A secure environment starts with policies and controls
Always be one step ahead of malicious actors – and uncover risks in your environment before they become problems. Proactive policies and controls that continuously monitor for vulnerabilities help you know when to take action.
CloudHealth Technologies uses a SOC for Service Organizations report, designed by a CPA to build trust and confidence in our service delivery and controls over information and data.
DISCOVER AREAS OF RISK EXPOSURE
CloudHealth identifies and alerts on technical, operational, and financial risk. Technical risks range from open ports to sensitive data that’s unencrypted. Operational risks are process-oriented, such as if you have too many permissions or if password policies are ignored. Financial risk is a different animal: going over budget, for example, or unexpected cost spikes in a business group. Across all three areas of risk, you receive notifications of an infraction, along with recommended actions. Using reports such as the Health Check Pulse, you quickly get a 360 degree view into your security posture.
PROACTIVELY ANALYZE SECURITY OPERATIONS
Without proper access controls and identity management, users can introduce security flaws. CloudHealth offers a rich set of customizable policies with alerts for common identity and access management (IAM) errors, with a focus on identifying misconfigured users. Beyond access control, CloudHealth enables you to set policies to monitor for network security, data security, and application security gaps. The platform also includes support for audit trails and role based access control.
LEVERAGE SECURITY BEST PRACTICES AND GET RECOMMENDATIONS
Continuously monitor your environment for security gaps. Receive alerts and remediation recommendations. The CloudHealth Security Policies for AWS and accompanying Security Violation report let you tune alerts and policies by business grouping and severity to decide what to include and how to be notified. Track both leading indicators of an issue (misconfigured users, vulnerable accounts, or inactive users) and lagging indicators that may be a sign of a breach (suspicious provisioning activity or changes to root accounts or security groups). With each policy, CloudHealth recommends an action to remediate the issue, along with best practices documentation.
GAIN ADDITIONAL INSIGHT WITH INTEGRATIONS
In addition to collecting and analyzing security data directly from your infrastructure, CloudHealth integrates with other security and risk management tools to assist with root cause analysis and incident identification. By integrating with Amazon’s CloudTrail, CloudHealth collects, processes and provides critical security and cost audit events that are useful for both reporting and problem isolation. Examples include instances that were shut down within a specific time window, or security group changes made by a specific user on a given day.
In addition, CloudHealth partners with Alert Logic, the leader in cloud security and compliance solutions, to integrate incident alerts into the CloudHealth platform. Together, Alert Logic and CloudHealth protect sensitive data by identifying suspicious activity, obtaining context around security incidents and vulnerabilities, and providing incident validation and remediation steps.
A COMPREHENSIVE SECURITY OPERATIONS STRATEGY
Set up guardrails, so you can manage by exception. CloudHealth sends alerts and notifications for non-compliant policies and assets, so you are always one step ahead of security issues.