Feature Friday Continuous Compliance
Last updated on September 20th, 2023 at 10:25am
What Is a Compliance Check?
A compliance check analyzes a cloud resource to see if it matches an undesirable configuration. Compliance checks allow you to monitor your cloud environment for vulnerabilities continually and return findings to the compliance dashboard. These findings can be triaged by severity and aggregated into a compliance score that enables you to prioritize the findings that present the most risk or adversely affect your security and compliance posture. Kion offers over 8,000 compliance checks out of the box and allows you to write custom checks to ensure you can have holistic coverage and visibility into the security of your cloud environment.
Types of Compliance Checks
- Cloud Custodian Checks
- Native Azure Policy Checks
- External Checks
Cloud Custodian Checks
Kion includes the open-source Cloud Custodian rules engine that allows you to easily write and run YAML policies against your AWS, Azure, and Google Cloud resources.
Native Azure Policy Checks
Native Azure policy checks can be added to Kion with JSON policy code specifically configured to check for compliance in your Azure resources.
External Checks
Kion can support ingesting data from external tools via external checks. These compliance checks can also serve as metadata for those external tools.
The majority of Kion’s out-of-the-box checks are Cloud Custodian checks and also comprise the bulk of the checks in our compliance jumpstarts.
A cloud custodian policy has at least four unique elements:
- Unique name
- Type of resource
- Filters
- Actions
Unique Name
This is the label of the check. The taxonomy of the name can be used to arrange or categorize the checks. For example, when used in a compliance jumpstart the checks pertaining to the specific compliance standard – NIST 800-53, HIPAA, etc., are found in the name.
Type of Resource
This is the type of cloud resource the policy is applied to SS3, EC2, etc.
Filters
Further narrow the resource that the check targets and can include things like tag, key, type, value, and more, including “AND,” “OR,” and “NOT” logic operators.
Actions
The actions include the action that posts the finding(s) in Kion via webhook, as well as actions to remediate the findings automatically if desired.
Uncommenting a single line of code can initiate automatic remediation of compliance findings
Compliance checks are only one facet of our continuous compliance features that help shift security and compliance to the left in your cloud platform development.
Kion is the best way to establish and scale a well-governed, multi-cloud environment and can assist you with much more than compliance. As a cloud enablement platform, we want to help you go farther, faster in the cloud by helping you to accomplish meaningful work across every facet of developing and managing your cloud platforms.
Automation & Orchestration tools make configuring financial, security, and compliance guardrails across multiple accounts easy and reduce what usually takes weeks of manual configuration to hours.
Financial Management features help you visualize your spend across cloud providers and understand where and why money is being spent. Also, you can receive recommendations for rightsizing resources and identifying zombie instances to stop wasting your cloud spend.
If you would like to see the best single platform for establishing and scaling a well-governed, multi-cloud environment or understand how Kion would work for your specific use case, you can request a demo by registering here.
About the Author
Matt Duda
Matt is the brand experience manager at Kion.
