Sam can finally finish his building block sets thanks to Prisma Cloud, and Danielle learns all about where all the time savings came from. 

Learn how to seamlessly maintain a robust security posture across a multi-cloud architecture. For more information about Palo Alto Networks’ Cloud Security Posture Management, visit us here. 

https://www.paloaltonetworks.com/prisma/cloud/cloud-security-posture-management 

Transcript: 

SAM: Hello hello my good friend. 

DANIELLE: Hello, what’s with the good attitude…? Finally finish that LEGO set? 

SAM: Well, yeah, but it’s because I've been able to put all my work stress behind me and just focus on the bricks. 

DANIELLE: You’re like a whole new you! All because of Prisma Cloud? 

SAM: All because of Prisma Cloud. It’s made work so easy. Our hybrid cloud security posture management is so smooth and functional…like two 2x2 bricks slotting on top of a 2x4. 

DANIELLE: In the spirit of DevSecOps partnership, could you walk me through what's happening? I bet it'll be easier for me to code if I know what's going on behind the screens. 

SAM: Wow, I’ve never heard that term before. Security and developers. DevSec. DevSecOps. I like it…yeah, let's go through this together. 

DANIELLE: I'm ready when you are. 

SAM: So our problem was maintaining security and compliance posture of all of our cloud resources. It's always a moving target because threats get smarter and we have to respond. 

DANIELLE: Right, sounds like a lot. 

SAM: It is! And we have more than one cloud environment, so we have to track so much across so many places. It was so much to manage, and nothing we tried in the past could handle all the environments we used at once. It turned into a patchwork of security features. 

DANIELLE: No wonder you were so stressed all the time. And irritable. And moody… 

SAM: My Burj Khalifa LEGO set sat in the box for months. Months! 

DANIELLE: So what did you need to do to wrap it all up? 

SAM: We focused on four key aspects. One: visibility/compliance/governance. Two: threat detection. Three: integrated data security. And four: automation for remediation. 

DANIELLE: You lost me. Can you explain the security engineer talk?  

SAM: Most definitely. Basically we have to monitor everything, detect anomalies and correlate them to types of threats with contextualized data, build that security info back into our cloud system, and automate small actions so the security engineering teams can focus on bigger issues. 

DANIELLE: Hm…I guess I just don't understand why things weren't working before then. We had those other services, right? What changed? 

SAM: Not all cloud service providers mesh with other services. But Prisma Cloud swooped in and organized everything for us across all of our clouds——with more automation and smarter rules, too, so we could be even more hands off. 

DANIELLE: Okay, yeah, that makes sense. 

SAM: When we added a new cloud service provider on top of our old one, I just added our new cloud to our existing Prisma Cloud configuration and let the system handle the rest. Before I would've had to find new security management software, troubleshoot it, bug chase— 

DANIELLE: And stay late while the LEGOs collected dust. 

SAM: They don't collect dust when they're in the box, Danielle. 

DANIELLE: It's a figure of speech. 

SAM: Irregardless, Prisma Cloud's central dash lets me and the security engineering team monitor everything all at once, and the automated remediations and dynamic baseline formation across every cloud environment let us sit back until something really pressing comes through. 

DANIELLE: You must be really satisfied with it; this is the most I've ever heard you talk about anything. 

SAM: Yeah I really do love it. We're going to keep this going as long as I can. 

NARRATOR: Palo Alto Networks. We’ve got next.  

Sam and Danielle write an email to their bosses about the benefits of moving security earlier in the timeline—and Sam gets back to his Rubiks cube. 

Keep your workloads secure in the age of cloud-based, scale-out, constantly changing applications and infrastructure. For more information about Palo Alto Networks’ DevSecOps tools, visit us here. 

https://www.paloaltonetworks.com/prisma/cloud/devsecops

Transcript: 

DANIELLE: Hey Sam, do you have a minute? 

SAM: What now? I was getting ready to get ready for lunch. 

DANIELLE: We should put some more work in on that email to the higher-ups about shifting security left with Prisma Cloud. I want to send it today. 

SAM: Shifting left…yeah, I mean that’s saved me so much time. Okay. I thought we already finished that. Where'd we leave off? 

DANIELLE: We did the opener and a draft. Shift left: push part of the process earlier in the timeline. 

SAM: What else do we have? 

DANIELLE: Uh well…just a draft. 

SAM: And you want to send it today??? 

DANIELLE: Listen, every time I brought up how I wanted to make some more headway on this, you told me you were leaving to practice your 4x4 Rubik’s Cube. 

SAM: A man has to have priorities, Danielle. 

DANIELLE: Let's prioritize this, then. 

SAM: Okay, since shifting security left makes things easier for muah, I’ll do it. We told them what shifting left is, now we need some detail about why for the next part.  

DANIELLE: Yep. When you integrate cloud security earlier in the development lifecycle, it’s a consideration at every step of the way. Sound good? 

SAM: Yeah…yeah…that's good. I’d also add something about the time saving, since working in security at the beginning of a project streamlines it further down the funnel. 

DANIELLE: Got it. Security engineers can fail insecure builds earlier, saving time for everyone. Sound good? 

