DevSecOps teams are the new security champions in the app modernization journey. They implement security practices and testing across the entire software development lifecycle to prevent breaches, data loss, and regulatory penalties. They also work with DevOps on the CI/CD pipeline to fulfill the dual mandate of app security and agility.

But it is difficult to build in application security without compromising agility. Developer teams must stay in sync with network and security teams. Developers must communicate the security policies and profiles they need while network and security teams must manually configure them so code can be developed and tested correctly. And the underlying security requirements have multiplied. Applications being refactored or migrated to cloud are more exposed to global threats. Changing workloads, users, and services also introduce new risks and vulnerabilities that need different security enforcement in different situations.

It’s true that CI/CD pipelines have reduced configuration effort by having developers specify security posture through infrastructure-as-code (IAC). Then automation tools such as Ansible and Terraform translate the code into configurations automatically during deployment. But many enterprises are still slowly transitioning to this model because IAC is difficult to learn and adopt or is incomplete, especially for security.

To solve these challenges, Citrix is announcing new enhancements during the RSA Conference 2022 to support DevSecOps teams and their app modernization journey.

Citrix ADC Powers Comprehensive Security Automation

Citrix ADC provides comprehensive IAC templates that are pre-hardened, highly customizable scripts. They are pre-integrated with the most common automation tools including Ansible, Terraform, Custom Resource Definitions for Kubernetes as well as service mesh architectures. Citrix templates can specify access permissions, privileges, passwords, open ports between virtual machines, encryption between microservices, and security functions including web application firewall, bot management, and DDoS and API protection. Citrix templates support YAML, HELM and Stylebooks.

Citrix cuts the configuration time from days or weeks to hours and dramatically reduces manual errors and the risk of vulnerabilities escaping to production. Citrix offloads network and security teams, freeing them to customize the templates once for re-use by all developer teams. Developers can be confident that simple declarative security intent will be correctly configured across hybrid multi-cloud and for both monolithic and containerized microservices.

Citrix Integrates with Hashicorp Consul-Terraform-Sync

In an extension of the Terraform integration, Citrix and Hashicorp have also completed an integration with Consul-Terraform-Sync. In the past, one of the reasons continuous deployment has been a bottleneck is because network and security teams must manually create a service group for each updated service and bind to it service members according to hundreds of security policies and routing rules. This is highly error-prone.

With this integration, as app services are updated, CTS automatically configures the services and service groups in Citrix ADC corresponding to the updated backend applications. This reduces service access errors, attack vectors, and time to production. It also helps admins migrate applications to the cloud and add/delete service instances in existing deployments with confidence.

The integrated solution allows the platform team to focus on review and approval of the automated configurations and workflows using the CTS dashboard. CTS also provides a production system of record that centralizes all changes in one place, so they are visible and easily auditable. When customers see predictable results, some even opt for zero human involvement.

To learn more about Citrix’s app modernization strategy or about HashiCorp and Citrix ADC integrations, contact the Citrix cloud-native product team at AppModernization@citrix.com.

Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.