Businesses have benefited from the use of cloud services and cloud-based applications, which has led to unprecedented levels of productivity and flexibility. However, these technologies can expose enterprises to a higher risk of cybersecurity attacks, including data breaches, as they are easily accessible over the internet and can be used by anyone. Despite instruction and everyone's best efforts, security problems emerge, and vulnerabilities persist, endangering critical data. Business, Risk, and IT Leaders are having to address
- Misconfigured cloud infrastructure can expose vast volumes of sensitive data, causing data breaches that can result in legal liabilities and financial losses.
- Continuous compliance is difficult to achieve for cloud workloads and apps using conventional on-premises technologies and methods.
- Implementing cloud governance presents several challenges (visibility, authorization, policy enforcement across business divisions, ignorance of cloud security controls), which aggravates the organization's growing cloud usage.
Our Cloud Security Posture Management (CSPM) solution empowers you to address misconfigurations and compliance risks in your cloud fleet through security assessments and continuous compliance monitoring. For more information on our cloud security solution, refer to the following video link.
InSpec, one of the engines that power our CSPM solution, has released new features that can be leveraged to make cloud security posture management more efficient. InSpec is our DevSecOps framework for testing and auditing your applications and infrastructure. It checks the configuration state of resources in virtual machines and containers, on cloud providers such as GCP, AWS, and Azure. InSpec enables you to
- Express compliance policies as code
- Assess your applications’ compliance with security policies before pushing changes to build and release pipelines
- Automate compliance verification in your CI/CD pipelines
- Unify compliance assessments across multiple cloud providers as well as on-premises environments
InSpec parallel mode and InSpec suggest are a couple of the new features that can be used for CSPM. We will discuss each of the features and how they help you effectively secure your cloud infrastructure.
Enabling parallelism in CSPM
All you need to do is create an option file with the list of nodes and the profiles to be run against them. An example options file is given below.
The real-time status
of audit checks is also provided during execution.
Parallel mode enables you to
- Monitor all your cloud accounts parallelly across multiple clouds
- Scan millions of resources (like s3 buckets, firewalls, access keys, etc.) in real-time
- Make real-time decisions on deploying or dropping containers images
- Understand the state of the security posture of network connections in your environment
Identify the right compliance benchmarks
For example, you can see the results for InSpec Suggest on a virtual machine below. InSpec has run through the applications, databases, and services on the virtual machine to recommend a list of 5 profiles to be run for auditing the node.
Summary
Our CSPM solution offers you the ability to ensure your cloud accounts across multiple clouds are compliant with compliance benchmarks or your internal security benchmarks. The new features furthermore ensure scaling and ease-of-use of our solution.
Find out more about Chef Cloud and Container Security by visiting our various resources:
- Chef Cloud Security
- Cloud Security Posture Management
- Chef Cloud Security Product Mega Launch
- Chef and Docker
- Chef and Kubernetes
- Chef Premium Content
To learn more about securing your Cloud and Container environment, contact us today!