How Cloudera balances development speed and product security with Apiiro

Background

For an organization such as Cloudera that manages huge amounts of data across truly hybrid cloud and on-premise environments and supports many high-profile, highly-regulated enterprise customers, security has to be more than just a feature. It’s core to their business.

Highlights

• Cloudera needed a partner to assist in speeding up the time-to-resolution of security vulnerabilities, as well as help them assess their security posture and gaps.
• Apiiro provided Cloudera with a continuous inventory of their application components, including open-source dependencies, licenses, and all APIs.
• Cloudera used Apiiro to consolidate security tools and got the automated context they needed to surface business-critical risks proactively and fix them faster.

The challenge: Meeting security expectations for a complex application

Cloudera knows that maintaining a strong AppSec program and implementing top-notch tools is of utmost importance. Their product security team is also subject to strict SLAs for addressing critical security and compliance risks to fulfill their customers’ and partners’ requirements.

Because their applications are so multifaceted and quickly evolving to drive customer value, making sense of their application and software supply chain threat landscape had always been a challenge. And with several sources of security data being managed and addressed independently, Cloudera needed a way to consolidate and optimize their workflows to fix critical issues faster and proactively.

The solution: Holistic application visibility and risk-based automation

Cloudera deployed Apiiro and gained a full inventory of their applications—including open source packages, data flows, APIs, and much more. As part of Apiiro’s inventory, Cloudera also got insight into their connections with one another, their associated risks, and their historical changes. Apiiro’s deep code analysis provided the foundation for the application security team to differentiate vulnerabilities from risks. 

Cloudera knew that the key for security to keep up with agile development was to ensure that the product was built securely from the beginning. Apiiro helped the Cloudera product security team take that goal a step further by “shifting security everywhere,” ensuring that security checks are accomplished throughout the lifecycle without slowing developers down.

The impact: Reducing backlogs with deep code-to-cloud context

With Apiiro’s holistic approach to application and software supply chain security, Cloudera’s product security team was empowered to consolidate their AppSec tools and streamline their entire program.

• Apiiro gave Cloudera a thorough view of their applications before and after deployment, from the code to the cloud, to deeply understand their security posture and assess their security coverage gaps.
• By consolidating their independent tools and providing invaluable business and application context, Apiiro helped Cloudera surface the most critical risks to cut through the noise, reduce their backlog, and save time fixing risks.
• With Apiiro’s continuous code monitoring and automated developer guardrails on new pull requests, Cloudera was able to empower developers to see the issues before they are released—without security getting involved and with no need for additional training.