Since many security breaches are down to configuration errors, cloud native security company Sysdig has decided to bulk up on infrastructure as code expertise and enter an agreement to take over IaC security expert Apolicy.

The startup, which made its first steps in late 2019, looks to “to leverage Policy-as-code for the purposes of risk identification, remediation and policy enforcement”. Its product apparently offers capabilities to scan IaC templates for tools like Terraform, Helm, and Kustomize for misconfigurations, by cross-checking them with configuration policies. 

The tool is said to make use of the open policy agent, but also provides policies for compliance and governance automation itself. Should runtime drifts be detected, Apolicy can map them back to the IaC configuration file and propose remediation through a pull request. Other functionality includes risk prioritisation, since the tool promises to be able to point out impacted production instances and applications, so teams have an easier time deciding which issues to tackle first.

Sysdig told DevClass its first priority would be to integrate Apolicy IAC functionality into the Sysdig Secure DevOps Platform to validate IAC source code and send those results back to the company. Other plans include using Apolicy “to generate PRs to implement Kubernetes network policies, change requests/limits, and secure workload configuration based on intelligence from Sysdig”.  

Sysdig CEO Suresh Vasudevan explained the move to buy now in a blog post by saying 2020 marked a watershed moment for cloud and container adoption, which “caused an urgent need to address container and cloud security risks, the biggest barrier to deploying modern cloud applications”.

The acquisition is meant to help address these needs by extending the Sysdig platform a bit further, nudging it towards full visibility and compliance from source to production, which surely is helpful to win over what he calls “cloud-sceptical” enterprises.

We couldn’t get information on how the company is going to handle existing clients at this time, so those using the service should maybe keep an eye on their inbox for further information. The Apolicy team itself will join Sysdig in a bid to help them improve workflows for infra security. 

Financial details of the deal haven’t been disclosed.