Leverage Lab
Deploying IAC and DevSecOps Deployment Pipeline for Big Data Marketing Company
INDUSTRY
Marketing, Technology
PRODUCTS
Data Driven Customer Experience solutions
LOCATION
Kansas City, MO
ANNUAL REVENUE
$17M
ASSIGNMENT
Optimized client's security domains, assessed adherence to Google Cloud best practices, and implemented recommended remediations. Utilized Terraform for automated Infrastructure as Code (IAC) deployment and embraced a proactive DevSecOps approach for early vulnerability identification and remediation.
CHALLENGES
- Leverage Lab aims to expand the usability of customer data for its clients.
- Recognizing the importance of user data privacy and security, Leverage Lab prioritized enhancing its cloud security competency.
- The focus was on validating the security of existing Google Cloud workloads.
- The goal was to establish a secure foundation for scaling security processes as the GCP footprint grows.
OVERVIEW
Leverage Lab is a first-party data consultancy that advises clients on collecting, enhancing, and leveraging their proprietary data assets to inform personalized marketing strategies that lead to higher customer engagement and increased revenue.
As the marketing and advertising analytics industry continues to look for ways to tighten a direct relationship with consumers through privacy-compliant engagements, Leverage Lab increasingly relies on a variety of GCP data analytics services to perform its data processing tasks.
INSIGHT
Leverage Lab selected ScaleSec as a partner because of its unique blend of security and application development expertise. While most security consultancies target security operations teams, ScaleSec instead focuses on development teams, helping them integrate security directly into their development workflows. This methodology, often referred to as “DevSecOps,” identifies security vulnerabilities earlier in the process, reduces friction between teams, and allows teams to respond to the changing security landscape more effectively. DevSecOps arms ScaleSec customers with the tools and processes to respond to market forces more quickly with the timely and secure release of code with the ultimate goal of capturing additional market share.
Leverage Lab’s strategic focus on development means it is challenging to dedicate tactical resources to security tasks. ScaleSec’s ability to efficiently integrate security into the development lifecycle was a motivating factor for Leverage Lab. This operating model empowers Leverage Lab to better meet demand from their expanding customer base without adding more internal resources.
Leverage Lab’s strategic focus on development means it is challenging to dedicate tactical resources to security tasks. ScaleSec’s ability to efficiently integrate security into the development lifecycle was a motivating factor for Leverage Lab. This operating model empowers Leverage Lab to better meet demand from their expanding customer base without adding more internal resources.
SERVICES PROVIDED
The ScaleSec team began the engagement by reviewing the existing Google Cloud environment and looked for adherence to Google Cloud security best practices. The team reviewed various security domains such as IAM, Network Security, Compute Engine Security, and Data Security. The assessment’s output was a report outlining deviations from best practices and a prioritized roadmap of recommendations tailored to the Leverage Lab’s environment and current maturity levels.
Following this assessment, the ScaleSec team worked with Leverage Lab engineers to implement many of the recommendations made in the assessment report. The ScaleSec team started by using Terraform to implement an automated Infrastructure as Code (IAC) deployment pipeline. Using IAC, the Leverage Lab and ScaleSec teams built repeatable, modular templates that could be reused across each environment. These modular templates were combined to create a “secure, foundational baseline” that could be further built upon.
Following this assessment, the ScaleSec team worked with Leverage Lab engineers to implement many of the recommendations made in the assessment report. The ScaleSec team started by using Terraform to implement an automated Infrastructure as Code (IAC) deployment pipeline. Using IAC, the Leverage Lab and ScaleSec teams built repeatable, modular templates that could be reused across each environment. These modular templates were combined to create a “secure, foundational baseline” that could be further built upon.
Partner Solutions / Products Used
The Infrastructure-as-Code approach immediately improved the environment’s security posture, as there was now a repeatable process in which all changes could be reviewed, tested, and monitored before deployment. Additionally, the IAC deployment pipeline reduced the amount of time it took the Leverage Lab team to build a new customer environment, reducing the duration for environment completion from days to less than an hour.