Share this article on:
At the 17th annual VMworld conference CloudHealth announced new Secure State capabilities and updates to help its customers manage cloud security risks more effectively and integrate cybersecurity into their business strategy.
Cloud infrastructure misconfigurations are the leading cause of cloud data breaches and they are commonplace. One recent study revealed 80% of organizations have experienced at least one cloud data breach in the past 18 months, and most were caused by cloud misconfigurations. CloudHealth Secure State was introduced in 2019 to help companies better manage cloud security and compliance risks and prevent and detect misconfigurations.
After speaking with customers and prospects, it was clear than there are several areas where improvements need to be made to address risks to improve their security posture. One of the main problem areas was a lack of visibility and control of newly introduced cloud services and cloud providers.
Education and accountability of developer teams was also an issue. While best practices can be developed by central security and operations teams, it is another matter to ensure that those best practices are followed by developers. Developers need to have an easy way to benchmark security and must learn how to identify risks and how to fix security issues.
When security violations are identified, organizations need to address the issues quickly, but 92% of organizations say their cloud security programs lag behind the business in terms of cloud maturity. Security teams need auto-remediation capabilities to fix security issues quickly and efficiently across their cloud environments.
CloudHealth took the feedback on board and developed enhancements and new features to address these customer needs. CloudHealth Secure State already provided intelligent real-time insights into resource misconfigurations in AWS and Azure environments. The capabilities have now been extended to Google Cloud, providing near real-time identification of resource changes and misconfigurations. CIS Benchmark can be used to assess services such as compute, network, and storage and the Findings API helps developers proactively detect security violations during development through CI/CD integration.
Support has been added for more than 20 new AWS and Azure services, including Kubernetes, Lambda, Elasticsearch, and Elasticache. Users can search inventory, visualize resource relationships, track changes, and build custom security rules and actions for each new supported service, as well as detect misconfigurations based on pre-defined security best practices.
To improve collaboration between security and developer teams, CloudHealth has announced the general availability of the Projects functionality. Projects allows security administrators to create groups of multiple public cloud accounts and provide account owners with security visibility through role-based access controls. Security teams can define baseline security and compliance controls across all projects, with the responsibility for monitoring security violations delegated to respective service owners.
CloudHealth Secure State now includes Custom Compliance Frameworks, allowing security teams to enhance existing security standards by adding custom rules to plug security gaps. CloudHealth Secure State includes a flexible remediation framework to help cloud teams automate security actions in AWS environments, without elevating account write privileges to the SaaS monitoring service. That functionality has now been extended to Azure environments.
CloudHealth also announced that Secure State remediation jobs for AWS and Azure are now open sourced. All users are encouraged to engage and contribute new jobs so they can help each other resolve findings faster. As new jobs are submitted to GitHub, they are tested and verified by the CloudHealth product team so users can confidently embrace jobs that their peers are automating.