Cloud is complex and dynamic – resources are added, reconfigured or deleted to meet the changing demand of workloads. Delivering cloud compliance requires specialized skills. It is hard to keep pace with changing regulations while continuously ensuring that resources are in compliance. In this blog Sri Santhanam – Sr. Product Manager at MontyCloud, explains how you can simplify through automation. All you have to do is connect your AWS account to MontyCloud DAY2 Discovery & Classification. DAY2 discovers all your AWS resources, continuously monitors changes and validates compliance relative to AWS recommended best practices. You can also go a step further to configure rules and autonomously remediate compliance violations.
– Sabrinath S. Rao
“Cloud compliance and governance’s biggest challenge is keeping up with emerging Industry compliance regulations and skill expertise to tackle the exponentially growing sophisticated cyber-threats. Beyond addressing and fixing the threats, failing to continuously adhere to these regulations can lead to failed audit requirements, legal action, and severe damage to an organization’s reputation. This is not alleviated by any means with the evolving skill gap in cross-functional teams to keep up with AWS higher order services such as AWS Config, Conformance Packs, AWS SSM Inventory, State Manager.”
– Cloud Complexity Management Survey by Deloitte Consulting LLP
DAY2 Compliance Bot Helps Field Service Management Leader Achieve Continuous Cloud Compliance
A fortune global CRM platform company that we worked with was struggling with continuous assessments and governance of their cloud resources & application state configurations. They were stuck with repetitive manual operations across tens of policies in 1,000s of resources across ~13 accounts & regions. Also due to lack of remediation, notification and approval workflows for mission critical resources, there were extensive delays in collaboration and response time to compliance violations. With DAY2 Compliance Bot we solved their cloud complexity and compliance challenges in just few minutes instead of weeks of lead time. Our customer is now setup for continuous cloud compliance and governance across their entire cloud footprint with automated remediation and approval actions, within their existing ChatOps channel in Slack, for effective collaboration within their cross-functional teams.
Using DAY2 Compliance Bot you can:
You will need an active DAY2 account and a connected AWS account. Administrators can activate DAY2 Compliance Bot via DAY2 Bots management Admin menu.
You can readily use the built-in compliance policies and attach them to any of the business context such as departments, accounts, and regions.
DAY2 recommends using the built-in policies to achieve continuous cloud compliance with industry approved standards such as NIST 800 171, NYDFS 23, PCI DSS 3.2.1, NERC CIP, NBC TRMG, HIPAA security, FFIEC etc. With built-in policies you also get AWS compliance best practices across 30+ AWS services such IAM, API Gateway, EC2, RDS, S3, CloudWatch, Sagemaker etc. You can also customize the policies according to your business needs.
With DAY2 Compliance Bot, you can configure & receive notifications and alerts based on the compliance status of the policies in your existing chatops channels in Slack.
The DAY2 Compliance Bot has now been activated successfully in just few clicks.
Once activated DAY2 Compliance Bot ensures continuous compliance monitoring across all the cloud resources and surfaces extensive insights for the selected scopes.
A centralized compliance view of your cloud footprint can be visualized in the Insights dashboard. The summary charts and customizable filters such as departments, applications, accounts, regions, and resource types enable the users to visualize and focus on the right issues to respond in a timely manner.
An application centric resource compliance can also be visualized via our apps Insights dashboard.
Customer will start receiving real-time notifications about their cloud compliance right within their existing chatops channels improving cross-functional team collaboration and faster time to response.
DAY2 offers extensive catalog of automated remediation actions with recommended single-click response actions for each of the DAY2 Compliance Bot insights. Customers can also use their own remediation scripts. For example, customers can use a script to update the versions of agents such as Tenable Nessus, AWS SSM etc. based on their organization’s compliance needs.
DAY2 Compliance Bot is available in MontyCloud’s DAY2 platform today, and to learn more about this feature and about MontyCloud’s intelligent Cloud Management Platform, you can request a demo here.