Last Updated on March 22, 2022
To be “provably secure,” you need to address compliance. With the emergence of LimaCharlie’s disruptive “security infrastructure as a service” platform, security can now be something you order from a cloud-based menu. Can you get a compliance “side dish” with that?
As LimaCharlie founder Maxime Lamothe-Brassard explains on a recent episode of The Virtual CISO Podcast, LimaCharlie’s approach to provisioning security works just as well for compliance—including the ability to scale up to the task.
The next big use case
So, are LimaCharlie “sensors” currently pulling data out of agile workflows, grabbing code scanning logs from secure development workflows, and building documentation to show an auditor?
“That’s now the biggest growth aspect of what we’re doing,” Maxime notes. “But if you’d asked me a year ago, I’d have said, ‘Not particularly.’”
LimaCharlie makes it easy to ingest Office 365 logs, 1Password audit logs, generic syslog data, and much more. So, the door is wide open to process that “telemetry” for compliance.
“Maybe you have a platform that does container scanning of the containers that you’re building and deploying,” offers Maxime. “You can trivially bring that into LimaCharlie, and you get one-year retention, but you also get the ability to have rules, like, ‘Run on this, and automate off of that.’ You could say, ‘If a user deploys a container that has this unsigned thing, create a ticket in Jira.’ You can start building workflows and going really to automated compliance.”
In short, LimaCharlie can be the APIs that gather evidence of continuous compliance. Some of this evidence, in turn, could be processed within a GRC platform, for example. Then it’s “on tap” for an auditor to look at, anytime.
Podcast host John Verry envisions a point in the near future where, “We’re just ingesting this stuff at line speed, and it’s no longer necessary to prep for an audit. You could be audited at any moment, and the most recent data’s going to be sitting in the right place, in the right format. And if it’s not, you’re going to know about it.”
Scaling to serve two masters
But if you’re doing security and compliance based on the same data feeds, there’s a problem: You can’t serve two masters.
As John points out, “You can’t serve security and compliance because security is about signal to noise and compliance is about noise to signal. And historically, systems could not scale fast enough. Which is why we went to these flat-file logs; consolidators that forwarded to the SIEM. They had to create these hybrid approaches. But what’s really cool about a cloud-native solution is you can serve two masters easily, because you have infinite scalability. If I need to burst my data throughput to LimaCharlie to a hundred times its normal run rate, that’s not a challenge.”
“We are able to do all these pretty magical things because we were born in the cloud age,” Maxime replies. “We don’t have that legacy of racking and stacking, so we can scale to a thousand cores, even to do retroactive hunting, right? Say you’re looking for this thing in your historical data. Go for a thousand cores. It’s cheap. Five seconds. No problem.”
With a conventional SIEM platform, a similar query could take hours. With a pay-as-you-go model, you can effectively get on-demand parallel processing for basically just pennies. Your time is worth a lot more than that.
To listen to the complete podcast with LimaCharlie founder Maxime Lamothe-Brassard, click here.
Interested in continuous compliance? Check out a recent podcast episode on this hot topic: EP#68 – Mosi Platt – Why Continuous Compliance Matters More than Ever