..or a set of interconnected and dependent services... ...or creating IAM users / service accounts and being able to block those (or require them to have an exception tag/label) with an approver required. In just a few clicks and user input, you will receive secure by default terraform that will issue a pull request to your version control system like GitHub and GitLab. Some items which make our developer experience world class: Use Global Contexts - context-prompting questionnaires to gather data from developers before provisioning a resource. Why? Most configure is context dependent. Are you storing PII data versus company sensitive data? Use Environments to have different or the same settings for different environment such as dev, staging, prod per blueprint input setting. Restrict values based on specific guardrail conditions. For example, instance types should be small. Based on the context and environmental conditions, we can emit resources or properties. For example, we might emit public access blocks or tags. Resourcely is not a CICD platform. We are not a Terraform Runner. You can integrate Resourcely with any of your existing CICD tooling. PS. You can manage everything as code with our Resourcely Terraform Provider. Friends don't let friends write misconfigured terraform. VALUE ADDED OFFER Join our team for a demo, then if you get excited like most folks have been; we invite you to leverage our proof of value and our team will create a couple of custom blueprints for your specific use case. #terraform #iac #blueprints

In this Incident Review... We cover 3 different times that misconfigured AWS cloud resources resulted in incidents. Ranging from an ethical discovery, to a breach that cost hundreds of millions of dollars, Banks, retailers…nobody is safe. See how you could avoid the million dollar mistake 👇 https://lnkd.in/gJCCa_nY #aws #cloud #misconfiguration

Are you using Terraform modules to streamline infra deployment and configuration? That can get hairy, fast: 🍴Any resources created by the module can’t be edited, and are locked-in to the module you just used ✏️ Ever wonder there area thousands of forks of every common module out there? If the module you’re using doesn’t include a parameter you need, you are going to be changing and maintaining the module itself 📈 Modules often morph into “kitchen sink” monoliths that become unwieldy and difficult to maintain 🔒 Developers are often just googling and pulling the first module they find from the public internet. That’s scary… 🔍 Even if you maintain your own module library, you need to somehow index and make them searchable or discoverable Read more about the drawbacks of Terraform modules, and how Resourcely helps solve some of the problems inherent with modules. https://lnkd.in/gg8FjADR #terraform #iac #cloud

Did you miss the Death of DevSecOps livestream featuring Travis McPeak and Netflix former CISO Jason Chan? Today it is available on our YouTube channel! In it they cover the history and future of security: from the on-prem days, to the beginning of the cloud, through DevSecOps and looking forward to secure defaults. If you’re a CISO or VP of Security, you won’t want to miss this! https://lnkd.in/gVPXJJ3y #devsecops #cloud #security

Last week our CEO Travis McPeak was on the floor of the NYSE, celebrating Resourcely's inclusion on the #RisingInCyber list from Notable Capital. The 30 companies, chosen by CISOs, VPs of Security, and investors, highlighted companies poised to make a significant impact on the cybersecurity industry. Resourcely is solving misconfiguration - eliminating incidents, and helping developers & companies build faster. Build your secure-by-default practice with the Resourcely configuration engine 🚂 https://www.resourcely.io

Without secure defaults, you're going to be dealing with misconfiguration at scale. What does misconfiguration at scale look like? Confused developers deploying improperly. Access to the public internet. Oversized infra. Incorrect IAM roles. Incidents, breaches, and outages - all the time. Countless hours spent diagnosing, triaging, and fixing. Without secure defaults, you're asking too much of developers who are already stretched too thin. Resourcely gives your team a platform for configuring secure-by-default infrastructure. Listen to the full Risky Business podcast below! 👇 https://lnkd.in/eNnwupzS

🙌 The future is secure defaults 🙌 Developers shouldn't have to make security decisions - they should have the option to. Developers shouldn't be handwriting config - systems should. Free your developers from the burdens of DevSecOps, and give them secure-by-default.

🚨 24 hours until we're live with the Death of DevSecOps - Experiences at Netflix and beyond 🚨 Travis McPeak and Jason Chan will cover the history of security from pre-DevOps, to the development of DevSecOps, and finally take a peak into what the future has in store. Make sure to register and get your access link 👉 https://lnkd.in/ettg33uY

Are you ready to adopt a "Secure Defaults" strategy in your organization? One of the Global System Integrators described us to their team with the following statement. "Resourcely is kind of like an AWS Service Catalog, but 10x better and with support across cloud providers and platforms. Define safe & sane blueprints, then present developers with a nice quick and clean interface for selecting those things, instead of the naked AWS console. Multi-cloud support out of the gate makes for a pretty compelling story, and I really like the security implications of default-deny when it comes to resources (developers can select from blessed service blueprints, which ensures they aren’t accidentally choosing a $30/hr instance type or an unapproved region or a software version that hasn’t been approved by the compliance folks, etc.)." Blueprints are configurable templates used to provision cloud infrastructure resources. Blueprints allow you to: ✅ Define which options are available for properties of your resource(s). ✅ Apply guardrails to your resource(s) to prevent misconfiguration. ✅ Define what information to collect from your developers before resource provision. Once a blueprint has been configured for use it becomes available in the Resourcely service catalog. Resourcely provides 2 different types of blueprints, Resourcely Blueprints, and External Modules. Guardrails govern how cloud resources can be created and altered, preventing infrastructure misconfiguration. Guardrails are applied to Blueprints and Terraform Modules so that they can be verified before resource provisioning. There are three distinct categories of Resourcely guardrails we can implement today: 1️⃣ Constraining Values: We can restrict values based on specific guardrail conditions. For example, instance types should be small. 2️⃣ Emitting Resources/Properties: Based on the context and environmental conditions, we can emit resources or properties. For example, we might emit public access blocks or tags. 3️⃣ Detecting Actions: We can detect actions in Terraform, such as disallowing deletions. Resourcely helps businesses create secure-by-default infrastructure resources and prevents security misconfiguration in the cloud. Our configuration engine helps your developers move faster and while letting your company mitigate risk and minimize incidents by taking a proactive approach to prevent breaches caused by misconfiguration using our Blueprints and Guardrails while integrated into your CICD and IaC workflows. If Dornoch can win the Belmont Stakes, I'm betting your org can gain value by giving our platform a look. 👀 #cloud #security #cicd