Meet Kion at the AWS Public Sector Summit - best practices, swag, and more at our booth! Learn more

White Paper Continuous Compliance

Continuous Compliance in the Cloud

3 min read

Last updated on October 27th, 2021 at 2:53pm

The Complexity of Compliance

For many organizations, maintaining compliance in the cloud is a top priority. Yet the compliance gap, or the gap between the policies organizations adopt and those which they can actually enforce, is a real issue. According to one study, 77% of IT decision makers believe that they would not pass all of their cloud compliance audits for cloud resources.1

Compliance in the cloud is complex. Whether you follow established guidelines such as NIST or HIPAA or you define your own standards, the sheer number of policies and resources in the cloud make manual tracking a logistical nightmare. NIST 800-171 alone — just one example of NIST’s security standards ­— includes 110 policies, and each policy can apply to multiple resources. You could spend hundreds of hours tracking compliance manually. If you don’t, you risk non-compliance, which leaves you exposed to potential security breaches or even civil or criminal penalties if you violate guidelines required by law. And with the elastic nature of the cloud, achieving compliance at one moment in time doesn’t ensure compliance going forward.

So how can you get the full picture and close the compliance gap when compliance is so complex?

A 360-Degree Solution for Continuous Compliance

We’re here to help you simplify with continuous compliance.

At Kion, we provide robust proactive rules to establish boundaries in the cloud and reactive checks to get a near-real time view of policy violations within our cloud enablement solution. Using our compliance jumpstarts, compliance checks and compliance dashboard, you get powerful 360-degree coverage to prevent, detect, report, and remediate compliance violations.

Preventing and Detecting: Customize Your Rules & Checks

We harness the power of the open source Cloud Custodian rules engine to provide you with powerful methods to prevent and detect non-compliance. Using the built-in compliance engine, you can create compliance checks or individual policies that find cases of non-compliance and, if desired, automatically fix the issue. We provide many checks to get you started, as well as compliance jumpstart resources, or pre-configured cloud rules that uphold individual compliance standard controls.

Need more flexibility? No problem. These tools are fully customizable, so you can:

  • Apply checks only where you need them. Compliance standards are attached to inheritable cloud rules, which apply only where you specify. Resources can also be exempted from checks.
  • Run them on your own timeline. You can set the compliance check frequency, running scheduled checks automatically or running ad hoc manual scans whenever you need them.
  • Write your own rules and checks. We provide a form to enter your own code for compliance checks, so you can craft custom checks using YAML.
  • Go beyond the built-in engine. You can connect with an external compliance engine instead of Cloud Custodian to pull those findings into Kion.

Reporting and Remediating: Visualize Your Compliance

Our dashboard, which shows how many of your compliance checks were found non-compliant, gives you insight at-a-glance into compliance violations and lets you fix them easily. Using this dashboard, you can:

  • Find the hot spots. You can view findings by resource to see which areas have the most compliance issues.
  • See the impact of automation. You’ll get information on how many non-compliant checks were automatically remediated, so you’ll know the impact of the automation you’ve put in place.
  • Let your team take action. Allow your security team to view active findings, intervening manually or suppressing the finding if it’s not relevant, and build in automatic remediation wherever you need it.
  • Keep your fingers on the pulse of your cloud compliance: Managers can easily learn how many compliance checks failed and exactly how they were handled by your team (whether ignored, addressed, or suppressed).

Download PDF

Start your cloud enablement journey.

Request a demo today,