Cloudneeti Introduces Risk Posture for Public Cloud Infrastructure

Cloudneeti, the leading provider of continuous cloud security, compliance and data privacy assurance solutions, has announced the addition of risk posture functionality within its flagship Software as a Service (SaaS) product.

Introduction

Security, compliance, data privacy, and risk management are at the top of the minds of IT and business executives. Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) have an important goal of enabling their companies’ digital transformation initiatives and driving adoption of public cloud infrastructure. The beauty of public cloud infrastructure is that it brings standardization and allows automation previously unheard of and impossible in traditional, highly heterogeneous on-premises environments.

Cloudneeti created a cloud-native solution with API-based (agentless) data collection and is able to assess the security posture of cloud infrastructure within minutes. The cloud security best practices (security policies) are mapped out of the box to multiple compliance frameworks and data privacy regulations, offering continuous compliance assurance. Now, with the addition of risk posture functionality, it becomes the industry’s first complete cloud security assurance solution addressing all key requirements of security executives.

Customer Use Cases

Organizations require a risk-based view of their vulnerabilities to be able to properly prioritize and on priority address the most critical issues. “Our customers approached us asking to prioritize risks so that they could mitigate them in priority order,” said Gururaj Pandurangi, founder and CEO of Cloudneeti.

“Cloudneeti is providing us visibility into vulnerabilities and helps with enforcement of cloud security policies. However, our executive leadership is very worried about too many red’s in the dashboards. Please help us prioritize these.” – An Enterprise Customer

 

“We use Cloudneeti to assess our customer’s cloud infrastructure. Within minutes after adding relevant cloud accounts we could see the compliance dashboard. My customer asked me to produce a plan to fix all the red’s in the report. Can you help us prioritize all discovered misconfigurations and identify high-risk ones?” – An MSP Customer

Our first attempt was to do prioritization purely based on risk severity. As we ventured out on this journey, we realized that prioritization cannot be done only based on the magnitude of potential impact (e.g. a weighted score or count of severity), because the likelihood of exploiting a vulnerability is also important.

ISO IEC 27005 is a generally accepted global standard for risk assessment that supports prioritization. Risks can either be estimated qualitatively (for example, whether the risk is high, medium or low) or quantitatively (for example, measured in terms of cost or man-hours). Risk level is defined as Impact overlayed with Likelihood. The Impact is the potential damage to the organization when a vulnerability is exploited. The likelihood is the probability of someone taking advantage of a specific vulnerability.

Cloudneeti’s Implementation

Cloudneeti’s implementation of risk posture is influenced by ENISA and ISO/IEC 27005. The level of risk is calculated on the basis of the estimated negative impact (Risk Severity) mapped against the likelihood of an incident scenario. The likelihood is estimated as the probability of hackers exploiting a certain vulnerability (Risk Likelihood).

Here’s a screenshot of a clickable, filterable dashboard allowing our customers to understand and prioritize their implementation plans.

References: