Listen to this articlePrancer cloud validation framework is a cloud compliance and security solution for companies leveraging the power of the cloud computing for their everyday businesses. It ensures the continuous compliance both in the cloud, and for the Infrastructure as Code. Below is our recent interview with Farshid Mahdavipour, the Founder & CEO of Prancer:
Q: Can you tell us something about your cloud validation framework?
A: Prancer is a pre deployment and post deployment cloud validation framework that can be integrated with the company’s current DevSecOps process to ensure the environment is under compliant and secure.
With all the advanced tools and features available from various cloud providers, provisioning cloud resources are super easy and convenient nowadays. At the same time, making the infrastructure secure and under compliant is a major challenge for enterprises.
In large enterprises, if IT wants to take control of all the cloud initiatives in the company, it will become a major bottleneck in the innovation stream. And if it wants to delegate it to business units, they are not fully aware of all the details of system hardening and security precautions they should put in place, which results in out of compliance implementations.
Leveraging prancer cloud validation framework in an enterprise ensures the compliance is in place, while keeping IT out of the loop. Compliance policies will be dictated by the central security group and applies to the Continuous Integration / Continuous Compliance (CI/CD) pipelines across the business units which results in a more secure cloud implementation.
In prancer cloud validation framework, there are built in compliance tests available for major cloud providers based on the industry standards. HIPPA, PCI, SCI compliance tests are available for the infrastructure code as well.
Recommended: Ziba Beauty Provides The Most Intimate And Authentic Customer Experience In The Beauty Services Industry
Q: You’ve recently announced new SaaS solution to enhance the cloud compliance; could you tell us more about your release?
A: We previously had two different versions of the Prancer cloud validation framework, the open source which is hosted on github and the Enterprise edition which is a virtual appliance and it can be installed on company’s intranet. The new addition to the family of our products is Prancer Premium, which is our Software as a Service (SaaS) offering.
Prancer Premium SaaS offering makes it super easy for clients to get onboard to the system and start leveraging the power of prancer cloud validation framework from day one. They can easily select their cloud of choice, and start running available compliance tests on their target environment.
Also, we are offering a free tier in our Premium edition for proof of concept (POC) and testing purposes. Any company can sign up in our Account application and we will provision a dedicated fully functional tenant for them based on our free tier. You can find more information on our website.
Q: What is the Infrastructure as code? And why we need to have compliance tests for the IaC pipeline?
A: Infrastructure as Code or IaC is the art of harnessing the power of code to build a virtual environment. Codifying an environment gives us so much power. For example, we can build up an environment with thousands of resources in the morning, destroy it in the evening, and build an exact copy of that the day after. We can use a git repository to store the detail of environment, team contribution and version control.
This amount of power also brings some dangers to the game. If the proper security guardrails are not in place, it could expose the invaluable assets of an organization to unauthorized people.
By having the proper automated compliance tests on Infrastructure as Code and leveraging DevSecOps practices, we can ensure that our environment is under compliant while benefit from the power of IaC.
Prancer cloud validation framework can connect to any git repository (like github, ..), get the configuration files from the IaC code repository, and conduct the compliance tests on the code before deploying the resources to the cloud.
By integrating the prancer validation framework to the current DevOps process, if the infrastructure code does not comply with the compliance which is in place, the pipeline fails and the DevOps engineer cannot release the code to the target environment unless the code is fixed.
Recommended: Meet Marco Baldocchi Group – A Full Service Agency With An Experience In Communication & Business Strategy
Q: What are some of the main objectives for Prancer in 2020 and how do you plan to achieve them?
A: We are focused on Infrastructure as Code compliance tests, and our goal is to expand our compliance tests inventory to have the most comprehensive database of compliance test cases available worldwide. The current compliance test inventory we have is based on various compliance standards like HIPPA, SCI and PCI. We are expanding our inventory to other available compliances, and also have more quality tests in place.
Also, currently we are supporting Azure, AWS and Google clouds. As the next step, we are working on Kubernetes compliance tests to make sure any Kubernetes cluster remains secure and in compliance and we are able to put our innovations on top of the Kubernetes cluster with minimal administration effort. Other cloud providers are also in horizon. We are working on public clouds and private clouds to be able to run our compliance tests on those providers as well.
Activate Social Media:
