Lack of Visibility & Transparency
The use of cloud is increasingly the preferred approach for enterprises to drive innovation and digital transformation. However, most security and operations professionals continue to lack visibility into the cloud services being used. DivvyCloud provides you with the ability to continuously monitor the state of Amazon Web Services, Microsoft Azure, Google Cloud Platform, Alibaba Cloud, and Kubernetes (EKS, AKS, and GKE).
DivvyCloud uses a best-in-class two-tiered approach to visibility, combining API polling and event-driven monitoring for the fastest detection of changes available on the market.
DivvyCloud’s Compliance Scorecard helps you gain visibility into the risk associated with your cloud and container services, and audit compliance with important standards. The Compliance Scorecard can assist teams of all types (auditors, operations, security teams, and managers) in identifying areas with possible compliance issues, as well as providing guidance to remediate those issues. Using a heat-map type visual, as well as summaries and history of noncompliant resources, customers can readily see where they are failing compliance checks.
Once you have visibility, you can use DivvyCloud’s automated, real-time remediation to achieve continuous security and compliance, and can fully realize the benefits of cloud and container services.
Misconfiguration
Customer level misconfiguration of cloud services is the number one reason for security and compliance risk. When using cloud services (IaaS, PaaS, Serverless, FaaS, and CaaS), security is a shared responsibility between the cloud service provider and the customer.
You as the customer are responsible for securing how you use the cloud services, including properly configuring identity and access management (IAM), storage and compute settings, threat analysis and defense, and the security of the application and data processed and stored in the cloud.
Therefore, secure cloud configuration must be a dynamic and continuous process. At a base level, there is the configuration of the cloud infrastructure (e.g., blocking SSH ports, and IAM). Next, there is the configuration of the CSP security controls (e.g., enabling log monitoring and encryption). And, finally, SecOps teams must address changes to settings (e.g., detecting and acting on a threat actor turning off logging to cover their tracks).
With DivvyCloud, all changes —no matter how they are implemented (via console, provisioning tools, or programmatically) are detected by DivvyCloud because monitoring is achieved through a two-tiered approach that includes API polling and event-driven notification for faster detection of changes and automation in real-time. This allows DivvyCloud to identify misconfiguration and resolve them with automated, real-time remediation.
With DivvyCloud you can accelerate innovation through the use of cloud and container services while minimizing the risk of misconfiguration
Policy Violations
The use of cloud and container services delivers unparalleled ability to rapidly bring new products and services to the market, and flexibly scale these in real-time to meet demand. This agility is often reliant on providing self-service access to developers and if not approached properly this can create a loss of control.
The good news is that a multitude of standards and frameworks exist to help companies establish baseline policies to ensure that they are using the cloud in a secure, compliant, and well-governed fashion.
DivvyCloud delivers hundreds of out-of-the-box policies that customers can use to automate the detection and remediation of policy violations. These policies map back to the major standards and frameworks, including PCI DSS, HIPAA, GDPR, SOC 2, ISO 27001, CIS AWS, CIS Microsoft Azure, CIS GCP, CIS Kubernetes, NIST CSF, NIST 800-53, FedRAMP, and CSA CCM. You can also modify and create your own policies, and merge or create new compliance packs.
With automated, real-time remediation DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology without the loss of control.
Threats
When using cloud services, security and operations teams can be quickly overwhelmed with what to do with the large volume of threat signals being received from a heterogeneous set of sources. Without being able to decipher signal from noise, security and operations professionals may not be able to identify true risk and act on it in a timely fashion.
DivvyCloud delivers a unified approach to monitoring and responding to threats to your cloud accounts and workloads across multiple clouds, and makes it easy to implement automation that reduces remediation and recovery time.
To deliver threat protection, DivvyCloud integrates with Cloud Service Provider (CSP) services (e.g., Amazon GuardDuty) and other partners (e.g., Tenable) for best-in-class intelligent threat detection that continuously monitors for malicious activity and unauthorized behavior. These services use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Example activities that can be detected include crypto-currency mining, credential compromise behavior, communication with known command-and-control servers, and API calls from known malicious IPs.
When a threat is identified, DivvyCloud can perform automated remediation actions including reconfiguring cloud services, making changes to cloud infrastructure, driving human-centered workflows with integration into systems like ServiceNow and Jira, and orchestrating workflow actions in other security and management systems.
With automated, real-time remediation DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology without the loss of control.
Identity and Access Management (IAM)
Customers are adopting cloud and container services at scale in order to accelerate innovation. In this new era, Identify Access Management (IAM) becomes core to your ability to make cloud and container services secure and compliant. This has led to the rise of the saying “identity is the new perimeter.”
The challenge is that IAM is extremely complicated, and governing it in a self-service approach to cloud can be time-consuming. In these environments, everything has an identity: users, applications, services, and systems. This provides enormous flexibility, but also creates the opportunity for substantial risk, as every service is potentially reachable by every other service, regardless of location, but only if an implicit trust is defined.
Developers and other IT professionals are sometimes overwhelmed by the IAM options available as they face competing goals: securing the environment while quickly accomplishing their jobs. Further complicating this is the fact that the initial controls they implement will likely need to grow and adapt without disrupting productivity as cloud use scales and changes.
DivvyCloud helps govern IAM and create a rational and sustainable approach. DivvyCloud helps you address perimeter fluidity and the substantial challenges created by security professionals having to govern cloud environments at scale.
Protecting the identity perimeter at scale requires automated monitoring and remediation around access management, role management, identity authentication, and compliance auditing. DivvyCloud helps you build a circle of trusted identities and layers of trust.
For example, we help automate a number of elements of IAM governance including:
- Strong authentication: enforce MFA policies on cloud user accounts
- Least privilege: provide checks to restrict identities to do no more than they are supposed to
- Secure service accounts: manage service accounts and service account keys securely
- Auditing: enforcing best practices for the use of audit logs and cloud logging roles
- Policy management: ensure that you’ve implemented and managed your policies appropriately including identity-based policies, resource-based policies, permission boundaries, service control policies, access control lists, and session policies
With automated, real-time remediation DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology without the loss of control.
Data Breaches
Consumer privacy (or the lack thereof) is a huge societal concern and the focus on protecting privacy is manifesting itself through many forms, including regulation like the California Consumer Privacy Act and General Data Protection Regulation. As a backdrop to this is the shocking news that 2019 is on track to be the worst year on record for data breaches, according to a report from Risk Based Security which finds the number of reported breaches has gone up by 54 percent and the number of exposed records by 52 percent compared to the first six months of 2018 with over 3,800 data breaches reported in the first half of 2019.
Most of these breaches are caused by organizations not making adequate and appropriate investments in cloud security. However, companies are under increasing pressure to make appropriate investments to ensure that consumer data is being protected in their race to the cloud. This is where DivvyCloud comes in.
Our software can form the strategy that allows companies to both embrace public cloud for innovation and do so at speed and scale, while not giving up control or sacrificing security and compliance.
DivvyCloud protects your cloud and container environments from misconfiguration, policy violations, threats, and IAM challenges. With automated, real-time remediation DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.