BigID Automates Container Security to Reduce Vulnerabilities and Maximize Security Posture
Pieter van Noordennen
Apr 04, 2023
As consumers and product users, we regularly trust companies with our personal data and information, and we want to continue to be able to do so. Unfortunately, our personal and user data is under constant attack. The U.S. Cybersecurity and Information Security Agency cites research indicating that 47% of Americans have had their personal information exposed by cybercriminals, and consumers worldwide lost $358 and 21 hours on average per year dealing with online crime.
In response to high-profile data breaches and misuse of information, government entities are increasingly addressing the needs of citizens by enacting strict data privacy and protection laws that enterprises must abide by. For example, in Europe, the General Data Protection Regulation (GDPR) act now requires that companies have robust processes in place for handling and storing personal information. Another example is found in California, where the California Consumer Privacy Act (CCPA) empowers California residents with certain rights over their data.
As data proliferates and the regulations that govern its collection, storage and use multiply as well, enterprises today are seriously challenged to ensure data security and compliance. Moreover, enterprises need to have visibility into their data and to fully understand the information and decision-making insights that the data can provide. BigID is here to help.
A leader in data security, privacy, compliance, and governance, BigID specializes in enabling organizations to proactively discover, manage, protect, and get more value from their data in a single platform for data visibility and control. Organizations use the BigID Data Intelligence Platform to reduce their data risk, automate security and privacy controls, achieve compliance, and understand their data across their entire data landscape: including multicloud, hybrid cloud, IaaS, PaaS, SaaS, and on-prem data sources.
The BigID application is relied on by companies as the foundation of their data security, governance, and compliance, helping them to secure their most critical assets. Needless to say, when companies rely on you in this way, the security of your own platform is paramount. That’s why BigID takes an aggressive, proactive stance on addressing the security of their containerized application. BigID deploys containers to build its application and also to ship its software solution to its customers. It's critical for BigID to ensure its containers are vulnerability free, hardened for production, and transparent to end users with information available about their security, composition and contents. For BigID, having visibility into the composition and health of their containers is a must. That’s why they partnered with Slim.AI.
“The core of our application is containers, so our developers needed to know and understand containers that make up our application,” explained Gal Malachi, Director of Software Engineering at BigID. “We needed to reduce useless code being shipped to production, and we needed to reduce the number of vulnerabilities in the containers that were used to build our app. Slim.AI offered to help us with that.”
In a design partnership with Slim.AI, BigID set out to address these five questions:
- How do we get to “zero vulnerabilities”?
- How do we raise potential risks around customer-deployed containers?
- Where can we automate vulnerability remediation?
- How can we be more transparent to our customers?
- How can we reduce the likelihood of future exploits?
“We were thrilled with the initial results Slim.AI provided for our application containers,” said Malachi. “The concept of cutting our vulnerability findings in half with a single click is transformational. Right off the bat we saw our container’s attack surface reduced by more than 60 percent. This is particularly valuable when we implement Slim.AI’s continuous and automated approach to supply chain threat reduction. It ultimately makes our job of securing our software easier and validates for our customers that BigID takes security seriously, even in our development process.”
Now with over 400 containers running with Slim.AI, BigID is able to run automatic security checks in the CI/CD pipeline with the integration.
“Security is part of our cultural mindset at BigID,” said Malachi. “We believe security should be a part of every step of the development lifecycle—from the IDE of the developer to the testing frame, CI/CD, and deployment pipelines, with checkpoints at every step of the development lifecycle.
“We have a lot of tools across the entire supply chain, and that can leave lots of opportunities for vulnerabilities to sneak in,” continued Malachi. “Plus, some of our standard monitoring tools produce a lot of noise, particularly about vulnerabilities that aren’t exploitable. Slim.AI helps us remove the noise and focus on the vulnerabilities that actually matter to the code. This simplifies reports and the process of handling the vulnerabilities that do matter.”
With Slim.AI, BigID has automatically reduced its container attack surfaces by more than 50% before any direct patching or compensating controls are even used. Moreover, Slim.AI’s vulnerability reduction and reporting has encouraged some of BigID’s enterprise clients to adopt newer versions of the BigID solution faster. Finally, BigID has seen an increase in developer velocity, because automating these security measures has given developers time to build new technology instead of mitigating risks.
“Being proactive about software security is essential; security cannot be an afterthought,” said Malachi. “By using the Slim.AI platform to automate the process of shipping slim, secure containers to production, we are securing our software from the inside out, saving developer time and toil in the process. Ultimately, Slim.AI is helping us deliver a safer, more performant product upon which our customers can rely to protect and understand their own data.”
Feel free to drop your questions in our Discord (https://discord.com/invite/BmT5hRrZp6) or dive into to the Slim Platform (https://portal.slim.dev/home) and try it for yourself! We'd love to hear your feedback.