Each release affords us the opportunity to reaffirm our commitment to our customers, our partners in cloud security. Rather than producing prescriptive, one-size-fits-all cloud security solutions, we strive continuously to align our customers’ needs and priorities to our product roadmap, with the ultimate goal of enabling innovation for them, whatever their business goals may be.
This release is no different. Using valuable feedback directly from our customers, we are pleased to present DivvyCloud Release 20.3. Highlights of this major release include:
- An updated ISO 27001 Compliance Pack
- Improvements and enhancements to the Compliance Scorecard
- Improved visibility and new permissions
- Several new filters
Updated ISO 27001 Compliance Pack
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organization. The requirements are generic and are intended to be applicable to all organizations, regardless of type, size or nature. While complying with ISO 270001 is optional, organizations that choose to implement these controls benefit from the reassurance that they are following best practices. Regardless of whether you use AWS, GCP, or Azure, you as the CSP customer, are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within ISO 27001.
Ensuring compliance with any standard is challenging, particularly when using more than one CSP. The updated ISO 27001 Compliance Pack includes dozens of Insights that map directly to ISO 27001 requirements. For example, the two following requirements align with ISO 27001 by utilizing DivvyCloud within your cloud environment:
- A.12.6.1 – Management of technical vulnerabilities
- A.18.2.3 – Technical compliance review
More information about the updated ISO 27001 Compliance Pack is available here.
Compliance Scorecard Improvements
The DivvyCloud Compliance Scorecard offers a visually intuitive representation of how compliant your cloud environment is. This release includes multiple enhancements, which include the following:
- The scorecard heatmap will now display the last time (in UTC) a successful harvest occurred.
- The compliance scorecard export will now include 14 day historical totals for Insight Pack violations by severity over time, as well as aggregate totals.
- Improved user navigation, allowing users to navigate to and click on “Manage Subscriptions” and “Manage Exports,” regardless of filter states.
- Numerous improvements to the exported Compliance Scorecard, including a new column for Insight severity associated with the control, notes for Insight exemptions, and columns for “Resource Type” and “Identified At.”
For additional details on the Compliance Scorecard, review the updated product documentation here.
DivvyCloud 20.3 includes several new features to improve overall user experience, including new filtering, tags, badging, and actions.
Among the new filtering and visibility improvements in this release, there is now added support for plugin filters on the Filters page. Users can now toggle to view their custom filters using the Owner sort option.
Tags and Badging
DivvyCloud 20.3 offers something for each of the big three CSPs:
- Added tag visibility and lifecycle support for AWS ECS Task Definitions
- Added tag support to Azure SQL databases
- For GCP organizations with enabled auto badging of projects, all clouds corresponding with a project that does not have a parent folder will have a cloud_org_path badge with a value of ‘/’ to signify they are at the root.
This release offers two exciting new bot actions: one to remove public EKS access and one to create AWS CloudTrail resources.
As always, you can find the full release notes on our docs page.
DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.