DevSecOps teams are the new security champions in the app modernization journey. They implement security practices and testing across the entire software development lifecycle to prevent breaches, data loss, and regulatory penalties. They also work with DevOps on the CI/CD pipeline to fulfill the dual mandate of app security and agility.

But it is difficult to build application security without compromising agility. Developer teams must stay in sync with network and security teams. Developers must communicate the security policies and profiles they need while network and security teams must manually configure them so code can be developed and tested correctly. And the underlying security requirements have multiplied. Applications being refactored or migrated to the cloud are more exposed to global threats. Changing workloads, users, and services also introduce new risks and vulnerabilities that need different security enforcement in different situations.

It’s true that CI/CD pipelines have reduced configuration effort by having developers specify security posture through infrastructure-as-code (IAC). Then automation tools such as Ansible and Terraform translate the code into configurations automatically during deployment. But many enterprises are still slowly transitioning to this model because IAC is difficult to learn and adopt or is incomplete, especially for security.

NetScaler ADC Powers Comprehensive Security Automation

NetScaler ADC provides comprehensive IAC templates that are pre-hardened, highly customizable scripts. They are pre-integrated with the most common automation tools including Ansible, Terraform, Custom Resource Definitions for Kubernetes as well as service mesh architectures. NetScaler templates can specify access permissions, privileges, passwords, open ports between virtual machines, encryption between microservices, and security functions including web application firewall, bot management, and DDoS and API protection. NetScaler templates support YAML, HELM, and Stylebooks.

NetScaler ADC cuts the configuration time from days or weeks to hours and dramatically reduces manual errors and the risk of vulnerabilities escaping to production. NetScaler offloads network and security teams, freeing them to customize the templates once for re-use by all developer teams. Developers can be confident that simple declarative security intent will be correctly configured across hybrid multi-cloud and for both monolithic and containerized microservices.

NetScaler Integrates with Hashicorp Consul-Terraform-Sync

In an extension of the Terraform integration, NetScaler and Hashicorp have also completed an integration with Consul-Terraform-Sync. In the past, one of the reasons continuous deployment has been a bottleneck is because network and security teams must manually create a service group for each updated service and bind it to its service members according to hundreds of security policies and routing rules. This is highly error-prone.

With this integration, as app services are updated, CTS automatically configures the services and service groups in NetScaler ADC corresponding to the updated backend applications. This reduces service access errors, attack vectors, and time to production. It also helps admins migrate applications to the cloud and add/delete service instances in existing deployments with confidence.

The integrated solution allows the platform team to focus on reviewing and approval of the automated configurations and workflows using the CTS dashboard. CTS also provides a production system of record that centralizes all changes in one place, so they are visible and easily auditable. When customers see predictable results, some even opt for zero human involvement.

Disclaimer: The development, release, and timing of any features or functionality described for our products remain at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise, or legal obligation to deliver any material, code, or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.