CIO Influence
CIO Influence News Cloud Security

Announcing the New Open Source Project Yor, Dynamic and Automated Cloud Infrastructure Tagging

Announcing the New Open Source Project Yor, Dynamic and Automated Cloud Infrastructure Tagging

Palo Alto Networks, the global cybersecurity leader, today announced the release of Yor, an open-source tool that automatically tags cloud resources within infrastructure as code (IaC) frameworks Terraform, AWS CloudFormation, and Serverless Framework YAML. Yor automates the tedious work of manually tagging cloud resources, helps security teams trace security misconfigurations from code to cloud, and enables highly effective GitOps across all major cloud providers.

Recommended ITech News: Centrica Names Cognizant as Exclusive Partner for SAP Business Process Transformation

“Effective infrastructure tagging is critical to tracking cost allocation, access control, operations, and of course security in the cloud,” said Barak Schoster, chief architect at Palo Alto Networks. “To date, this has been an all-too-manual process for developers, with each cloud provider and organization having different standards and naming conventions. By automating standardized tagging, Yor provides visibility and traceability from IaC configuration to cloud resources in production.”

Organizations can run Yor across all infrastructure resources to retroactively assign ownership and other meaningful tags based on IaC and git history data. Yor can also be built into the continuous integration and continuous delivery (CI/CD) lifecycle for improved traceability as infrastructure is modified and created. Having consistent tagging will make it simple to trace any misconfigurations back to the original code owners and editors, reducing the time to patch.

Recommended ITech News: Crossbeam Launches Partner Cloud

The Cloud Security Alliance noted in its recent report The State of Cloud Security Concerns, Challenges, and Incidents that misconfigurations were among the leading causes of breaches and outages as public cloud adoption doubled over the past two years. If a security team identifies a misconfiguration, having the tags for the developer owner simplifies triaging, so the ticket can be automatically assigned to the right developer. Yor’s use cases also extend beyond security by making it easier to tag resources to allocate costs from a finance and budgeting perspective.

“DevSecOps is about breaking down silos and improving productivity,” said Ismail Yenigul,open-source contributor and DevSecOps expert. “Imagine there is a SEV0 security incident — the last thing you want to do is spend hours identifying what caused a misconfiguration or track down the developer who wrote or modified the infrastructure code that is managed in Terraform, CloudFormation, or Serverless. Yor makes it possible to get answers to those questions immediately, for much more effective collaboration and faster mean time to resolution of incidents.”

Yor was built by Bridgecrew, the team behind the popular open-source IaC scanner Checkov which has been downloaded over 2 million times by developers. Bridgecrew was acquired by Palo Alto Networks in March 2021 and together they continue to invest in new and existing open source projects.

Recommended ITech News: IAR Systems And Secure Thingz Present Embedded Security Compliance Solution For Renesas RX

Related posts

TOWARDEX Completes Open Access Utility Entrance for CoreSite’s Boston Data Center

CIO Influence News Desk

Chaos and Enscape to Merge, Backed by TA Associates and LEA Partners

CIO Influence News Desk

Opsgility Partners with 3 Globally Recognized Certification Vendors to Deliver Cybersecurity Training to the Public and Private Sectors

CIO Influence News Desk