Enhanced policy management with GitOps and Terraform

Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code.

2 minutes read

When setting up a cloud security program, security teams are often tasked with creating the platform and authoring policies for environments they are not familiar with. While this approach may work for small or less complex environments, how do you scale this to hundreds of environments while considering every stakeholder's security needs and requirements? How do you build the proper controls and checks to ensure all the changes are compliant with your organization's security objectives?

A pragmatic approach is to leverage the expertise of all stakeholders, including cloud architects, DevOps, and developers, to build a more comprehensive and inclusive security program. This approach democratizes and establishes the proper approval process to ensure all policy changes have the appropriate oversight and do not accidentally increase risk. Security teams must review and approve new or existing policies and champion the organization's change control policy. This is where the Wiz GitOps workflows and Terraform come in.

What is GitOps workflow and why should you consider it? 

To begin, let's ask ourselves a seemingly simple question: What is GitOps? If you do a search or ask chatGPT, you will find many different definitions. In fact, everyone has his own. For example, HashiCorp and GitHub

Our Wiz GitOps workflow is simply about implementing development best practices to policy automation.  

  • Version control via Git or an equivalent 

  • The use of code to describe a desired state  

  • Automation tooling 

  • Collaboration between teams, especially for code review  

  • Integration in an automated CI/CD chain 

In short, it allows different teams to write their policies related to their specific needs as code and automatically push changes into production. It provides visibility and transparency as everyone who is authorized to do so can read and collaborate on the code. 

This makes it easier and more efficient to give more autonomy while having the ability to control, approve and block, if necessary, the deployment of new policies. 

At Wiz, we offer thousands of out-of-the-box policies, but we are also aware that each customer has different constraints and needs to implement them. 

That's why we are pleased to announce the new capability of our Terraform provider. It is now possible to manage the complete lifecycle of Cloud Configuration rules via code and to integrate into the GitOps process. 

We strongly believe that cloud security is a team sport. The combination of WIz project-based management and Wiz Gitops workflow helps accelerate the adoption of Devs and Cloud teams while improving the company's security posture. 

How to start with Wiz GitOps workflow? 

And this is just the beginning. We'll be adding more features as we go along. So stay tuned. All Wiz customers can start using the terraform provider right now. We recommend that you consult our documentation (login required). Please let us know if you have any questions, comments, or feedback. We love hearing from you. 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management