The value of automation in the security world is well-understood. Eliminating manual tasks and automatically updating policies based on environmental changes are just two examples of how you can reduce administrative effort while improving your security posture.
In public cloud deployments, the value of automation increases significantly, allowing you to use the cloud to move toward more rapid and iterative application development methodologies. Automation can also be used to eliminate the bottleneck that infrastructure security change control best practices can inject. The combination of native template technologies and third-party tools, like Terraform, allow you to embed security into your application development framework. With the newly available Terraform Provider for PAN-OS, you can now use a single tool, Terraform, to automate the creation of your cloud environment, along with the deployment and configuration of the VM-Series firewall.
Using an existing provider for AWS, Azure or Google Cloud, you can automate the creation of a VPC on AWS or Google Cloud, or a Resource Group in Azure, complete with a VM-Series firewall. Then, using the new Terraform Provider for PAN-OS, security teams can fully automate the configuration of the (deployed) VM-Series virtualized firewall, effectively performing end-to-end deployment automation and embedding security into the application development framework. Here are some of the immediate benefits:
- As new projects are initiated, an entirely new secure dev environment can be created on the fly, with little to no human intervention. When a new feature is added to an application, rather than update the app itself, customers can build a completely new environment, simultaneously eliminating the old environment.
- Application environments can be easily replicated across the different geographic regions on an as needed basis.
- Customers using a combination of AWS, Azure and Google can benefit immensely from automation tools, like Terraform, as they allow you to use one tool, across all clouds.
- Automation not only ensures security is part of the application environment, it also ensures security consistency at the cloud provider level by pre-configuring the services in use and, at the infrastructure level, by deploying and configuring a VM-Series firewall.
To learn more, check out these resources and get started with your automation project today:
- Terraform provider for PAN-OS example
- Terraform providers for the cloud
- Terraform provider for PAN-OS
- Additional automation tools and resources
But wait, there’s more! Not only can the Terraform provider for PAN-OS help you automate security for VM-Series firewalls deployed in the public cloud, it can also help automate the configuration of our physical next-generation firewall appliances. An example might be a widespread firewall deployment to remote locations. In that scenario the appliance can be shipped on site, connected to the network, and the Terraform provider used to install an initial config that then reaches out to Panorama for security policy deployment and centralized management.