RedLock monitors the environment for violations and auto-remediates them.
He wants evidence of PCI compliance across all production cloud accounts over the past year.
Joe Auditor selects the appropriate report options and generates the required report with a single click.
If your organization operates in a highly regulated industry, ensuring compliance across your public cloud computing environment is a key business requirement. However, the dynamic nature of the cloud makes this pretty challenging.
The first step in assessing compliance involves mapping your specific cloud usage and resource configurations to compliance controls across the various cloud services. RedLock has done the work of mapping granular controls for common compliance standards such as CIS, PCI, and HIPAA and provides hundreds of out-of-the-box policies for AWS, Azure, and Google Cloud.
Due to the dynamic nature of the cloud, resources within the environment are constantly changing. Rest assured that RedLock will automatically discover a resource as soon as it is created and profile it to understand which policies to assess. For example, as soon as a resource is discovered and identified to be a database, it can be assessed for controls such as encryption.
Manual periodic audits are not effective for assessing the compliance posture of dynamic cloud environments. RedLock continuously monitors cloud computing resources for violations and automatically remediates issues. For example, if a database is created without encryption enabled, it can be automatically enabled.
In an audit, organizations are asked to prove compliance for a given time period. This poses significant challenges in public cloud computing environments where users are constantly making changes without a security review. RedLock not only enables you to report on your current compliance posture, but also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods as well.