Protecting infrastructure-as-code environments demonstrates company’s vision to solve all cloud security and compliance challenges
21 September 2021, San Francisco, CA – C3M, a leader in Cloud Security Posture Management (CSPM) and Cloud Identity and Entitlement Management (CIEM) has today further expanded its comprehensive set of cloud native security capabilities with the launch of its Infrastructure as Code (IaC) Security Scanning module that governs and protects IaC by addressing compliance and security concerns before deployment.
C3M’s IaC Security Scanning helps organisations by identifying and remediating the misconfigurations and security vulnerabilities in the early stages of the build process. Integrated seamlessly in the development cycle, the C3M platform improves the cloud security posture by inspecting resources being created using IaC. Automatic scans that reduce the chance of human error are run against over 300 security governance policies to support companies achieve compliance standards. Providing continuous insight, the C3M IaC platform investigates the root cause of issues and facilitates engineers with recommendations to fix the issues.
With IaC templates containing thousands of potential vulnerabilities, 44% of templates non-compliant and more than 43% of cloud databases currently unencrypted, C3M’s IaC Security Scanning solves the security and compliance challenges of adopting IaC by shifting security left in the development cycle to identify misconfigurations before launched.
“Up to 80% of companies are using IaC to easily manage and provision their infrastructures on cloud, but the traditional security tools are inadequate to overcome the numerous challenges of adopting IaC. C3M’s IaC Security Scanning platform automates the security posture, identifying mistakes where they are made thus securing the infrastructure at code level and maintaining compliance standards,” said Paddy Viswanathan, CEO and Founder, C3M. “Our IaC scanning capability is yet another significant additional feature on our unified Cloud Control platform and underlines our ability to enable enterprises to confidently and seamlessly adopt the cloud.”
C3M’s IaC Security Scanning supports scanning of IaC templates written in Hashicorp Terraform. Seamlessly integrated with self-managed GITLab SCM, it runs scans on every merge for every repository once on-boarded, posting results back to the GITLab SCM. It has provisions to perform out of process, ad-hoc scans, uploading the code in zip format and generating scan results at the click of a button. The module is also able to integrate with API based scanning enabling customisation and integration in any workflow.
About C3M
C3M, LLC is a San Francisco headquartered Cloud Security solutions provider. C3M’s Cloud Control is a 100% Agent-less, API based, cloud-native security solution that offers organisations complete cloud control through automated security intelligence, giving them actionable insights into the cloud, its security, and infrastructure, while also auto-remediating any security violations it detects. C3M Access Control helps enterprises gain complete control over identities and infrastructure entitlements, and right size identity privileges.