Lion Air Data Breach! Another Misconfigured S3 Bucket According to Dark Reading, Lion Air’s breach resulted when files containing the Indonesian airlines’ passenger names, passport numbers, birth dates, home addresses, and other data — was left openly accessible in an…
Ecuador’s Population Exposed in Data Breach We’ve seen a multitude of company data breaches this year, and a lot of those as a result of an exposed Elastic Search Server, but an entire population being exposed, especially pertaining to children, is…
Compliance is Only the Tip of the Cloud Security Iceberg
By David Den Bleyker
We’ve all seen beautiful pictures of icebergs. We also know that 7/8ths of the iceberg is below the surface – hidden danger.
This is a lot like many conversations I’ve had over the past few months about compliance and security. Many people and companies believe that if they are in compliance with the relative regulations for their industry, they will also be secure. This couldn’t be further from the truth.
Think of compliance as the 1/8th of the iceberg you can see. Security and governance are the other 7/8ths you are unable to see. HIPAA, PCI DSS, GDPR, SOC 2, NIST, NIST 800-53, ISO 27001, FedRAMP CCM 3.0.1 CIS for (GCP, AWS, Kubernetes, Microsoft Azure) CSA Cloud Controls are just some of the regulations your company is subject to.
What about the next one that is still emerging from the regulatory ooze?
Most companies are lacking the holistic or circular solution to their security, compliance and governance issues. A solutions should 1) Harvest the current cloud configuration, 2) Unify the multi-cloud configuration data into a standardized model, 3) Analyze the unified data and identify changes in the cloud infrastructure that represent security, compliance or governance issues, 4) Take action: automated remediation and or notification and recording the event and resolution.
This may seem like a distant dream, but it isn’t. DivvyCloud had delivered continuous cloud compliance to a broad section of enterprise clients: 3M, GE, AutoDesk, Fannie Mae, Twilio and Pizza Hut. We have many more that we can discuss under NDA. Why NDA? These clients have found DivvyCloud to part of their strategic competitive advantage.
Are you ready to achieve continuous Security, Compliance and Governance in your Clouds today? Speak with a DivvyCloud expert today!
Watch DivvyCloud’s 60-second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.
DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.
The post Compliance is Only the Tip of the Cloud Security Iceberg appeared first on DivvyCloud.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by David Mundy. Read the original post at: https://divvycloud.com/blog/compliance-tip-of-the-cloud-security-iceberg/