Cloud Continuous Compliance Framework

element_lrguircle

The challenge

The development and implementation of a consistent approach to CyberSecurity in public cloud can be complex and difficult to deliver. ​

Your cloud environments are highly dynamic and security testing is not a one-time activity.  In these environments you need to have the right tooling in place, or there are multiple risks and issues you may encounter.

  • Lack of confidence in the security of your infrastructure
  • Lack of consistency of configuration or services
  • Departure from the approved security posture for the organisation
  • Lack of dynamic, real-time visibility of risks and compliance breaks

We recognise that many organisations have begun or are even well on their way to completing their cloud journey. But even once you have migrated, security must be an ongoing, evolving endeavour that scales with your cloud estate and organisation.

How we can help

AirWalk’s Continuous Compliance Framework (CCF) is a comprehensive, automated approach to delivering ongoing, dynamic management of your cloud estate, achieving compliance and ensuring ongoing compliance through visbility and active management of security and compliance risks.

CCF provides a way to codify compliance policies in code and automatically trigger the policies continuously based on events.

We have built upon a number of services provided natively by Cloud Service Providers (specifically AWS and Microsoft Azure), to provide an ‘out of the box’ solution that protects your critical services and applications from major security risks.

CCF is built upon and extends a number of Cloud Service Provider’s native security services, providing many out of the box controls to protect your critical services and applications from major security risks.

AirWalk's CCF Control Categories

Detective Controls
Process events in near real time, providing actionable alerts on compliance status
Preventative controls
Ensure permissions, roles and Service Control policies are aligned across all accounts and services
Corrective Controls
Remediate high risk events as they happen, without stifling development
Exemptions
Provide risk and use case-based exemptions to core controls