Blog Continuous Compliance Release News
Last updated on February 2nd, 2023 at 3:07pm
Release 2.26 is now live! This month we focused on features that all users can enjoy, no matter their cloud provider, including a birds-eye view of compliance, quick and easy object creation, and more! And yes, we still snuck in a few updates that are specific to AWS, Azure, and Google Cloud.
Read on to learn what's new in 2.26!
For everyone: compliance scores, quick connect, and LDAP sync for SAML
Compliance scores in the org chart
Our org chart already provided a great way to view policy, spend, and financial info across your entire organization. Now, you can also get a view of compliance for your OUs and projects.
The compliance view, which is a new drop-down option on the org chart, provides:
- A compliance score for the OU/project weighted by severity of non-compliant checks. A lower score is better, and a score of 0 means no compliance issues.
- A doughnut chart showing compliant and non-compliant checks for the OU/project and the severity of the non-compliant checks. This lets you determine which OUs and projects have the highest proportion of urgent non-compliant checks at-a-glance.
- The number of total checks and a link to the compliance summary for this OU/project.
Using the score and chart colors as an easy indicator of urgency, you can determine which projects and OUs need attention first. The colors show you:
- Green: compliant checks.
- Maroon: non-compliant checks of critical severity.
- Red: non-compliant checks of high severity.
- Orange: non-compliant checks of medium severity.
- Yellow: non-compliant checks of low severity.
- Blue: non-compliant checks of informational severity.
Compliance score calculation
The compliance score for a project or OU indicates the total weight of all findings for non-compliant checks, with "Critical" severity checks weighing the most. Here's how we calculate it:
- Each compliance check you create allows you to select a severity. A compliance check can have multiple findings.
- Each severity has a designated weight that is used to calculate the score. These weights are:
- Critical severity = 10
- High severity = 6
- Medium severity = 3
- Low severity = 2
- Informational = 1
- The severity score is the sum of all (total findings for a non-compliant check * its designated weight) based on the context, as shown in the example below:
Quick-connect button
Ready to create or connect items lightning-fast? Now you can! We added a new quick connect button in the top navigation bar to add and connect items with ease. Clicking this button will open a menu. The options will take you to the same creation and connection pages you can access from elsewhere in cloudtamer.io, but with fewer clicks:- OU (create new OUs).
- Projects (create new projects, project requests, or requests for project access).
- Accounts (connect externally-created accounts, billing sources, Azure CSPs, and Azure EAs).
- Users and User Groups (create or bulk-create new users or create a new user group).
- IDMS (create new IDMS's).
- Cloud Management (create new cloud rules, AWS IAM policies, AWS SCPs, AWS Service Catalogs, AWS AMIs, Azure role definitions, Azure policy definitions, Azure ARM templates, and webhooks).
- Compliance (create new compliance checks and standards).
Sync SAML IDMS users/groups from LDAP
Before 2.26, we allowed you to use SAML assertions to add users to cloudtamer.io groups, but you had to enter the associations manually. Now, you can sync users and groups from LDAP for a fully streamlined process. To use this feature, just choose "LDAP Sync" under the user group "Association Type" when adding or editing your SAML IDMS. This syncs users and groups from LDAP while still using a SAML IDMS for login. So you pull in your LDAP groups AND get the benefits of a SAML IDMS. Win/win!
For AWS users: secure CloudWatch auto-export
When cloudtamer.io's support team needs to troubleshoot an issue, the CloudWatch logs for AWS users are a big help. That's why we now offer the option to securely send the logs to our support team using a native AWS export.
Using this new setting you can send CloudWatch logs manually to give access on an ad hoc basis. You'll set the date range to determine which logs to send.
You can send the logs from the cloudtamer.io system settings.
For Google Cloud users: use the account cache and auto-load spend data
You can now add Google Cloud accounts to the account cache! This is a convenient way to pull accounts into cloudtamer.io until you’re ready to attach them to a project.
We now also load spend data automatically when you add a Google Cloud account. Previously, you had to manually trigger the Google Cloud microservice to pull in the account’s financial data. So you can pull all your Google Cloud accounts into the cache, and their spend data will be synced with no extra effort on your end.
For Azure users: bulk import resource groups
Last but not least, we added an often-requested feature for Azure users: bulk import for resource groups. Granting access based on resource groups allows you to apply permissions at a more granular level, but pulling them all into cloudtamer.io was a tedious process. Now, you can add all of the resource groups for a billing source at once, which is a huge timesaver!
Our new resource group import option lets you pull resource groups into the account cache or attach them directly to a project with ease. Only those that aren't already being managed in cloudtamer.io will be imported, so you can use this feature even if you're already using resource groups in cloudtamer.io.
All you need to do is go to your Azure billing source, expand the "subscriptions not in cloudtamer.io" section, and click the ellipsis menu. You'll see an option to "Import Resource Groups." Then just follow the steps in the pop-up modal, and you're all set!
Like what you see so far? There's more!
If you're an existing customer, you can find the full list of features from 2.26 in our Support Center. If you haven't checked out our documentation there, you should! One customer called it "a beacon in a world of misery," which we think is pretty awesome.
If you're new to cloudtamer.io, you can request a demo to learn more about our comprehensive cloud management software.