In search of a security product built for the cloud

Glovo has experienced rapid growth since its founding in 2015. Today, more than 15 million yearly active users rely on the Glovo platform for rapid on-demand delivery from local businesses such as restaurants, supermarkets, and retailers.

As the company grew its feature set and AWS cloud environment, Eloi Barti, Head of Platform Security at Glovo, wanted to scale security at the same rate. To do so, Barti sought to bring a culture of security to the forefront for engineering teams.

Improving security across a distributed organization

Glovo’s engineering teams are built to work autonomously to continuously deliver value to their customers. Each team is accountable for the deployment, functionality, and security of its own code. However, when it came to security, Barti said Glovo used several different tools, and engineers didn’t know which security tool to look into when an incident occurred and required investigation. Engineers had to search through the various tools, quickly acclimate themselves to the context the tool provided, and manually correlate disjointed fields to understand if alerts were false positives or true security incidents.

For Barti, a centralized solution that was quick and efficient to integrate into existing engineering workflows was essential. “When teams are autonomous and moving at speed, they need to have intuitive tools that enable visibility,” he said. “If you introduce tools that engineers don’t use daily, or require them to pivot to another tool, you’re going to hit friction.”

To address its needs, Glovo chose Datadog Cloud Security Management.

With Datadog, Glovo engineers were able to get unified visibility into the health, performance, and security of its applications—all in one place. “The security team scaled quickly by leveraging the data pipelines already built out by the SRE team, integrating security into existing workflows and receiving security alerts in real time,” Barti said.

Unified visibility enables collaboration

Datadog Cloud Security Management enables better collaboration across Glovo when detecting security incidents or deviations from security policies. For example, Glovo was able to increase the percentage of resources adhering to their deployment process from 70 percent to 99 percent within a few months of deploying Cloud Security Management. Additionally, they were able to integrate Cloud Security Management with AWS CloudTrail to scan audit logs from their EC2 instances to quickly identify misconfigurations. Cloud Security Management gave the security team the visibility and breadth to continuously monitor their cloud infrastructure for vulnerable and obsolete resources.

Cloud Security Management brings value to Glovo in three unique ways. First, because the engineering team was already using Datadog for their observability needs, Cloud Security Management was frictionless to activate. With Datadog’s single agent, Glovo’s security team was able to leverage the complex pipelines already built out by engineering and apply security context to the metrics, traces, and logs sent to Datadog. This allowed for a smooth collaboration between the two teams that didn’t disrupt existing workflows, thus instilling a culture of security throughout the organization and removing knowledge silos.

“With Cloud Security Management, the boundaries between the SRE and security teams are blurred. We work as a single team to make our company more secure, stable, and reliable.”

Second, in addition to the frictionless installation, Barti was able to scale the security organization with speed by leveraging hundreds of out-of-the-box detection rules and creating complex custom rules tailored to his environment without a complex query language. Teams were now able to fine tune the detection within their environment—all through the Datadog UI.

Finally, Cloud Security Management provides engineers a unified view and context of observability and security insights in one platform for better efficiency when developing and securing their application. It's especially critical for security not to be a hindrance given the speed at which Glovo engineers deploy. Datadog helps teams reduce the time it takes to address security issues within their AWS cloud infrastructure with actionable guidance on remediation and by integrating with AWS Cloudtrail to scan audit logs and resolve misconfigurations quickly. They are so familiar with Datadog that they know right away when a security incident is occurring and can identify and remediate such incidents quickly rather than waiting for the security team and having to manually correlate disjointed fields.

As Glovo continues to enable new feature sets for its customers, having a unified platform to enable security, performance, and stability as part of its DNA will help set the company apart.

“Datadog is our differentiator,” Barti said.

Learn how Datadog Cloud Security Management simplifies cloud-native security across teams.