Cloud and DevOps

Create your own security package from Bridge’s full slate of cloud and DevOps services

Not in need of fully-managed cloud service? No matter how broad or pointed your platform gaps are, we can build a solution that works for you. Draw from our team’s cumulative decades of experience building and securing enterprise cloud platforms to bolster your organization’s compliance, optimization, automation, architecture, and implementation.

GCPCloud ServicesAWS
Cloud Security Assessments
Assess your cloud infrastructure against your compliance requirements
Service “Hardening”
HIPAA/HITRUST/NIST/PCI/ CIS/GxP-compliant hardening
and automation of cloud-native services
Cost Optimization
Specialized assessments and services to reduce both
your native and 3rd-party cloud spend
Workload Migration
Move on-site workloads or those from another public cloud provider
“Landing Zone” Deployment
Architecture, design, and full implementation of Terraform-based
cloud “Landing Zones”, including CI/CD, centralized security/logging,and “Account Vending Machines”
Tools from Palo Alto Networks, Cisco, F5, etc.Advanced architecture, design, and implementation
Inline inspection topology and 3rd-party ISV integration
Tools from Palo Alto Networks, Cisco, F5, etc. AWS Transit Gateway / Cloud WAN / DirectConnect / Route53 / AWS IPAM
3rd Party Security Tooling
Advanced configuration for Prisma Cloud, IBM Qradar,
Splunk, SecurOnix, Qualys, Tenable.io, etc.
GCP IAM and IAP integration for granular, policy-based control over access while maintaining an audit trail of user activity/session history, and (optionally) enforce MFA.Next-gen, Secure, Zero-Trust Access to Compute
Secure, cloud-native solution for access to compute resources without the need for a bastion or jump host.
AWS IAM and SSO integration for granular, policy-based control over access while maintaining an audit trail of user activity/session history, and (optionally) enforce MFA.
25+ unique solutions for security-focused auto-remediations leveraging cloud-native, serverless technologies (Cloud Functions, Pub/Sub, Cloud Run, OS Config Management, etc)Event-Driven Auto-Remediation and Self-Healing Infrastructure Solutions
Deliver near-realtime response & remediation capabilities and enable self-healing infrastructure to ensure your resources meet compliance and stay there.
150+ unique solutions for security-focused auto-remediations leveraging cloud-native, serverless technologies (Lambda, EventBridge, SSM, etc)
“Golden AMI” & “Golden Image” Pipelines
Development of flexible pipelines for generating secure, hardened base images (Golden AMIs/Container Images) based on CIS benchmarks
Automated Patching & Maintenance
Eliminate service/personnel-based overhead with our serverless solution for self-patching Windows/Linux/MacOS resources within your platform. Fully-automated, tag-based flexibility and configurable schedules for zero-touch maintenance.

AWS-specific services:​

  • Hardened AWS Workspaces with end-to-end automated provisioning & SSO. Ensure you have complete control over Developer, Consultant, and Vendor access with a scalable, cloud-based VDI solution.
  • Attribute-based access control (ABAC) for S3, EMR, and EFS. Support multi-tenant data lakes and large-scale data analytics, fully-automated with Terraform
  • AWS Storage Gateway – secure, auditable, petabyte-scale SMB storage backed by S3, integrated with Active Directory, and fully-automated via Terraform
  • Hardened EKS – Secure cluster provisioning with (optional) 3rd party workload protection (Prisma Cloud / Twistlock etc), fully-automated with Terraform & GitHub Actions
  • Automated Backup and Recovery – Ensure your organization can meet RPO, RTO, and compliance objectives with our flexible, programmatic, and fully-automated solution for backup and recovery supporting popular AWS services such as EC2, Aurora, DocumentDB, DynamoDB, EBS, EFS, FSx, Neptune, RDS, S3, and Storage Gateway
  • Validated NIST, HIPAA, and GxP solutions for popular applications such as SAP, Spotfire, RStudio, and Jupyter hosted in the cloud

GCP-specific services:

ASGARD Secure Cloud Platform:

  • Fully-managed, secure cloud platform built on a decade’s experience managing large, compliance-centric enterprise customers.
  • Blends the best of a security-focused MSSP with the repeatability, reliability, and reproducibility of a “Managed DevOps” partner
  • Enhances Google’s “BeyondCorp” zero-trust security model for comprehensive defense-in-depth with always-on DLP
  • Supports 65+ “hardened” GCP services
  • Backed by an industry-leading tech stack, deployed and operated completely as Infrastructure-as-code
  • Fully-integrated with Prisma Cloud MS for enhanced CSPM, Code Security, and Workload Protection

Security Command Center (SCC)
Key Management (KMS)
Secrets Manager
Access Context Manager
VPC Service Controls
Identity-Aware Proxy (IAP)
BeyondCorp
Binary Authorization
GCP IAM
Data Loss Prevention (DLP)
Certificate Authority Service
Access Approval
Cloud Armor
Organization Policies
Cloud IDS
Chronicle
Web Security Scanner

Cloud-Native Security Tooling

Design, integration, automation, and implementation for cloud-native tools

SecurityHub
GuardDuty
Inspector
AWS Organizations
AWS Config
Detective
CloudTrail
CloudWatch
AWS WAF
Shield
KMS

DevOps and Automation Services:

  • CI/CD pipeline architecture, design, and implementation – Level-up your DevOps capabilities with custom-built CI/CD solutions backed by the industry’s leading technologies (GitHub Actions, Jenkins, Terraform, Ansible, Packer, Jira, etc)
  • “GitOps” Accelerators – Improve time-to-implementation, reduce development cycles, and improve security with “GitOps” based cloud DevOps/DevSecOps accelerators
  • “Shift-Left” Security Accelerators – Ensure your teams can identify and block misconfigurations and vulnerabilities as early in the SDLC as possible with layered capabilities for IaC/Code security, CI/CD security, and runtime security
  • Extensive Experience with the HashiCorp tool suite (Terraform Enterprise/Cloud/OSS, Vault, Packer, Boundary, Vagrant, HCP, etc):
    • Terraform Enterprise deployments
    • Vault deployments
    • Terraform Cloud and HCP deployments
    • Custom CI/CD pipelines leveraging Packer, Terraform, Vault, and Ansible
  • Extensive Experience with RedHat/IBM Ansible and Tower:
    • Ansible Core/OSS & Tower deployments
    • Configuration management (cloud & on-prem) via Ansible/Tower
    • Ansible/Tower network, storage, and security automation
  • IaC Accelerators – Leverage our experience automating infrastructure at scale and transition your organization toward DevOps, DevSecOps, and Infrastructure as Code. Our experts will design, implement, and educate your teams on Infrastructure As Code solutions for both cloud and hybrid environments.