Overview

Xero, a cloud accounting platform for accountants and small businesses, recently completed a successful transition to fully becoming a DevSecOps environment through Project Xero: Agile Security in the Cloud. They had to create a security mindset among developers, while providing security tools that matched the pace of agile development.
Xero’s security team was the last stop before deploying new product innovations, often slowing deployment in order to secure new releases. As part of this project, the team used new technologies, best practices and a DevSecOps approach to replace the gates and gauntlets with guardrails and guidelines to accelerate innovation while maintaining security. Now, Xero developers are able to securely leverage cloud infrastructure and agile development without slowing innovation. Xero developers released more than 1400 new product features and updates in the last 12 months and will exceed this number in the next year.
Becoming agile and secure in the cloud was critical to Xero, largely because its cloud-based software protects the sensitive financial data of more than 700,000 global subscribers. In order to move on the project and continuously iterate and deploy new products and solutions, Xero enlisted its security teams, calling them “security as a service,” whereby they would operate as a supplier within Xero’s walls.
To achieve “security on-demand,” Xero deployed cloud-based technology, including CloudPassage Halo, to ensure its security posture did not remain static. Xero also worked closely with other leading enterprise security vendors to build scalable commercial and technical models to allow for on-demand security systems.
By deploying CloudPassage Halo, Xero was able to quickly allow its security teams to focus more efforts on proactive defenses and innovation to protect its customers. CloudPassage Halo has given Xero cloud server visibility within seconds of deploying; speed via automated processes baked in from day-one; and compliance via automation.