Traditional security of development practices has been functionally separated, with different tools for different departments operated by different resources. This monolithic approach however is changing rapidly as organizations look to move many of their development operations to cloud and container platforms, while retaining critical systems on physical servers. This has led to organizational reviews of how best to secure new approaches to business application development while maintaining the integrity and confidence of the organization. So how are other organizations changing their ways and making this transformation actually work? In late 2015, TRC Solutions, a national engineering, consulting, and construction management firm for energy, environmental, and infrastructure markets acquired a new Pipeline Services division. As TRC grew rapidly overnight, Jason Cradit, Senior Director of Technology at TRC, began to look into how to he could drive public cloud use as a strategic priority. As part of the shared security responsibility, his role was to make sure what the company put into the cloud was secure. TRC required a solution that could protect all the data, applications and operating systems in the cloud from a managed state. The company selected Trend Micro Deep Security (DSaaS) for its ease of use, and ability to work across their public and private cloud environment, specifically AWS cloud. Fast forward to 2018, and TRC continues to expand its presence on AWS. However, TRC faced unexpected challenges when it deployed certain applications. When they moved their risk and evaluation analytics application to AWS, they wanted to reduce the application’s run times, update code rapidly, and speed deployment using more cost-effective microservices. That meant moving to Docker containers on AWS, but TRC was concerned with how to secure the new environment. WHY TREND MICRO To build API gateways on AWS, TRC needed to be more agile while maintaining a high level of security. Cradit’s team found that by using Docker containers they could quickly build and deploy code. They could focus on microservices, and ultimately concentrate on business outcomes. TRC wanted to use Deep Security for their containers because it would allow them to use their tools and deployment mechanism, but they also knew the container host had its own set of security practices. “Deep Security is the perfect solution for both Docker containers and AWS, providing the same high level of security we needed,” said Cradit. Many organizations aspire to a DevOps culture, but continue with manual installs of security policies or wait until the end of the software development life cycle before submitting security tests through their traditional control points. SOLUTION Cradit’s group has implemented all the Deep Security features, including the firewall, intrusion detection and prevention systems (IDS/IPS), anti-malware, virtual patching, web reputation, log inspection, and integrity monitoring. “We always have the firewall on, and we turn on web reputation, so we are protected from advanced persistent threats,” said Cradit. To reduce the cost of running the risk and evaluation application on AWS, TRC moved the application to a Docker container. Since March 2018, TRC has used Deep Security to protect any application they launch on a container, and developers have been able to speed deployment and update code requirements quickly. “With assistance from Trend Micro, deploying Deep Security to protect applications on containers was easy,” added Cradit. “Our procurement process has also been simplified by purchasing Deep Security via the AWS Marketplace.” RESULTS The elasticity of Trend Micro™ Deep Security™ and AWS has benefited TRC’s bottom line. “If we experience a downturn, we can reduce our capacity to scale down our spend on AWS without impacting our business in any way,” said Cradit. Left out, overlooked, or rushed at the last minute to avoid missing deployment goals, lapse’s in securing your environments can lead to gaps in protection and potential vulnerabilities. Make IT Security happy by making security part of your organizations DevOps culture. With Deep Security protecting both its AWS and container environment, TRC has the connected threat defense it needs to deliver services to the business. What’s more, with Deep Security’s ability to support compliance requirements such as the General Data Protection Regulation (GDPR), TRC has opened the door to new opportunities in the European market. “The move to containers on AWS has reduced our costs by ten-fold,” said Cradit. “The greatest outcome was the faster execution and deployment times we realized.” MORE INFORMATION For more information, please visit Trend Micro in the AWS Marketplace.