Twice a quarter DivvyCloud releases new product features, and we are excited to announce our fifth feature release of 2018! Collaboration with our customers and the community help shape these releases across all the pillars of our product: discovery, analysis, and automated action.
With this release, we now deliver continuous security and compliance to container environments in addition to public clouds. We also expanded support to include more services in AWS and GCP, and to increase the ability to apply policy to Identity & Access Management with a particular focus on GCP. Some highlights include:
- Support for Kubernetes: DivvyCloud now supports AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), Microsoft Azure Kubernetes Service (AKS). You can now monitor, apply policy and take action on six resource types: Containers, Pods, Ingress, Node, Deployments, and Services.
- Support for AWS Kinesis Firehose: DivvyCloud now helps you secure this real-time streaming data service in Amazon Web Services. Data security is top of mind for many customers and we help ensure that no matter where your data resides inside of AWS we can help you ensure that misconfigurations don’t create a risk of breach.
- Root Account Information: Securing your root credentials is a vital piece of cloud security and compliance.
- Cloud Service Cost Coverage: You can now build insights that identify risk of runaway spending and allow you to take action to prevent it.
Below we dive more deeply into these five highlights from our latest release:
- Support for Kuberenetes – DivvyCloud has expanded support to containers, and specifically Kubernetes. With the latest version of DivvyCloud, you can now govern container environments running on AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), Microsoft Azure Kubernetes Service (AKS). You can use DivvyCloud to monitor, apply policy, and take action on six resource types: Containers, Pods, Ingress, Node, Deployments, and Services. For the first time, customers can gain a holistic view of their cloud container infrastructure and apply policies across all the related and support elements (e.g., IAM and underlying or related cloud infrastructure.)
- Support for Kinesis Firehose – Amazon Kinesis Firehose is a fully managed, elastic service that can capture streaming data, transform the data, and then send the data to Amazon Elasticsearch Service. DivvyCloud monitors the configuration of two resource typesKinesis data stream and Firehose delivery stream.). We then provide the ability to compare configurations and configuration changes against the policies you have defined. When we identify a policy violation you can automate the remediation of this violation. To apply granular controls, DivvyCloud users can locate specific data streams via filtering by numbers of shards, data retention period, and encryption status. Users can also filter delivery streams by their delivery type. Data security is top of mind for many customers and we help ensure that no matter where your data resides inside of AWS we can help you ensure that misconfigurations don’t create risk of breach.
- Root Account Information: DivvyCloud can gain visibility into customers’ credential report to figure out if the root account is actually being used. Use of the root account in AWS is the biggest “no-no.” You’re never supposed to use it because it can effectively do everything in your account, and there is no attribution. For example, say I give four team members root account access, and a day later I see in my logs that root just deleted 50 instances. Who deleted the instances and why? I don’t know, and now there’s a problem. Now with the addition of the root account, administrators can quickly get visibility across all of their root accounts including the last time that the account was used, if it has two-factor and the count of active/inactive API credentials.
- Cloud Service Cost Coverage: DivvyCloud has added the ability to ingest your billing information from cloud providers. This makes it easy to analyze your historical spend on one or more cloud services. But more importantly you can now use this data to drive action inside the DivvyCloud platform. For example, you can then configure policies around cost and service tracking that alert when spending exceeds thresholds you have set. For example, many customers are concerned about developers experimenting with a new cloud service that may be extremely expensive. All too often, a well-intentioned person starts up a service to experiment, gets distracted, forgets about the service, and a month later a massive bill comes due. These types of cost overruns are a nightmare scenario that we can now prevent. For example, you might configure a policy to alert if anyone in your organization spends more than $100 in a given period on Amazon Athena. This way you can proactively have visibility when developers start experimenting with new and novel cloud services that might run up the bill.
DivvyCloud delivers comprehensive policy-driven security, compliance, and governance for cloud infrastructure (AWS, Azure, GCP, Alibaba Cloud, VMware, and OpenStack). Our software performs real-time discovery of connected clouds, distills this data into actionable insights, and then makes it easy to configure policies that are automatically enforced across all clouds. In essence, we provide virtual guardrails for security, compliance, and governance that help customers like GE, Discovery, and Fannie Mae go big and go fast in the public cloud, but still stay secure and compliant.