Morgan Stanley has freed up its cloud service developers by building automated cloud security controls by default using Terraform and Sentinel.
Brett Tegart and Itay Cohai recount how their team at Morgan Stanley implemented secure Terraform modules that enforce cloud security controls by default, allowing free development of cloud service provider accounts and resources without requiring additional security review. Sentinel policy as code was the key. They wrote policies that blocked direct creation of Terraform resources, limiting users to the secure modules that derive values from the Terraform or CSP environment instead of allowing user input.
How Deutsche Bank Onboarded to Google Cloud w/ Terraform
Vault in BBVA, Secrets in a Hybrid Architecture
Boundary (with Vault) at the Crypto ATM Bank of Canada
On-demand access to earnings via self-serve infrastructure at Earnin