Latch

Latch uses the Tenable Cloud Security Platform for AWS to automate the least privilege for new services

Latch is focused on monitoring, maintaining, and improving the security posture of the Latch cloud environment. This includes identifying and coordinating the remediation of vulnerabilities, reviewing and consulting on cloud architectures, and developing tooling and automations for common security tasks in concert with security analysts and site reliability engineers (SREs).

It was extremely important for Latch teams to gain full visibility into all of its AWS identities and any risks related to access permissions to the many AWS services the organization was using. Among the risks Latch sought to understand was potential Internet exposure of any of its AWS resources.

Latch also aimed to integrate mitigation of such risks into its organizational workflows. Further, laser-focused on enforcing least-privilege principle across their cloud environment, servers, databases, and SaaS platforms, Latch sought to leverage technology to bring least privilege efficiencies and accuracy to its site reliability team.

Tenable Cloud Security Overview and Value Delivered to Latch

Tenable Cloud Security is an APN Advanced Technology Partner, ISV Accelerate, and ISV Validated SaaS security solution that provides an easy understanding of potential cloud security risks that can lead to the breach of a client’s environment. Tenable differentiates through granular visualizations and analysis of combined exploits like cloud misconfigurations and the over entitled access rights that machine or human identities have over IaaS or PaaS cloud infrastructures. In addition, Tenable has the unique ability to remediate these risks via IAM rights policy enforcement, allowing clients to focus and leverage an Identity Defined Security strategy like the principle of Least Privilege or Zero Trust.

• Tenable provided Latch with a method to implement the principle of least-privilege access to its cloud environments.
• Tenable provided granular visualization and analysis around Latch’s cloud infrastructure risks associated to entitled identity permissions on various AWS services.
• Latch is leveraging Tenable Cloud Security to identify potential AWS role access risk and public exposure of its AWS resources, and to identify and coordinate the remediation of these vulnerabilities.
• Through Tenable’s integration with tech partner solutions like Atlassian Jira and HashiCorp Terraform, Latch has been able to streamline its security response workflow automation.
• Latch’s SREs are using Tenable auto-generated least privilege policies in its AWS CloudFormation and Terraform templates to build secure AWS roles and policies into its new services.

Tenable Cloud Security has enabled Latch to automate periodic audits on all AWS IAM permissions, avoiding the expense of a third party Privileged Access Management platform.

Latch, in using Tenable’s cloud security solution, has been able to achieve a better Identify Defined Security outcome for their cloud environment. Tenable has enabled Latch’s Security Analysts and SREs to continuously provide cloud security architecture reviews and easily automate the analysis of AWS IAM policies and permissions. Compared to the organization’s legacy approach, this has saved Latch hours of time and the headcount equivalent of three to four additional analysts.

Latch’s Next Steps with Tenable

• Latch plans to expand use of Tenable Cloud Security recommended policies in its CI/CD pipeline to further implement least privilege practice and remediate any excessive identity entitlements during its IaC deployments.
• Latch seeks to leverage Tenable Cloud Security reporting to produce compliance evidence for audit requests pertaining to cloud infrastructure.
• Latch would like to consolidate their existing security tools and leverage Tenable’s anomaly detection feature to proactively spot and mitigate AWS cloud security risks early on.