Cloud security compliance challenges
As cyber threats grow in frequency and in complexity, enterprises are under constant pressure to ensure their cloud-based workloads and containers are in compliance with regulations like PCI DSS, HIPAA, SOC2, and SOX. But maintaining continuous visibility into the compliance postures of servers, workloads and containers in modern cloud environments is a significant challenge. Traditional security and compliance tools do not function well in agile environments because they are not built to handle rapid scaling, cloud-based ephemeral workloads, and consumption-based pricing models. Legacy tools are unable to keep pace, leaving significant gaps in coverage.
Specifically problems can include:
Traditional controls do not operate continuously, which means they can completely miss seeing ephemeral workloads that spin up and down rapidly in the cloud.
To get high-quality detections, network scanners require that credential-based authenticated scanning be performed on endpoints. But managing credentials is a laborious effort when systems are constantly changing.
Traditional host-based security products and log management products are slow to deploy, causing security to be a bottleneck.
Halo consolidates your traditional compliance controls into a single platform
Halo provides within a single platform several different types of controls that are typically needed to comply with regulations like PCI DSS, HIPAA, SOC2, and SOX:
- Software Vulnerability Assessment (SVA)
- Configuration Security Monitoring (CSM))
- Server Account Monitoring (SAM)
- File Integrity Monitoring (FIM)
- Log-based Intrusion Detection (LIDS)
HIPAA (Health Insurance Portability and Accountability Act) is legislation that requires data privacy and security provisions for organizations to safeguard any medical information. Halo allows for HIPAA compliance through automated policy implementation.
The Service Organization Control (SOC) reporting framework for SOC 2, Type 2, is designed for technology and cloud computing organizations, and CloudPassage has been audited against it. The SOC 2 report – which concentrates on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system – is available to customers to meet a wide range of US and international auditing requirements.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards. As overseen by the PCI Standards Council (SSC), CloudPassage places stringent controls around cardholder data as both a service provider and merchant.