Cloudneeti builds upon (depends on) Azure Security Center. Here are some salient integrations and differences…
- Azure Security Center provides about 18 recommendations, which are integrated in Cloudneeti. On top of that Cloudneeti provides 200+ policy gaurdrails spanning Azure IaaS, Azure PaaS and O365 services (like App Services, Application Gateways, HDInsight, CosmosDb, Networking, Storage accounts, Azure Active Directory, O365 Sharepoint, OneDrive for business, Account Settings, Customer Lockboxes etc).
- On top of the baseline security configurations, Cloudneeti provides a growing list of Industry solutions and Compliance views for Healthcare (HIPAA), Payment Card Industry (PCI DSS 3.2), Cybersecurity Frameworks (CIS, NIST CSF), Financial Services.
- Cloudneeti provides access to these aggregation to anybody in the organization (through invite users) . E.g. CISO may not have access to some dashboards on Azure or O365
Cloudneeti is agentless and works with Azure and O365 APIs directly.
- – Customer configures a read-only API Key (a service principal) on the cloudneeti console.
- – Cloudneeti discovers Azure and O365 resources and infrastructure configurations (only the meta-data associated with the resources)
- – Customer/Auditor controls which policies to be applied
- – Cloudneeti AI engine reads all the meta-data applies cloud best practices, compliance controls for various Industry Solution and applies risk profiles to produce the rich CISO, DevOps dashboards, cybersecurity and compliance postures.
MANAGED SERVICES (1)
Many customers do look to Cloudneeti for remediation. Some of the remediation is available w/i the product. Others are delivered as managed services. Details below.
- ‘Remediate Now’ is a feature we have been slowly rolling out and is currently available for policies that are low impact.
- ‘Auto remediate‘ is not a feature of the product. However, is available for customers who prefer a managed services option. In these cases, our joint teams will decide on selecting policies based on
- The nature of the impact (risk profiles associated to Identity / Networking or individual resources)
- Blast radius of the impact (users/traffic affected)
- Impact on Incident Management workflow.
DEPLOYMENT MODELS (1)
Various deployment models from Private SaaS (Full control) to a Multi-tenant SaaS options are provided, as shown in the image.
As would be a case, most customers prefer a fully managed, multi-tenant SaaS deployment allowing Cloudneeti to keep software licencing and operations costs significantly down.
AUDIT PREPARATION (2)
Cloudneeti does it best to get you as close to get you certified, but an automated assurance product like Cloudneeti or any other in the market does not guarantee certifications. The following are the caveats
- Cloudneeti provides recommendations, best practices and interpretations for ‘customer responsible’ compliance controls. However, certification as an outcome is not guaranteed.
- Recommendations and score card should not be considered as a guarantee of compliance
- Cloudneeti should be used as a tool for self-assessment and continuous validations for cybersecurity and compliance framework controls.
- Organizations ARE RESPONSIBLE to evaluate and validate control requirements for their regulatory environment. Its best to consult with your Auditors/Assessors for appropriate ‘due diligence’ process.
Although many of our staff have risk assesment / IT assessor certifications, Cloudneeti as an organization is not in the business of product/solution certifications.
For managed services customers, Cloudneeti provides frequent internal IT Audit preparedness reports, compliance views and much more. However, as Cloudneeti acts on behalf of customers and understands customer’s IT setup, its advisable to customers to use a 3rd party Independent Auditor/Assessor for certification needs. In most cases, Cloudneeti will be able to
- Refer Customers to a 3rd party accredited Assessor Organization
- Work with the 3rd party Assessors to regularly prepare audit ready evidence for Technical controls
- Customers would be advised to work directly for People, Process control categories as well as Risk mitigation/prioritization for Technical controls.