LawnStarter Gains Visibility with Automated Security from Lacework and AWS

With visibility into its Amazon Web Services (AWS) environment made possible by Lacework, LawnStarter gains the ability to proactively address emerging threats, maintain compliance, and increase its security posture. LawnStarter’s lean team also gains actionable intelligence to manage security more effectively

LawnStarter founded its business with the goal of making lives and homes better by taking lawn care off its customers’ growing to-do lists. Using the online, on-demand platform, built on AWS, customers can search for and schedule services with insured and vetted outdoor service providers who offer lawn mowing, tree care, landscaping, pest control, and many other outdoor services.

LawnStarter collects customer and provider data, and uses it to determine accurate pricing, ensure quality service, and offer seamless transactions online. For example, LawnStarter uses a customer’s address to determine the best pricing in the neighborhood. The data also helps LawnStarter organize its providers’ routes by location, which gives them the opportunity to do more jobs per day.

As with many startup organizations, LawnStarter’s initial focus was on acquiring and retaining customers and building for the future—with security as an afterthought. That was the case when Alberto Silveira joined LawnStarter as the Head of Engineering. After conducting a manual technology audit, Silveira found that LawnStarter lacked visibility into its cloud infrastructure. There were no mechanisms in place to identify non-compliant resources, vulnerabilities, or anomalies. LawnStarter also had a lean security team with limited knowledge of how cloud infrastructure was created and maintained efficiently.

Silveira and his team sought support from AWS Partner Lacework to gain a view of LawnStarter’s resources in the cloud to keep up with its share of the AWS Shared Responsibility Model. Under the model, AWS is responsible for protecting the infrastructure that runs all the services offered in the AWS Cloud, providing the highest levels of security possible and aligning with numerous compliance programs. As an AWS customer, LawnStarter is responsible for the security of its resources in the cloud, keeping its content secure and compliant.

LawnStarter needed to quickly identify insecure and exploitable misconfigurations and regulatory compliance violations due to drift and misuse. Also, Silveira wanted the ability to embed security across LawnStarter’s software development pipeline to allow those with less security knowledge to build and deploy secure code.

Silveira’s overarching vision for LawnStarter was to build a “one team, one heart” culture where security became everyone’s responsibility and not just the security team’s. This aligns with the DevOps practice of shifting security left—or earlier in the application development cycle.

The Lacework Polygraph® Data Platform provides LawnStarter with progressive layers of protection by embedding security at multiple stages of its software delivery lifecycle from build to production. For development teams, embedded and automated security means they can accelerate development cycles with confidence.

LawnStarter uses container images to build its infrastructure, so the Lacework team helped LawnStarter integrate its Docker Hub container registry into the platform to gain visibility. Lacework also shared best practices for how to view and use the container vulnerability data within the platform, such as sorting and grouping the data. The ability to identify unexpected risks and threats much earlier in the development cycle gives LawnStarter a greater understanding of where issues happen, so the team can build more resilient infrastructure.

The platform allows Silveira and his team to protect its data—and that of its key stakeholders—by continuously scanning LawnStarter’s cloud environments for misconfigurations. Lacework analyzes LawnStarter’s AWS CloudTrail logs and automatically discovers and catalogs users, services, security groups, and secrets that are active within LawnStarter’s AWS environment and compares them against industry frameworks and compliance requirements. LawnStarter can quickly pull customized reports created by Lacework to see which resources are compliant or not.

As a result, LawnStarter has seen a 75 percent decrease in compliance violations over the past year, which has saved the company a significant amount of time and money. LawnStarter now has a strong compliance practice that is essential to earning and maintaining trust with customers, providers, investors, and advisors.

Lacework provides expertise with automated cloud security that is simple to use, effective, and DevOps friendly. The unified platform can be deployed with ease and at scale. For example, Lacework connected to LawnStarter’s AWS instance in seconds, providing near-immediate value.

LawnStarter also reduced its alert volume. By reducing the number of and improving those alerts with context-rich investigative capabilities, Silveira and his team can quickly identify and focus on the most critical items that need immediate attention. Consolidating multiple compliance tools into one platform translates into efficiency and cost savings for LawnStarter by eliminating the need to expand its existing security team and resolving security issues earlier and faster.

Through proactive threat identification and mitigation, Lacework helps to improve LawnStarter’s security posture, reduce attack surfaces, and protect applications. Now LawnStarter can maintain a secure and compliant environment with comprehensive visibility and automated remediation that reduces annual breach risk. This frees up time for LawnStarter to focus on what really matters—growing its business by making its customers’ and providers’ lives better.