Human Managed app hm.works 1.15 released with dashboard on cloud compliance
Since its first release on 13 March 2023, the Human Managed web app hm.works has been getting fresh updates every week to report on intel generated from any data source from our customers.
Our last release was on continuous reports on the detections of violations on public cloud resources (e.g. AWS, Azure, GCP).
This week, we are excited to take cloud security posture use case one step further -- compliance to industry standards and frameworks!
Introducing...
cloud compliance ☁️✅
A collection of charts, recommendations, and data grid that present your org's cloud compliance *near real-time*, so that you can mitigate misconfigurations, address your compliance risks in the resources you have deployed in the public cloud, and track your progress.
The cloud posture violation dashboard answers the top 3 things you need to know about the enterprise cloud compliance:
- What important checks have our public cloud resources failed on?
- What mitigations should I configure and tune to protect my assets in line with my cyber posture and compliance goals?
- Where are the biggest gaps between my preferred posture state and current posture state?
* * *
In our v1.15, all of your your cloud controls are checked against global standards and benchmarks:
✅ ISO27001 latest version ISO 27001:2022 (the international gold standard for information security management
✅ SOC 2 and SOC 3 (widely recognized and recommended security framework for service providers)
✅ NIST CSF (globally recognized and recommended cybersecurity framework)
✅ CIS Benchmarks (security config recommendations from global experts)
* * *
compliance data dictionary
Before we get those coveted green ticks for you, it's important to clarify some terms in the world of compliance:
- compliance - conforming to a rule, such as a specification, policy, standard, law or framework (eg. defining and performing all activities required under section A.8.28 Secure Coding of ISO27001)
- standard - set of generally accepted criteria/rules used as a point of reference (eg. ISO 27000)
- framework - a structure that organizes and categorizes the implementation of expected standards (eg. NIST CSF)
- benchmark - prescriptive recommendations based on industry standards and best practices that can be used for measurement and comparison (eg. perform static application security testing)
- check - criteria used to audit and/or measure the intent, implementation, operations and/or effectiveness (eg. issue tracking software to track weakness)
- control - a safeguard or countermeasure put in place to protect an asset (eg. secure coding)
📝 Bottom line = we are running continuous checks on the existing controls on your cloud resources and reporting whether each assessment complies or doesn't comply to a certain benchmark, standard, or framework that your organization cares about.
* * *
Let's explore each segment of the cloud compliance dashboard.
I.De.A for cloud compliance
- What:
- summarized intel gives you a high level summary of your compliance state detected in your cloud resources, customizable to key indicators (in this case, pass vs. fail count)
- recommended decision gives you a direction to prioritize to improve your cloud posture, based on hm.works' analysis.
- recommended action gives you the steps to execute the recommended decision
- Why: Helps you to understand your company's current state of cloud compliance, and take prioritized decisions and actions to improve the compliance -- based on data.
- How: Forward or connect data (cloud resources under AWS accounts, Azure subscriptions, and GCP projects) to build, configure, and monitor violation use cases on the hm.works platform.
cloud compliance data grid
- What: An interactive grid breaks down your organization's cloud compliance based on:
- check result (pass / fail / error)
- check severity (critical, high, medium, low)
- asset name
- asset type (app, data, device, network, org, user)
- asset variety (e.g. EC2, IAM, CloudTrail, Storage)
- cloud account ID
- cloud region
- control objective (lower attack surface / defense in depth)
- CIS family (identity & access management, networking, monitoring, storage, logging)
- CIS description
- ISO ID, ISO description
- SOC ID, SOC description
- NIST ID, NIST description
- Why: Understand and explore your current check result against security standards, frameworks, and benchmarks for each control, identify blockers, and plan for improvements to achieve desired posture goals.
- How: Forward or connect data (cloud resources under AWS accounts, Azure subscriptions, and GCP projects) to build, configure, and monitor violation use cases on the hm.works platform.
view by CIS benchmark
view by ISO ID
view by SOC ID
view by NIST ID
* * *
And that is hm.works 1.15! We will be releasing more features and updates regularly, so stay tuned.
To get the latest news from Human Managed, follow us on LinkedIn and check out our blog.
* * *
Want to discuss how we can help solve your cyber, digital, or risk operations through data?
Want a test run of the hm.works app?
Have any questions or feedback?
Please contact us at hello@humanmanaged.com.