SecOps at Scale with Continuous Cloud Compliance

Cloud Compliance is critical in the digital transformation journey. It's best that Compliance isn't treated as a tactical check-box exercise. Instead, approach it as a strategic imperative to unlock a critical competitive advantage. To make it a reality you need to leverage automation that not only assures compliance but also reduces the cost of ensuring continuous cloud compliance.

Learn about how you can unleash this competitive advantage with CoreStack's continuous cloud compliance utilizing the Abstracted Cloud Compliance Controls (AC3) framework in the Webinar below. A transcription of the video text is available at the end of this article for your easy reference.

CoreStack empowers Compliance and Security teams with Enterprise Cloud Compliance (ECC), which applies the unique framework – Abstracted Cloud Compliance Controls (AC3), to enable continuous cloud compliance, with these key benefits:

  • Abstract controls across standards such as NIST 800-53, FedRAMP, PCI DSS, and ISO27017
  • Leverage additional meta-data for control implementation and monitoring
  • Identify equivalent controls across standards
  • Map different cloud services to the controls
  • Baseline controls for various levels of compliance – Standard, Advanced, Premium
  • Abstracted Cloud Compliance Controls (AC3) Framework Supports Multiple Industry Standards and Regulations.

CoreStack Enterprise Cloud Compliance (ECC) offers a rich repository of 800+ policies mapped to various controls. Assess once and obtain compliance posture against multiple industry standards, regulations, and best practices relevant to your organization from the list below.

  • AWS WAF – Amazon Web Services Well Achitected Framework
  • CIS AWS – Center for Information Security Amazon Web Services Foundations
  • CIS Azure – Center for Information Security Microsoft Azure Foundations Security Benchmark
  • FedRAMP-High – Federal Risk and Authorization Management Program, HIGH
  • FedRAMP-Moderate – Federal Risk and Authorization Management Program, MODERATE
  • HIPAA – Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27001 – Information Technology | Security Techniques | Information Security Management Systems
  • ISO 27017 – International Standard Organization Security Controls for Cloud Services
  • NIST – National Institute of Standards and Technology
  • NIST-CSF – National Institute of Standards and Technology Cybersecurity Framework
  • NIST-HIGH – National Institute of Standards and Technology, HIGH
  • NIST-MODERATE – National Institute of Standards and Technology, MODERATE
  • PCI DSS – Payment Card Industry Data Security Standard

To learn more about AC3 and how it enables organizations such as yours to achieve continuous and autonomous cloud compliance, please set-up a no-obligation demo at corestack.io/compliance

Automatically enforce policies to fix the violations and achieve 100% cloud service-level compliance.

—————Transcribed Text-—————

We are a multi cloud governance platform. Today, the focus is going to be compliance. We are going to talk about cloud compliance at scale. And as I said, I'm so privileged to be going at this time because a lot of the stage has been already established as to why do we need, what do we need and what are the different things that hyperscales are already doing.  Agenda will briefly talk about the challenges, probably most all of you have heard this multiple times. Analysts have said it again and again and enterprise users are already feeling it.

We'll talk about it, how to overcome it in a one, two, three steps.

What is CoreStack's AC3 framework? And we talk about talk about enterprise cloud compliance. And how do we integrate? How do you go to the AWS marketplace and how do you actually leverage the power of AWS marketplace and CoreStack together?

So with that, as we are hearing, talking, there are more and more workloads, critical business workloads for the cloud, which is great. The cloud compliance requirements are rigorous, more nebulous, but what is happening is there are insufficient ways to manage that there's still lot if it that is manual. These are all compliance we are talking about. It could be industry-based compliance, could be compliance of your company, could be compliance pertaining to your work within the company. This lack of comprehensive visibility around resources, whether you are talking about security, cost, compliance, access – all of these attributes are at the heart, as are resources.

So how are the resources creating the challenges for teams. in terms of inadequate access, no real postures – because there's so much of dynamism in cloud. So, the very fact that we adopt or we are embracing the cloud adoption is actually creating the challenges of the future.