SAM: Yeah, but I think from what we have here, it sounds like the benefits of shifting left are only at the beginning of the process. 

DANIELLE: We’re obviously getting to the next part. Can you just stay focused? 

SAM: No need to get snippy! Just get there then.  

DANIELLE: Okay, jeez, here we go: If code passes the build quality gate and security requirements are not met, Prisma Cloud can stop deployment. How’s that? 

SAM: We should say why that’s important—that we can easily stop deployment if something happens. People who aren’t security engineers won’t know that. 

DANIELLE: Right. This further restricts potential vulnerabilities. 

SAM: Yeah, matches what's been saving me time. 

DANIELLE: Cool. For the wrap-up, I pulled in the DevOps angle. 

SAM: Surprise surprise, the developer wants to talk about DevOps. 

DANIELLE: Am I wrong? 

SAM: No. 

DANIELLE: Never. And I already nailed this part.

Prisma Cloud uses tags and metadata from cloud-native applications to notify the correct developer directly within their development tool when a vulnerability occurs. This way, the problem can be quickly solved by the person with the most relevant knowledge. 

SAM: Don’t flatter yourself, it’s always easier writing about what you know.  

DANIELLE: Almost as easy as using Prisma Cloud, right? 

SAM: Just about. I loved not having to get involved. Prisma Cloud just pinged you when your code was non-compliant. 

DANIELLE: Ping, hey, there's a security vulnerability. Code code code, it's done. DevSecOps in one fell swoop. 

SAM: Speaking of which, are we good here? Cause uh, I still have to do my pre-pre-lunch ritual. 

DANIELLE: Yeah, I think we have a good overview to present. Busy watching old Rubik’s Cube competitions? 

SAM: Priorities, Danielle. Priorities. 

NARRATOR: Palo Alto Networks. We’ve got next.   

Danielle talks an overworked Sam out of quitting, thanks to Prisma Cloud’s automation. Now Sam can get back to practicing with his boomerang. 

Take on the unique security and compliance challenges inherent to cloud native development—constant change, diverse environments, and sheer volume. For more information about Palo Alto Networks’ Cloud Workload Protection Platform, visit us here. 

https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform

Transcript:

SAM: DANIELLE!!!! 

DANIELLE: Uh…hello? 

SAM: I'm putting my two weeks in. I am out of here. 

DANIELLE: What?? 

SAM: I just got a memo from high up saying we're moving our network from a single cloud to a hybrid cloud environment. I'm already barely keeping up with monitoring everything going on, now I have to do it on multiple clouds? It's always shifting and scaling! That's the point of cloud! I can't do this. 

DANIELLE: Hey, hey, take a breath. Let's figure this out. I might already have a solution for you, if we can get there. 

SAM: I don’t think this is working. 

DANIELLE: It is, and it will. Let's get through this together. DevOps and security engineers against the world. 

SAM: Okay tell me, wise developer. What’s your idea? 

DANIELLE: Let's figure out the main problem first. What exactly is going on? 

SAM: Okay, okay. Our cloud network——well, networks, now——dynamically scale with our demand, so I'm always chasing down a baseline. 

And if I can find a breach, I have to dig around and figure out how. And why. And when.  

And what if it was in an old environment or configuration and nobody saw it? And now I have to do that over multiple networks?? 

DANIELLE: Let's bring it back down. We'll get through it. We need to use Pr-- 

SAM: That’s easy for DevOps to say. This is all a mess for security engineers. 

DANIELLE: Prisma Cloud from Palo Alto Networks could handle all this! If we put it on our system and enabled their runtime security, we'd be able to let the machines do the work. 

SAM: It sounds too good to be true. 

DANIELLE: Once we enable its built-in runtime security, it'll use AI and machine learning to model what a healthy environment should look like across our dynamic scaling. 

SAM: But I’ll still have to track it. 

DANIELLE: Nope, Prisma Cloud will do it—across all of our cloud environments. Even if we add another, it'll all work as one. 

SAM: What if something changes, though? I’ll have to stick around after hours whenever we create new containers to fine-tune all these new parameters. 

DANIELLE: You can just tell the system to create automatic definitions for different environments. That way, if there is a breach, fallout stays siloed. 

SAM: How quick is all of this? I don't want to have to compile big reports—and as you know I'm— 

DANIELLE: Practicing for that boomerang competition. Yeah. Prisma Cloud detects it all in real time and we can incorporate it into every layer of our environments. So if you see a problem, you can quickly fix it, then get back to- 

SAM: Boomerang throwing techniques! My arm is really loosening up. 

DANIELLE: Or…actually doing your job. 

SAM: You seem to know enough about security for the both of us, so who knows. 

DANIELLE: It's DevSecOps! We work together, remember? 

SAM: So if we can get Prisma Cloud on our network, it'll dynamically scan and scale across all our containers, server functions, and cloud services—and tell us about breaches? 

DANIELLE: Yep. See? We worked through this. 

SAM: Okay, okay…let's get this going. 

NARRATOR: Palo Alto Networks. We’ve got next.