This includes rooting out vulnerabilities in container images and serverless functions, cloud misconfigurations, and hidden secrets and sensitive data.
One of the largest multi-channel payment platforms and pioneers of outsourced payment collection in the Philippines was seeking to elevate security standards in its cloud-centric network.
By leveraging a cloud native application protection platform, the firm improved its capabilities in assessing security risks in the pipeline before any applications get pushed into production. This includes detecting and remediating vulnerabilities in container images and serverless functions; security misconfigurations in cloud environments; and the presence of hidden secrets and sensitive data in application artefacts.
Said Mel Migriño, Group CISO, Meralco Group, which runs the above mentioned platform, Bayad: “Given Bayad’s direction for cloud adaptation, we had to prioritize security controls in this new environment to ensure that the environment remains secure and intact.”
With further digitalization in the cloud space, Bayad’s use of containers and serverless technologies to increase agility, scalability, and resilience of key applications will continue to be visible and secure. The cloud-native application protection platform is also used to extend security controls into production environments, where it detects and prevents anomalous or disallowed behavior at runtime. Also, the digitalization eases adherence to industry best practices and compliance requirements; supporting of principles of least privilege; detecting of anomalies at runtime; and the hardening of its cloud infrastructure.
“With Aqua Security, we now have visibility on the vulnerabilities of our cloud-native applications, and it helps us prioritize remediation, so our Security Operations team is not overwhelmed,” said Migriño.
Robert D’Amico, Area Vice President (Asia Pacific and Japan), Aqua Security, said: “Highly regulated industries demand compliance and visibility… across the entire application lifecycle and to stop cloud native attacks. We’re thrilled to have partnered with Bayad to allow the team to reach its vision for compliance with industry requirements, greater security of critical applications and protection of sensitive business and customer data.”