Pivvot is a software company that delivers intelligent asset management systems to infrastructure organisations, such as utility and energy companies. Pivvot develops and deploys unique, customised solutions to a diverse customer base. Its clients need to protect highly-sensitive data, such as the location of oil and gas pipelines.
To be agile and maintain constant release cycles, Pivvot relies on a cloud-based microservices architecture. It has moved to Docker and ECS in AWS for scalability and high-performance container orchestration.
"By embedding security into the development process, rather than implementing it as a standalone activity, Trend Micro Cloud One enables Pivvot to develop new cloud native applications that meet compliance requirements."
Senior Director of Technology, Pivvot
Given the accelerated proliferation of security issues and cyber threats, Pivvot was in search of a solution that could help ensure security for its customers’ data assets, while at the same time empowering the company to engage in ongoing and rapid innovation to deliver the solutions its customers need. Security is paramount— particularly within Pivvot’s fast-paced and customer-centric DevOps environment. To meet ever-changing customer requirements, Pivvot must be able to go from build to deploy very quickly, with the confidence that its solutions will be secure when released to production.
Because software in Pivvot’s DevOps environment is delivered continuously, security cannot be left to a standalone effort—it must be built in from the start—and automation is key. Pivvot needed a flexible, scalable, integrated security solution that could ensure that data assets remained secure throughout the product development life cycle while enabling fast and simple development processes.
Why Trend Micro
Trend Micro has a long-standing history of developing security solutions for infrastructure engineering software providers like Pivvot, and an ongoing relationship with Pivvot’s Senior Director of Technology, Jason Cradit. “Our work with Trend Micro is about protecting what’s right here right now, while we build,” says Cradit. “There’s never been something we’ve taken to Trend Micro that they couldn’t do.”
Not only that, Trend Micro aligns its billing mechanisms with implementation practices through AWS Marketplace to offer the elasticity and scalability needed to respond to changing conditions. Cradit considers this to be a considerable competitive advantage.
Pivvot chose Trend Micro Cloud One - Workload Security to help meet its objectives of ensuring security throughout the development life cycle while enabling quick solution deployment. “By embedding security into the development process, rather than implementing it as a standalone activity, Trend Micro Cloud One - Workload Security enables Pivvot to develop new cloud-native applications that meet compliance requirements and customer demands right from the start―at first build―and throughout the life of the product,” says Cradit.
Workload Security allows Pivvot to operationalise new products quickly and easily with built-in security by taking advantage of its automation capabilities. It also provides the elasticity needed to align secure product build efforts with changing business conditions.
For continuous and secure application development, container image, and registry scanning provided by Deep Security Smart Check—which Cradit regards as a powerful solution for the company—supports Pivvot’s migration of its APIs to a container architecture. “The Smart Check dashboard provides Pivvot with the visibility to detect malware, secrets and keys, compliance violations, custom rules, and known or unexpected vulnerabilities earlier in the build pipeline,” reinforces Cradit.
"Trend Micro’s ability to not just keep current but to define what’s current is what’s really interesting to me. I wouldn’t look to anyone else to secure the cloud-based microservices DevOps environment."
Senior Director of Technology, Pivvot
By applying Smart Check controls, Pivvot is able to build new applications more securely without putting up roadblocks for developers and with minimum intervention by security teams. In its cloud-based AWS environment with Docker containers, Pivvot found that Workload Security supports the DevOps demands to continuously build secure, ship fast, and run anywhere. Knowing they have reduced risk, Pivvot can focus on business goals and customer success.
Smart Check offers solution providers the capabilities they need to protect against malware, content and compliance violations, and vulnerabilities early in the development pipeline. “By building security into the pipeline, Pivvot’s developers are able to give their full attention to the end user. The built-in, automated security of Workload Security reduces the opportunity for humans to inadvertently introduce errors along the way and helps eliminate the need for costly downtime and rework of applications,” says Cradit. “And Pivvot gains scalability—when the automation for a single unit is good, it will scale. This makes Pivvot much more agile and ready to quickly adapt to changing needs.”
Pivvot is exploring moving its container platforms to Amazon® Elastic Container Service for Kubernetes (Amazon EKS). Pivvot intends to continue to address security concerns head-on in its microservices journey by leveraging Trend Micro security solutions to embed security into every aspect of product development—from build to ship to run. Cradit is also impressed with what he has seen with Cloud One – Conformity. “We liked the simplicity of it, breadth of details and how actionable the findings were. The pricing structure was simple and as we love it being available on the AWS Marketplace.”
“Trend Micro’s ability to not just keep current but to define what’s current is what’s really interesting to me,” says Cradit. “I wouldn’t look to anyone else to secure the cloudbased microservices DevOps environment.”