Rob Perrin, Senior DevSecOps Engineer, and his team faced the challenge of efficiently integrating security into their DevSecOps processes. As their operations grew rapidly, they needed a solution that would automate security tasks, streamline workflows, and ensure compliance. This case study explores how Weedmaps leveraged Swimlane’s low-code security automation platform to enhance their DevSecOps processes, improve productivity, and achieve their security goals.
Weedmaps is a leading cannabis technology platform providing integrated solutions for cannabis consumers and businesses. With the ever-evolving regulatory landscape and growing security concerns, Weedmaps recognized the importance of integrating security practices seamlessly into their development and operations workflows. They sought a comprehensive security automation platform that would enable them to build out custom DevSecOps automations, enhance collaboration, and maintain security performance and compliance requirements.
Prior to adopting Swimlane, Weedmaps identified a core challenge related to implementing DevSecOps holistically within their organization. Rob Perrin, Senior DevSecOps Engineer explains, “The need was to adopt a DecSecOps culture inside of the security organization. For security teams in general, we need to adapt to operate effectively in the modern software development world.”
Collaboration and Communication
The absence of a centralized platform hindered collaboration between the security, development, and operations teams. Siloed workflows and communication gaps impeded effective incident management and slowed down the resolution process.
“We needed an integration solution with limited middleware that we don’t have to manage, that can also operate within a complex DevOps world. One where security must be integrated with a much earlier strategy than previously realized.”
Compliance and Regulatory Requirements
As a regulated industry, Weedmaps had to adhere to strict compliance standards. Ensuring consistent compliance across their infrastructure and applications required extensive manual effort and was prone to oversight.
Customizable Low-Code Security Automation
Weedmaps implemented Swimlane’s low-code security automation platform to address their DevSecOps challenges. Swimlane’s solution offered the following key features and benefits:
Endless Automation Possibilities
Swimlane’s low-code capabilities allowed Weedmaps to automate their security workflows, enabling the security team to focus on strategic tasks rather than repetitive manual work. Workflows were easily designed using a drag-and-drop interface, without the need for extensive coding or development expertise.
“Swimlane really caught our eye with its sandbox-y nature. We have a lot of gifted talent at our company and we want to give them freedom. But we also want to have a platform that we can rely on to be the central brain for everything around our automations. Nothing else out there really offered the flexibility for the automation we were looking at.”
Collaboration and Communication
Swimlane’s centralized platform facilitated seamless collaboration between teams. It provided a common workspace where security, development, and operations teams could communicate, share information, and respond to incidents in real-time, thereby reducing response times and enhancing overall efficiency.
“I would say that if you can dream it, you can do it with Swimlane. I’d encourage an organization to bring unique, greenfield ideas to the table from the start. That way, with Swimlane’s team, you can tailor the value of the project to your environment and culture.”
Seamless Integration and Orchestration
Swimlane integrated with Weedmaps’ existing security tools, streamlining the flow of information and enabling automated actions. One use case in particular was especially beneficial – XDR workflow automation.
“Our pilot use case and proof-of-value started off as a simple XDR workflow. So ingesting alerts from Palo Alto Cortex, and then doing a lot more interesting orchestration with the alerts after that. Less interesting, like creating Jira tickets. More interesting, like on the enrichment side and getting data in front of analysts.
By adopting Swimlane’s low-code security automation platform, Weedmaps experienced significant improvements in their DevSecOps processes. “A lot of our results are being realized in the areas of compliance and business intelligence. With the workflows we’ve built in Swimlane, we’ve achieved granular work tracking, flowing it to Jira, as well as incident response performance metrics.”
“Over time, the XDR workflow pattern built in Swimlane actually became our source of truth for our time-to-acknowledge metric – which is becoming an important SLA for many security frameworks. We’re tracking it diligently and it’s all custom built inside of Swimlane. Jira couldn’t do it properly, other tools couldn’t do it properly. I said ‘give me a week or two’ and we got it done inside of Swimlane”
“The thing that sets Swimlane apart from any other security organization or partner I’ve worked with is the professional service team. They’re so dynamic and so fluid. We have solved some extremely interesting and complex problems with Swimlane. I just keep looking forward to our sessions together.”
Explore Swimlane Turbine
The world’s most capable security automation platform