Compliance Engine has a rich library of compliance policies and industry benchmarks to select from for checking security, reliability, performance, efficiency and optimizing spendings. Compliance Engine leverages CMDB to evaluate all infrastructure resources across all clouds, meaning that evaluation is ran against CMDB data not against the cloud inventory. With minimal API calls to the cloud provider, API throttling issues and cost overhead are eliminated.
Quick policy deployment helps to assess the security posture just in few hours in Compliance Engine. Results of policy runs are available right in CMDB.
Our compliance methodology states that every violation must either be resolved or exempted. Violations cannot be ignored. Define rules to trigger incidents for new violations in your ticketing system. Use workflows to route and escalate tickets to responsible teams or users. Compliance Engine provides remediation tips to resolve issues quicker. Request and approve exemptions to get rid of unnecessary violations noise. Automate the whole process: once a vulnerability is fixed, the related ticket is closed.
Compliance is based upon complying with certain authority documents, that is statutes, regulations, directives, principles, standards, guidelines, best practices, policies, and procedures. Cloudaware relies on the Unified Compliance Framework (UCF) to assist enterprises in alignment with commonly accepted compliance controls. Customers address Cloudaware Compliance Status Dashboard that cross-references more than 900 UCF authority documents to define what particular standards and articles specific to their industry they need to comply with.
Security teams are overloaded by violations due to rapid cloud adoption and increasing security misconfigurations. Some violations are actually legitimate deviations from the accepted usage. For example, there may be storage buckets that should be publicly accessible since they host websites available from outside the organization. Mixing acceptable deviations and actual compliance violations creates an operational pattern where some violations may be ignored for an extended period of time. Therefore, SecOps teams require a workflow process to exempt acceptable deviations so that true violations are never ignored. Using Cloudaware CMDB workflows, SecOps and business stakeholders can create a new security governance culture when all violations are either remediated or exempted.
Using compliance boundaries, Cloudaware can assess controls specific to the risk profile and regulatory requirements of each business application. This allows risk management and TVM teams to create remediation plans aligned with business service level agreements and priorities. DevOps teams can leverage IaC templates and compliance boundaries by deploying applications into environments that meet the required security controls from inception.
Users can request Cloudaware support to deliver any custom Compliance Engine policy in 48 hours or less. Additionally, users can develop their own policies using open programming language based on Java.
Compliance Engine routes and escalates violations to specific teams and individuals. Using tags and other data from CMDB, Compliance Engine will identify security and compliance contacts for every configuration item involved in a violation. Assigning remediation tasks to the most appropriate team is the first step in pursuing an expedited resolution. Using violation routing feature, SecDevOps teams can reduce their workloads by automatically forwarding remediation requests directly to the account and application owners.
Compliance Engine supports advanced remediation automation processes to handle repetitive violations. Cloudaware provides a CloudFormation template with permissions required to run a workflow invoking a Lambda function once a violation is triggered. Auto-remediation workflows allow customers to improve violation trends and optimize overall compliance significantly.
Compliance Engine creates violations in external ticketing systems, such as Jira, ServiceNow CMDB, Rally, etc. Customers can use violation routing logic to assign tickets to specific teams or individuals. Cloudaware will also update external tickets when violations are remediated or need to be escalated. SecDevOps teams will customize templates for external tickets to include additional remediation instructions and escalation procedures.