Case study

How Coalfire utilizes automation to secure cloud architecture and infrastructure as code

  • Coalfire wanted to get proactive about securing their infrastructure as code (IaC) that was being used for reference architectures and within managed client environments.
  • With Bridgecrew’s help, they were able to identify, prioritize, and remediate all CloudFormation and Terraform misconfigurations in their GitLab and GitHub repositories.
  • The result was a 15% reduction in time-to-patch, 30% fewer alerts, and 50% fewer high severity events in production.

Coalfire logo

About: Leading cloud infrastructure providers, SaaS providers, and enterprises turn to Coalfire for help solving their toughest cybersecurity problems. Through the combination of extensive cloud expertise, technology, and innovative and holistic approaches, Coalfire empowers clients to achieve their business objectives, use security and compliance to their advantage, and fuel their continued success. Coalfire has been a cybersecurity thought leader for 20 years and has offices throughout the United States and Europe.

Industry: Professional Services 

Size: 1000 employees

Stack: AWS CloudFormation, Terraform, GitLab, GitHub 

The challenge

As a leading provider of managed services for clients in regulated environments and FedRAMP reference architectures (that enable organizations to develop secure, audit-ready cloud environments in as little as 60 days and for up to 80% less than historical costs), Coalfire needed to ensure their cloud posture was secure from code to cloud.

They embarked on a net-new effort to “shift left” for cloud infrastructure security. Coalfire wanted to improve the secure defaults for their designs supporting FedRAMP and other compliance frameworks/industries.  Additionally, they needed to secure clients’ cloud infrastructure as early as possible as a part of their managed service offerings to minimize runtime misconfigurations. 

The solution

Coalfire leverages Bridgecrew’s IaC scanning to get ahead of misconfigurations before they turn into alerts in production. They find and fix misconfigurations in their reference architecture offerings as well as on behalf of their managed clients using integrated policy-as-code checks via their CI/CD pipelines.

“We wanted to be proactive about IaC security. We didn’t know what we didn’t know. Bridgecrew gave us the ability to identify and remediate misconfigurations within our code prior to deployment.”

– Adam Kerns, Managing Principal Cloud Services, Coalfire

Coalfire was able to implement Bridgecrew in their own GitHub and GitLab environments in under 30 minutes for IaC scanning on every new commit. This makes their reference architectures more secure for all clients who leverage their products.

The outcome

Identifying and fixing misconfigurations as a part of their CI/CD pipelines provides early feedback to developers and prevents issues from being deployed. This led to more secure reference architectures and reduced alert fatigue for Coalfire’s teams. Coalfire gained the confidence that the architectures they offer and the clients they manage are more secure with every deployment.

Reduced time to close a ticket by 15%

Thirty percent

Decreased alerts by 30%

Fifty percent

Decreased high severity events in production by 50%

“With Bridgecrew validating and securing IaC from the start, we are able to provide a more secure environment. We can provide a single source of truth for cloud resources and configurations to determine baselines and deviations from those baselines.”

– Adam Kerns, Managing Principal Cloud Services, Coalfire

Coalfire is dedicated to making the world a safer place by working at the cutting edge of technology to solve the world’s toughest cybersecurity problems. Bridgecrew helps enable this mission by shifting cloud security earlier in the development lifecycle.