Informatica + StackRox – Taking “Shared Responsibility” to a New Level to Enable DevSecOps

I’ve had the good fortune to get to know Pathik Patel, head of cloud security at Informatica, over the past 18 months since he became a StackRox customer, and today we’re sharing the news of our joint success story. Across our numerous conversations, he has repeatedly impressed me with his forward thinking on how to innovate security processes, approaches, and tooling to keep Informatica at the forefront of securely enabling sophisticated data management, detailed in this case study.

Better yet, Pathik is leading a webinar next week that AWS is hosting, in which he’ll share how he’s driven such strong security for Informatica on Amazon EKS.

In one of our earliest chats, he introduced me to his own version of the “shared responsibility” model. We’re all familiar with the “cloud provider vs. customer” version of that model, where the cloud provider takes responsibility for security “of” the cloud, securing the cloud infrastructure itself, and the customer takes responsibility for security “in” the cloud, protecting the customer’s own data/payload/application layer. Since Informatica runs its platforms in Amazon EKS, Pathik has been leveraging that shared responsibility model for years.

Definitive Guide to AWS EKS Security

Download to learn how to securely design your EKS clusters, build secure images and prevent vulnerabilities, enforce networking best practices, and monitor your environment for security and performance.

Download eBook

Pathik has extended that thinking in a very clever dimension, crafting a mentality and methodology for sharing responsibility for security across various aspects of the Informatica team.

“We needed to build a system where we could rely on each other as peers. The ops team needed to rely on the developers, and the security team needed to rely on the ops team. We all needed to do our jobs correctly. My responsibility was to give everyone the tools and automation to enable this handoff to be seamless.”

Sounds like DevSecOps, right? But mind you, Pathik was making this case more than a year ago, when DevSecOps was still a newer term and often dismissed as a pipedream. Pathik has been creating this reality inside Informatica for multiple years, and the results are impressive.

Security sets the guardrails, defining the policies – each team along the SDLC gets the feedback it needs, at the right moment, in the right system.

“Our developers instantly know in Jira if anything’s wrong with their builds, and the ops team gets feedback right within Kubernetes on any cluster setup, RBAC, Kubernetes vulnerability, networking, or other configuration info they need to change.”

Security that’s built right into the infrastructure itself – that’s what Pathik’s been able to create at Informatica. And he credits the StackRox Kubernetes-native architecture for helping to enable a lot of this success.

“The whole architecture of how StackRox deploys, just like the rest of our Kubernetes infrastructure, means we get a non-intrusive tool we just plug in and never worry about. It’s getting everyone aligned, building and deploying according to our company policies, with the least friction.”

Pathik’s been generous enough to offer his time and expertise in sharing how he’s created this model at Informatica on next week’s webinar. Attend his talk and you’ll hear how he’s been able to both drive immediate tactical wins as well as deliver on broader strategic goals. Some quick wins include getting things right with vulnerability management, configuration management, and reducing the blast radius. Delivering on more strategic outcomes include leveraging Kubernetes as the control plane for both infrastructure and security, delivering security at the pace and scale of Kubernetes, and enabling security as code.

Don’t miss next Thursday’s webinar so you can ask Pathik for more specifics on how to drive effective DevSecOps today.