Zscaler has made generally available new integrations with HashiCorp for its recently introduced cloud-native application protection platform Posture Control.
The integrations between Zscaler Posture Control and HashiCorp Terraform solutions help DevOps teams and customers easily automate security and ensure that security guardrails are consistently incorporated into all aspects of the application environment.
DevSecOps is integrating security into the DevOps process, businesses introduce security earlier in the software development lifecycle, enabling cyber protection to shift left, reducing risks, and eliminating costly rework. Security-as-code bakes threat protection into the application and infrastructure throughout this process.
As a part of CI/CD pipelines, this integration is critical when adopting “infrastructure as code”. This enables the concept of shift-left to become a reality and reduces friction between development and security teams, providing rapid application deployment and better security posture.
HashiCorp’s Terraform is an extensible open-source tools for defining and creating repeatable cloud infrastructure through code. It allows DevOps teams to configure their infrastructure and services using HashiCorp Configuration Language. A Terraform provider interacts with the various API’s required to create, update, and delete resources.
Zscaler Posture Control integrates with DevOps tools across the development lifecycle to scan, identify and fix misconfigurations in Terraform templates and to prevent drift between the intended state and what is running in production. It detects misconfigurations in Terraform templates by comparing the code against hundreds of pre-defined and custom policies. Posture Control provides remediation guidance and commit-ready fix recommendations within developer workflows.
By redirecting traffic to the Zscaler cloud instead of introducing physical infrastructure controls organizations can look for reducing cost and operational overhead and, most importantly, eliminating the risks of introducing the possibility of lateral movement from bad actors.