[fancyremarker]

(Founder of Aptible, a Heroku-like PaaS focused on security and compliance)

> dev teams face limits on what they can build securely, platform teams face limits on what secure by default and monitoring features they have time to implement, security operations teams have a lot of data points to look at, and in theory even changes in personnel in a couple of teams can have an impact on the threat posture for a given set of a company.

I couldn't agree more. It's too bad, because I believe most companies should be solving this by building on a battle-tested platform that provides a safe path for devs. In theory, platforms like Heroku improve cloud security by reducing margin for error. In practice though (as we're seeing), these platforms can introduce new security vulnerabilities in the layer they introduce on top of IaaS.

I also very much appreciate your comment about having a better way to evaluate the security of platforms without relying on public breach reports, or implicitly trusting what platforms say. I think the best thing is for platforms to be 100% transparent in how they implement security, namely by:

1. Running alongside IaaS services instead of layering a black box on top of them (coordinating, not fully abstracting)

2. Providing clear accountability for security defaults: every security default enforced by the platform should be represented in a validation that end users can view (if not alter)

[vageli]

> In practice though (as we're seeing), these platforms can introduce new security vulnerabilities in the layer they introduce on top of IaaS.

Isn't Aptible another layer on top of IaaS?

[fancyremarker]

That's how most of our customers use Aptible, yes. That said, we currently have our first customers running Aptible as an integration with AWS, and we believe this will be the most popular way to use Aptible in the future.

With this new product model, you integrate Aptible with your AWS account, and we provide functionality to provision high-level constructs like apps and databases that simply set up and coordinate AWS services like ECS, EKS, RDS, etc. Aptible only needs permission to write to a set of SQS queues in your account. To make sure things stay compliant, we set up AWS Config checks for every security control relevant to your chosen compliance framework(s), and maintain a set of managed IAM roles that you can assign to your dev team to ensure least-privilege access without having to constantly update IAM.