Article Index

WHAT COULD GO WRONG?

Gartner’s Strategic Planning Assumption, “Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

The mismanagement of recommended configuration is both in and beyond our locus of control, however, cloud breaches impact everyone’s brand.  Laws put increasing responsibility for all consumers of the cloud to increase accountable oversight to their providers of cloud services, i.e dependency responsibilities

  • Reputation is a new target for cyber attacks
  • Criminals value our information  – financial, health, critical infrastructure
  • Cyber risk is challenging to understand and address, increased regulation imposed
  • The changing pace of technology increases unknown dependency on third parties and shadow IT
  • We cannot trace or control our data – data exfiltration occurs
  • The role of government and information custody is often misunderstood

How an Elastic Security Compliance Platform Can help

COMPLIANCE IN ANY ENVIRONMENT

  • Cloud Native platform supporting 12-factor patterns (things like port binding, logs, concurrency…)
  • A “hyperplane” of integrated “risk assessment” amongst segmented vulnerability domains-
  • Works with Private, Hybrid, and Public Clouds
  • Support AWS, Azure, GCP (Google Cloud Platform)
  • Manages thousands of out-of-box policies, well curated and certified (SCAP, XCCDF, OVAL)
  • Supports current compliance authority (PCI DSS, HIPAA, NIST, SOC 2, FedRamp, CIS Benchmark, DISA, CIS CSC, CSF)
  • Is CIS Certified security content (Multiple OS, Docker, AWS Cloud)
  • Complies with DISA standards in all aspects of delivery and reported results

CYBER READY

  • Know the critical assets and who’s responsible for them
  • Get everyone involved in cyber-resilience
  • Assure they have the knowledge and autonomy to make good decisions
  • Be prepared for both unsuccessful AND successful attack
  • Prevent a cloud-enabled cyber-attack from throwing your organization into complete chaos.

 All things being equal, cloud service environments put tremendous control in the hands of the consumer.  This can make for a very bad cloud.

Consumer Controls Itbad cloud

Cavirin offers industry-leading Automated Assessment & Reporting (AAR); Automated Risk Analysis Platform (ARAP) and Compliance as a Service. ARAP together with AAR offers continuous risk visibility through scanning of a corporate network, signaling issues and automatically discovering new IT assets. Effective auto discovery in On-Premise, Cloud, and containerized infrastructures is the cornerstone of asset risk assessment. The auto – asset discovery ensures round the clock analysis, risk identification and reporting, greatly reducing the need for additional manned resources. Cavirin’s ARAP, AAR augments the standard GRC tool by replacing the manual and tedious process of information security baselines and through automated industry expert qualified interpretation and remediation guidance. Cavirin’s solution ties out the gap between written corporate policy and the configuration necessary to prove system policy alignment. 

SERVICE LEVEL FACTORS CONTROLLED VIA CAVIRIN ARAP AND AAR - BETTER CLOUD

Service Level factors controlled via Cavirin

INFORMATION FACTORS CONTROLLED VIA CAVIRIN ARAP AND AAR - AND EVEN BETTER CLOUD

IaaS areas controlled via Cavirin

SOFTWARE AS A SERVICE FACTORS CONTROLLED VIA CAVIRIN ARAP AND AAR - NOT SO BAD CLOUD

SaaS areas controlled via Cavirin

PLATFORM AND INFRASTRUCTURE AS A SERVICE FACTORS CONTROLLED VIA CAVIRIN ARAP AND AAR - ACTUALLY, PRETTY GOOD CLOUD

Platform and Infrastructure areas controlled by Cavirin