ARLINGTON, Va.--(BUSINESS WIRE)--Stacklet is the developer of the industry’s first cloud governance as code platform, based on the Cloud Custodian open source project. The company announced the availability of Stacklet IaC Governance—a solution that helps organizations prevent issues by implementing guardrails for their infrastructure code across developer workstations, code reviews, CI pipelines, and deployment pipelines. Compared to traditional enforcement mechanisms, these guardrails speed deployment and boost team productivity. Now available via a free public preview, Stacklet IaC Governance enables you to enforce governance policies for security, compliance, operational best practices, and cost optimization. This solution offers the same user experience and Cloud Custodian policy vocabulary as Stacklet’s core platform.
Organizations increasingly use IaC to automate and scale the provisioning and management of systems in the cloud. But misconfigurations in IaC code can create governance issues and notification storms across multiple deployment environments, resulting in increased risk and wasted DevSecOps cycles. If these issues are not fixed at the source, they will be repeated every time the same IaC artifact is used to provision resources. Typically, DevOps and development teams find it hard to fix issues earlier in development cycles due to a lack of knowledge of industry benchmarks or organizational policies. They also struggle with disjointed, complex, siloed, and inflexible tools throughout development and deployment.
"In a world where app code reigns supreme as the ultimate marketplace differentiator, choosing between maximum developer productivity and optimal governance is an existential battle," said Torsten Volk, Managing Research Director, EMA. "Stacklet IaC Governance aims to eliminate this devilish choice by building declarative guardrails into IaC code. This makes developers happy, as they no longer need to figure out what governance rules are relevant to their infrastructure code and how to implement them. It also makes DevSecOps folks happy as they can create a scalable and consistent governance framework that minimizes hidden risk across the infrastructure lifecycle."
Simple Declarative Language and Automation Enable Teams to Better Govern IaC in the Enterprise
Stacklet’s Governance as Code Platform enables your teams to visualize, codify, and automate all aspects of cloud governance, including cost, operations, security, and compliance. Stacklet’s declarative policy language is highly expressive, human-readable, and requires 10 times fewer lines of code than traditional tools. Together with the availability of Stacklet IaC Governance, Stacklet now provides you with a single declarative language, toolset, and workflows to enforce governance of your entire cloud infrastructure code lifecycle. This reduces the operational complexity of learning and implementing multiple tools and workflows.
Designed in partnership with several Fortune 1000 organizations, Stacklet IaC Governance allows Dev and DevOps teams to quickly fix governance issues. The solution does automatic scanning and provides contextual recommendations, before the build, merge, or deploy stage.
Stacklet IaC Governance enables organizations to:
- Reduce risk, control costs, and boost team productivity. Identify and fix security, compliance, and cost-related issues from the start of the infrastructure lifecycle.
- Empower the DevOps team to fix issues. The solution provides in-line remediation recommendations for non-compliant code delivered as part of the CI/CD pipeline or through a command line interface (CLI). Additionally, it integrates with various code hosting platforms, including GitHub, GitLab, and others. Through these integrations, the solution provides context for code reviewers on the exact parts of a pull request that are non-compliant.
- Eliminate compliance hoops and alert fatigue. Stacklet IaC Governance offers contextual exception management and tracking. For example, you can create policy exceptions for different workload types, application groups, and business units.
- Accelerate enterprise adoption of IaC Governance. The solution features a rapidly-growing library of out-of-the-box policies. It also offers a simple, declarative YAML language for developing your own policies. Centralized reporting and SSO integration round out the enterprise offering.
“Any time a team can prevent or fix governance issues before cloud resources are provisioned, they absolutely should,” said Travis Stanfield, co-founder, and CEO, of Stacklet. “Organizations also need detective controls to ensure that resources that were provisioned correctly at the beginning of their lifecycle remain continuously aligned with standards over time. With Stacklet, the organization can now automate preventive controls, detective controls, and remediation workflows—across the entire resource lifecycle— while working with one domain-specific governance language that is human-readable and very easy to use.”
Stacklet IaC Governance is available via a free public preview here.
Supporting Resources
About Stacklet
Stacklet was founded by the creator and lead maintainer of Cloud Custodian, an open source, cloud-native security and governance project used by thousands of well-known global brands today. Stacklet provides the commercial cloud governance platform that accelerates how organizations manage their security, asset visibility, operations, and cost optimization policies in the cloud. For more information, go to stacklet.io or follow @stackletio.
