Blog

AWS and Checkmarx: Security at Cloud Scale

4 min.

June 3, 2021

Cloud application development is booming. In fact, IDC estimates that by 2023, over 500 million digital apps and services will be developed and deployed using cloud-native approaches. Today, the cloud delivers exciting opportunities for developers to create software at a previously impossible rate. But given this demand, organizations also need to ensure that security across applications and infrastructure is not compromised. It is critical to protect the IP of these apps and services, and security must have the ability to scale with cloud application development.
Today developers are under immense pressure to deliver quickly to the business, looking to adopt more agile development methods. In this intense environment, it is easy for developers to make mistakes and write insecure code unintentionally. This element of human error is why security must be intrinsic to the entire software development process and environment.
The baked-in security offered by cloud service providers like AWS means that components of the cloud environment are secure. However, organizations must still ensure that their developers secure their own code in the cloud. Therefore, security is the joint responsibility between the two parties.

A Secure Hand-Off to the Cloud

AWS ensures the cloud itself is secure, while Checkmarx secures the code organizations deploy to the cloud. In more detail, AWS is responsible for the security of the cloud, such as the router, switches, hubs, and so on.  While organizations are responsible for security in the cloud, in other words, they are ensuring that data, hosts, containers, serverless infrastructure, networks, user credentials, and resource configurations are secure. Upholding their side of the cloud security bargain means organizations must empower their developers to build security into applications and infrastructure configuration from the start. This shared responsibility is one of the key reasons why AWS customers should also be looking at Checkmarx because we help organizations ensure that code vulnerabilities never reach production.

A Vetted AWS Security, DevOps, and Public Sector Partner

Additionally, not only is Checkmarx one of the highest tier-technology partners (AWS Advanced Program Network partner), but we are also the first and only AppSec solution vendor to earn both the AWS Security Competency and DevOps Competency status. Public Sector agencies can also leverage our AST solutions as we are a member of the AWS Public Sector Partner Program. The competency and partner program qualification process involves AWS vetting, validating, and verifying Checkmarx’s deep industry experience, expertise, and track record of customer success in delivering specialized software.

A Shared Dev-Centric Approach to Industry-Leading Tech

Again named a “Leader” in the 2021 Gartner Magic Quadrant for Application Security Testing, Checkmarx enables organizations to easily automate application security testing as part of their cloud-based software development process without slowing down the development, delivery, and deployment timeline. The unique combination of the baked-in security that AWS delivers – enabling customers to get up and running in the cloud quickly, efficiently, and securely – combined with Checkmarx automated application testing safeguards organizations with end-to-end security so end users can feel a sense of ease.

Integration, Automation, and Orchestration

However, if a company’s developer workforce is not accustomed to incorporating security standards into their software development pipelines, Checkmarx’s developer-centric integrations will help. Developers can seamlessly embed security scans and reports, remediation guidance, and developer education into their existing workflows.
Checkmarx also has extensive integrations throughout the SDLC, like source code repositories and CI/CD tools like GitHub and GitLab. Checkmarx provides integrated support for AWS CodeStar services, allowing customers to initiate Checkmarx application security testing scans from AWS CodeBuild and AWS CodePipeline for code stored in CodeCommit. Checkmarx can integrate into virtually any other developer tool with ease, so regardless of the development environment, there’s automated and seamless code scanning within developers’ typical workflows before AWS cloud deployment.
Developers can scan different kinds of code at different stages in the development pipeline: raw, uncompiled source code before a commit; at the time of a commit or merge request; or during a code build, enabling greater efficiency between developers and AppSec teams, allowing them to scale.

Enabling Teams to Scale

Of equal importance in any cloud environment is the ability to scale and AWS Lambda combined with Checkmarx helps organizations to achieve this.  AWS Lambda automatically runs your code without requiring you to provision or manage infrastructure.  It automatically scales the application by running code in response to each event.
Watch a recap of our Checkmarx MeetUp to learn how to autoscale your Checkmarx scanning engines on AWS. >>
Likewise, Checkmarx’s unified platform delivers a single pane of glass which creates a host of efficiencies and time savings such as exploitable paths and automated feedback loops.  It eliminates the need for manual interventions and provides remediation guidance and recommendations as well as best fix locations. And if required, Checkmarx also provides support and education for just-in-time, vulnerability-specific lessons in Codebashing. This allows teams to build their knowledgebase with low impact on overall productivity.

Marketplace Procurement and Enterprise Discount Program

Finally, Checkmarx also enables customers to utilize their AWS Enterprise Discount Program (EDP) commitments. EDP provides enterprises with a discount based on volume or consumption purchase commitments. Let me give you a simple example of how an AWS EDP might work: for the next three years, the customer would commit to spending $5M on AWS services, and in exchange, receive a 13% discount. Even if the customer doesn’t spend $5M, they would still owe AWS $5M. This commitment model gives AWS customers a strong incentive to find strategically valuable ways to achieve their spending commitment. For those customers, purchasing Checkmarx over AWS Marketplace is an attractive proposition. For every dollar spent on Checkmarx, 50% of the purchase applies to their AWS spending obligations.
With the growth in cloud application development, the whole SDLC has accelerated once again, and security must scale at the same rate if organizations are to fulfill their part of the joint cloud security bargain. The speed of releases paired with modern application development trends could signal increased attack surfaces, so organizations need to know that they are building and deploying secure code.
However, it is not just the application source code that needs scanning. As mentioned, modern application development also drives the heightened use of third-party and open-source components, which organizations need to vet and evaluate with Checkmarx scans. This intersection is where the partnership between AWS and Checkmarx delivers the heavy lifting so that organizations can concentrate on building, testing, and deploying secure applications at the demanding speed of DevOps.
Want to learn more?
AWS Partnership Microsite
Related Resources:
Webinar: Autoscale Your Checkmarx Engines on AWS
Codebashing on the AWS Marketplace
Application Security | AWS Marketplace (amazon.com)