But the way we look at it is that our opportunity to help the customer, work with hyperscalers such as AWS – and make it so that customers feel confident, to not only just start their cloud journey, but really go with the confidence to adopt quicker, faster more workloads.

This challenge is, you know, I always like it. Can I solve the problem? People talk about challenges. People talk about issues. Maybe today's, tomorrow's. But what do we give to the customer today?

Problem solved in literally three steps – on cloud accounts. And this is so I am sure most enterprises dream. Can I just add one word on my account and, you know, just set my guardrails or my guidelines and I just sit back, relax and use it continuously, assessing what I have said before, even though in the future there are new resources being consumed under that account, or can it still adhere to the framework that has been established? And can I get my proactive or reactive measures done? Yes, you can do that CoreStack has a product called Enterprise Cloud Compliance. It is set with a unique framework that we have created called AC3, which is Abstracted Cloud Compliance Controls, and currently we are multi cloud. So, we support you AWS, Azure and Google Cloud. And I just dive a little bit deeper into what it means. We look at four pillars, the first one being compliance assessment and posture management.

Compliance assessment and posture management – What does it mean? There are so many different policies, so many different compliance, industry compliance standards. So, what we have done at CoreStack we have built and we are continuously going to build this compliance tiles or compliance postures. Compliance buckets be it be CIS, AWS, FedRAMP Well Architected Framework, so these are the bucketed compliance tiles, set it up for each and every account once,  once and it will continue to assess all your resources that are consumed under that – assess once cover multiple standards or assessed continuously however you want to do it – support various standards and regulations such as FedRAMP, NIST,CIS, WAF, HIPAA – Automate Compliance Assessment.

You can automate, schedule it, add custom controls. And, when you when you look at our product and you will see that I have support for certain departments or company. I want to adhere to a compliance standard called FedRAMP moderate. But I also want to add additional controls because, you know, a developer team or a tenant needs additional compliance standards being added to FedRAMP. Can I, do it? Absolutely. So, you can create your own controls and add it to the bucket. If I go back to the next pillar, which is we call it Security and Posture Management.

Sometimes we both talk at an upper level as an umbrella of security becomes subset. We look at they are very much required for. Right. So, the way we look at security posture is Security postures and insights. We integrate with hyperscalers like Native Inspector is a fantastic tool. And I will show you a little bit that how do we further enhance the value for the enterprise customers to consume it, AWS Inspectors or the similar services that AWS has for faster, sooner and at a greater depth? Security violations are being shown, incidents from cloud native services, security policy violations, vulnerability, and this is continuously going on. It is in an automated mode. People do not have to do it. You just wire it once and it just does it magic all the time. We also integrate with a third-party configuration system like Nessus and pull data from there. The DevOps to SecOps, we manage the entire workflow through CoreStack.

The next is within the next pillar called Inventory, you can have a quick view of your dynamically all the inventories that you are consuming under those accounts. And because we are Multi-Cloud, one single pane for AWS, Azure and GCP, and monitor and view all your compliances and postures at the resource level. Most of the HyperScalers do a fantastic job and in developing new services faster, quicker. We take that and amplify further for our customers. Our enterprise customers use them down to the granularity. And, your resource becomes at the bottom level.

The fourth pillar is Access. We have all heard awful examples, but I would highlight breach of security breaches. Capital One, again, sad it happened, but it happened. And, you know, there are vulnerability and security hacks. We, as we speak, I am sure are happening. A lot of them are attributed to how are you managing your accesses? Do we have the visibility around your access to those resources? With CoreStack, you further with the hyperscaler such as AWS as a fantastic feature they have built. We further wire it up for the enterprise customer that we can extend to them. So, you bring it down, user accessibility and audit for your IM best practices. Access utilization, user activity report. You want to make sure are we really the users who have given we have been given access to certain resources? Are they really using it? Do we need it in this now?

The hidden benefit is also cost. You can optimize cost because you know how the users ask for this, but they are not using it. The resources are underutilized or just sitting idle or maybe orphaned. So, at the heart again is resources where all this attribute can a wonderful, base if you are able to manage and govern them effectively. Again, access violation, unauthorized access, again, I will bring it up, Capital One is a sad, but apt example here how certain things can be avoided. And CoreStack does that for enterprise customers. Now, how we do it, I will just quickly dive into this. So, this is our converged policy framework we have all these different compliance standards. There are abstracted at the control level that are compliance controls and they are mapped to various policies, and here we have the policy execution engine.

