company-logo company-logo-mini

Northfield Case Study: Compliance Across a Multi-Cloud Setup

Discover how Cloudaware helped Northfield to gain visibility and compliance across multi-cloud environments

Challenges

As the organization expanded across AWS, Google Cloud, vCenter, on-prem servers, and Kubernetes, it became increasingly difficult to maintain a unified view of all infrastructure assets, configurations, and compliance statuses. Security and compliance teams were managing diverse environments with a mix of ephemeral and persistent workloads.
Additionally, the need to enforce multiple security frameworks, such as NIST and CIS, across different platforms added complexity.
The main challenges were:

  • Difficulty maintaining a centralized, real-time inventory of resources across multi-cloud and hybrid environments
  • Gaps in compliance reporting and aligning with internal audit requirements and external frameworks, especially NIST and CIS
  • Lack of automation for remediating compliance violations across multiple environments
  • Manual and time-consuming processes for compiling audit evidence, leading to delays in audits and increased effort
  • Difficulty in enforcing and tracking custom security controls, such as ensuring “All apps must have observability”

Solution

Cloudaware’s Compliance Engine and CMDB were leveraged to address these challenges across the client’s multi-cloud and hybrid infrastructure.

1. Integration Across AWS, Google Cloud, vCenter, Kubernetes, and On-Prem Servers

Cloudaware’s CMDB integrated data from AWS Organizations, Google Cloud, vCenter environments, Kubernetes clusters, and on-prem servers into a centralized system.
The Compliance Engine evaluated assets across all these environments using policies and frameworks mapped to industry standards such as NIST, CIS, and ISO.

2. Palo Alto Firewall Configuration Compliance

One of the client’s primary concerns was ensuring their Palo Alto firewall configurations were checked against security standards.
With Cloudaware’s custom policy framework, the client was able to define a policy that required all firewalls, including Palo Alto, to meet strict default deny settings and other configuration standards.
Cloudaware’s multi-object evaluation feature allowed policies to span across different systems, ensuring that firewall configurations were properly assessed alongside related cloud configurations and security groups.

3. NIST Framework Evaluation for On-Prem Environments

The client needed to evaluate compliance with the NIST framework across their on-prem environments, including legacy infrastructure.
Cloudaware’s Unified Compliance Framework (UCF) was used to map the NIST controls to specific policies. The engine continuously evaluated the on-prem environment for control assertions, ensuring that security standards were met. Cloudaware’s policy logic included multi-stage checks, where it evaluated relationships across systems (e.g., server configurations, network setups, and user access controls) to provide a holistic compliance posture.

4. Custom Controls and Policies

The client also needed to create custom controls (e.g., “All apps must have observability”) that were unique to their specific business needs.
Cloudaware’s custom policy capabilities allowed the client to write policies that were mapped to these custom controls. For example, they created a custom policy to ensure that all applications deployed across their environments had appropriate observability tooling (e.g., monitoring, logging, etc.).
These custom controls were mapped to Cloudaware’s policy engine using extracts from the CMDB and evaluated continuously across the infrastructure.

5. Kubernetes Evaluation - CIS Policies for Native Kubernetes Clusters

The client deployed native Kubernetes clusters as part of their containerized environment and needed compliance checks to ensure these clusters adhered to CIS benchmarks.
Cloudaware delivered CIS policies specifically tailored for Kubernetes clusters, ensuring that security configurations and best practices were enforced across their containerized workloads.
These CIS policies were mapped directly to the Compliance Engine, allowing the client to validate Kubernetes configurations alongside other infrastructure components, ensuring a unified approach to security and compliance management.

6. Aggregation and Continuous Evaluation

Cloudaware’s CMDB aggregated data from AWS, Google Cloud, VMware, Kubernetes, and on-prem servers. It ensured that all security findings, policy violations, and compliance gaps were visible through an intuitive dashboard.
Daily checks were run automatically to ensure that the client’s infrastructure met the required security standards, including compliance with the NIST framework and firewall security configurations.
Cloudaware’s undetermined state was particularly useful in cases where partial access to certain resources (e.g., revoked IAM permissions) meant that the system could not fully assess certain objects. This feature ensured that no false positives were generated, and that the client’s security posture remained trustworthy.

7. UCF Mappings of Policies

Cloudaware integrated a unified policy framework (UCF) that mapped security and compliance policies across multiple standards, including NIST, CIS, PCI, SOC 2, and custom organizational policies.
This framework ensured that Cloudaware’s policies could be directly mapped to relevant frameworks and controls, enabling seamless policy compliance checks and mapping.

8. Jira Integration for Automated Issue Management

  • Automated Jira Issue Creation: Compliance violations were automatically linked to actionable tasks, with clear ownership assigned to the right teams, eliminating manual intervention and delays.
  • CI Data Enrichment: Violations were grouped and enriched with Configuration Item (CI) data from the CMDB, providing full context for faster resolution.
  • Streamlined Issue Routing: Jira issues were automatically routed to the appropriate teams based on predefined rules, accelerating remediation and improving issue resolution.

Results

  • Comprehensive Coverage: The Cloudaware Compliance Engine provided seamless coverage across the client's multi-cloud and hybrid environments. By continuously assessing AWS, Google Cloud, Kubernetes, vCenter, and on-prem systems, the engine provided a single source of truth for the client's security posture.
  • Security Assurance Across the Entire Stack: Cloudaware’s policy engine helped the client ensure that Palo Alto firewall configurations were compliant with required standards, while also evaluating NIST controls, Kubernetes configurations, and custom policies tailored to their business needs.
  • Enhanced Flexibility and Customization: The ability to write custom policies that mapped to specific business requirements allowed the client to enforce strict security standards while integrating seamlessly into their security programs.
  • Regulatory Confidence: By leveraging Cloudaware’s automated compliance checks, the client was able to demonstrate real-time security compliance to internal and external stakeholders, building greater confidence in their security processes.

Conclusion

Cloudaware’s CMDB and Compliance Engine provided a powerful solution to the organization that was looking to automate and continuously monitor their security posture across multi-cloud, hybrid, and on-prem environments.
By integrating with AWS, Google Cloud, VMware, Kubernetes, and on-prem servers, Cloudaware enabled the organization to confidently implement custom policies, industry frameworks like NIST, and security checks for network configurations such as Palo Alto firewalls and Kubernetes clusters.
This flexibility, coupled with continuous evaluation and powerful remediation workflows, positions Cloudaware a preferred tool to achieve comprehensive and customizable security management.

If your organization faces similar issues, contact us to learn how Cloudaware can streamline processes and enhance security.

Ready to
get started?