Here at DivvyCloud, we are incredibly thankful to our valued customers who provide us with ongoing feedback on what they want out of their chosen cloud security and compliance solution. Without their continued engagement as our customers and partners, DivvyCloud would not be the product it is today.
We are pleased to present the latest version, DivvyCloud Release 20.4, which is based on direct feedback from our community of users. Highlights of this major release include:
- an updated HIPAA Compliance Pack;
- an updated GCP CIS Benchmark Pack;
- an Insight/Bot versioning system;
- modified evaluation of AWS S3 public access block settings; and
- several Azure-focused enhancements.
Updated HIPAA Compliance Pack
Because cybersecurity frameworks change over time, so do we. As we continuously work to update our compliance packs, our customers see these changes in the number of Insights that map to specific frameworks. Our new HIPAA Compliance Pack includes DivvyCloud Insights that map to HIPAA Security Rule requirements. This pack is important for organizations that store electronic personal health information within their cloud environment.
Updated GCP CIS Benchmark Pack
But wait, there’s more! We’ve updated the Center for Internet Security (CIS) – Google Cloud Computing Platform (GCP) Compliance Pack. This is an updated version from the previous GCP CIS Benchmark. CIS made some changes since the last benchmark, so we’ve updated the pack to reflect those changes.
If you use custom Insights and Bots, you can now take advantage of the Insight/Bot version system, which provides the ability to fall back to the last known good configuration of your custom Insights and Bots, should any issues arise.Each time an Insight or Bot is updated, a version is recorded and set as the active version.
AWS S3 Public Access Block Setting
DivvyCloud now takes into account AWS S3 public access block settings when evaluating a bucket for public access. Specifically, the RestrictPublicBuckets and IgnorePublicAcls settings are now evaluated against public IAM policies and public access control lists, and the bucket will not be marked as public if those settings are in place. Additionally, we have expanded S3 public access block visibility into AWS GovCloud and enhanced the filter “Storage Container Without Preventative Public Access Enforcement” to take in multiple options so you can build more complex policies that suit your business needs.
We’ve added or enhanced over a dozen filters to align with Azure Security Center recommendation checks. We’ve also enhanced visibility and support several Azure resources, including Azure SQL managed instances, Azure Web Apps, and Azure blob storage.
For the full rundown, please refer to our Release Notes.
Do you have specific features or capabilities in mind for DivvyCloud? We want to know. Email email@example.com with your suggestions.
DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.