That, CoreStack, has created you can schedule some of this to run or they are also event based and you can do both. And what it means is you can proactively or reactively act on the events. So, either you want to be just alerted or you do not want certain behavior to happen at all. You can do both. And that's where, CoreStack comes into the picture. And through our converged policy framework, our enterprises can set the guardrails that are apt.

A real quick example of how we help foster consumption of AWS services is about AWS Inspector lets the compliance or security. So, while AWS Inspector does a phenomenal job and some of the speakers did highlight and most of you might be using it, but what CoreStack does is further automate the assessment configuration at the instance level.

CoreStack vulnerability analytics provides a consolidated view of vulnerability across the various resources and provides insights on the vulnerability. CoreStack Governance Assessment identifies the resources that are not configured right through the AWS Inspector – so now we have gone beyond that and we've kind of pulled together. But because we are a multi-cloud governance platform and we go beyond just the compliance, there are many other services that we integrate with to give better value to our end customer.

A quick case study – Examity, it's one of the world's leading online proctoring solutions and with the pandemic – unfortunate it is most of the universities are going online or a lot of interviews conducted online and Examity saw a huge uptick in their demand in terms of their solution. And they are AWS customers – cost went up for them pretty fast. And the lack of cloud visibility was a big challenge for them – and insufficient security – because all of these things were happening together very fast for them. But it was good for the business, but they were clearly looking for some help. This is where CoreStack came in help along with the partner – AWS – and we created a solution was that a single pane of glass through the entire resources in a key operational matrix. And there were various resources. And with that, one of the biggest outcomes for them, which actually helped further their confidence was the cost impact the saw. The costs were going up and they were kind of thinking, hey, should we be moving? And because of the CoreStack's autonomous governance, they were able to optimize their cost where they were spending and hence there actually give them the confidence of percent reduction of cost, give them the confidence to move more of their workloads from on-premise to cloud.

And the cloud security was also at heart because, you know, you are talking about the sensitive data, students, employees, future employees. With CoreStack, we were able to give them that confidence as well. So, AWS and CoreStack were together fantastically here to create this great case study for Examity, where they were not able to move to cloud quicker, faster, but move with confidence and conduct more interviews conducted more securely and efficiently. I want to go online to show but here is how you can go to AWS marketplace. And if I have time after my because I want to finish the presentation and I will show you what just a snapshot of AWS marketplace. And then if you search for compliance or maybe cloud governance, you will see CoreStack right there and maybe just go click on the CoreStack and then you have a free trial as well.

You're welcome to try that out. And, you know, experience of you can gain values such as an Examity and, you know, many of our other plus customers are seeing day in, day out. If I were to summarize ECC being Enterprise Cloud Compliance Assess once and get posture for multiple standard service level compliance posture across standards. Provide data for one standard to another to achieve compliance 3x faster I will say that we are multi-cloud, so we are able to see that across all the three clouds, or if you have more than one cloud and reduce compliance costs. Some of the costs would be immediate, but some of them are hidden, such as Capital One such as loss in customer loyalty.

There are even penalties that you can avoid all this upfront. You can do this through CoreStack and working with hyperscalers, some of our customers where we have delivered and that's our confidence number. Bring down the cost as low as 50% bring in the operational efficiencies up to 40%, compliance 100% because it's an autonomous continuous AI-powered cloud governance platform which offers cloud compliance in a similar way and really reducing down to your cost of cloud certification just a few recognitions and partnerships – we have been highlighted by Gartner multiple times. It's a young company. When I say young, it's about four or five years old. And we're working with the biggest technology partners such as AWS to of build and amplify the cloud services for the enterprise customers thank you and I appreciate you giving us an opportunity to speak to you and hear me out.

 

You May Also Like…

CoreStack Expands Leadership with Appointment of Raj Raghavan as Chief Human Resources Officer

X
Share This