Founded in 1983, Best Friend Animal Society is the nation’s largest no-kill non-profit animal sanctuary-saving 17 million dogs and cats annually and growing their base to 10 regional shelters in addition to their headquartered sanctuary in Utah. They work with local shelters to transform metropolitan areas into no-kill zones and safe havens for dogs and cats. Solely relying on the generous donations from their donor community, they have the ambitious goal of reaching no-kill status for dogs and cats nationwide by 2025. To achieve this goal, and generate awareness, they created a dynamically updated map to monitor the animal save-rate nationwide leveraging AWS Data Lake and hosted on AWS Lambda.
Traditional security slows down deployment speed
Three years earlier, Best Friends had only their Website hosted on AWS. They quickly realized that in order to scale their operation, while creating greater operational efficiency and cost savings, they needed to leverage more cloud services including serverless and other microservices. Starting with the hosting of their CRM, which contained sensitive data and PII, they used AWS CloudFormation templates to do WASP and started seeing more benefits from AWS Lambda. Within the last year, they moved their AWS Lambda microservices into production.
“We have been using AWS services for years to support our national initiative,” said Brent Bain, Lead Cloud Architect and System Engineer at Best Friends Animal Society.
After migrating to AWS Lambda, Best Friends quickly found that their permissions were too restrictive, and their developers could not develop at the speed necessary to achieve their strategic goals because of security. For instance, projects were getting delayed because the development team could not access AWS S3 buckets (i.e. security was slowing them down). They wanted to take advantage of the benefits serverless had to offer but knew they had to have security gates in place to protect donor information-they couldn’t risk development code getting placed into production or over-permissioning. They knew that in order to achieve their goals, they needed to find and implement a layer of security to their AWS Lambda deployment.
CloudGuard serverless solutions unleashes secure development at the speed of business
After careful evaluation, they selected Check Point CloudGuard Dome9 serverless solution to automate security at the code level for their AWS Lambda serverless applications and to create additional rules and policies for further application hardening. This would ensure that they always had the necessary permission levels and control to enable their development team to run fast while protecting sensitive IP.
They were quickly able to deploy CloudGuard’s serverless solution into their AWS Lambda environment to monitor the function layers and update permissions, and are now able to execute new code seamlessly through the convenience of the C/CD tool.
In addition, CloudGuard applies deep-code flow analysis and machine-based learning to build a model of normal function and application behavior, to automatically limit permissions, and either block or trigger an alert for any actions outside of that established scope. Best Friends is now expanding the solution to further increase application security leveraging the deep-code flow analysis technology within the CloudGuard Function Self Protection tooling, which will run alongside the functions to monitor, block and defend.
This means that instead of being too restrictive and holding back their development teams, Best Friends can now leverage the CloudGuard for serverless solution to ensure that each function has the right amount of permissions to do what it needs to do and that their applications are being monitored and protected seamlessly and automatically.
“We selected CloudGuard’ Serverless solution to provide additional security as it seamlessly integrated into our ever-expanding use of AWS Lamda functions and helped automate security into our serverless infrastructure. CloudGuard for Serverless also supports us as we move forward with integrating CI/CD pipelines, allowing us to easily and continuously defend our applications.” Brent Bain Senior Cloud Architect, Best Friends Animal Society
Shifting left for speed, efficiency and security
This integration has allowed Best Friends to not only shift left but to increase utilization of CI/CD tools across the development team and increase the confidence and adoption of their AWS Lambda deployments. As a result, the organization overall has peace-of-mind that their sensitive PII is secure and IP is protected, and they can now collect real-time data, without the high infrastructure costs and overhead–maximizing the advantages serverless has to offer.