We are proud to announce the release of our latest enhancement to ControlMonkey Terraform CI/CD solution, managed policies for security.

Our Terraform CI/CD solution enables DevOps to proactively set preventive security controls (Control Policies) on any new pull request.
Up until today, ControlMonkey users easily created custom security policies that enforced their organization’s security standards, and now with this release, these policies are available out of the box.

ControlMonkey’s managed policies for security are predefined policies, which are managed and maintained by ControlMonkey.
Rather than writing and maintaining common security policies from scratch (with OPA or any equivalent language), we are now offering proactive managed policies for security, right out of the box.

Additionally, DevOps teams can choose on which namespaces or stacks these policies will be enforced, and also the enforcement level (warning or block).
So if you need to separate and divide your policy enforcement across environments, you now have the deeper level of granularity to do so.

The advantages of the ControlMonkey Managed Policies Solution:

• You get a library of pre-defined security policies to choose from, straight out of the box.
• Save time on writing, managing, and maintaining these policies, ControlMonkey does all the heavy lifting for you.
• By shifting left your security, you are:
  • Preventing security issues before they reach production
  • Saving time on manual code review when making a change or rolling back when needed.
  • Educating the DevOps team on the organization’s security standards

This feature came as a request we got from a few of our customers, so we are glad to see this come to life.
We are proud to collaborate with our customers on designing and building the ControlMonkey platform.

ControlMonkey’s Self-service Infrastructure solution enables other teams such as Dev and QA to launch cloud environments on their own, under DevOps governance.

Today we are pleased to announce our latest upgrade to the proactive governance capabilities of our Self-service solution, Variables Conditions.

With pre-defined variable conditions, DevOps teams can prevent other teams from launching their cloud environment, in case that environment violates any condition.

For example, DevOps can set a condition that other teams can only spin up certain instance types, that way they can ensure that the cost of that infrastructure is not over budget.

We’re honored to share that AWS has granted ControlMonkey the DevOps ISV Partner Competency.

AWS DevOps Competency

AWS DevOps Competency Partners are businesses that have demonstrated expertise in delivering DevOps solutions on AWS Infrastructure.

We have been identified by AWS as a partner that offers a range of services and software products that simplify provisioning and managing infrastructure, automate software release processes, and integrate security best practices, policies, and guardrails into CI/CD pipelines.

ControlMonkey is AWS native and we are thankful for being technologically recognized by the amazing team at AWS.

With this competency, we’re looking forward to expanding our partnership to new frontiers