Expanded Cloud Misconfiguration & IaaS Security

Over the course of the pandemic, cloud infrastructure and services offered a lifeline to many organizations and their partners and customers around the world. But the phenomenal growth in deployments over recent months has come with its own challenges. Many organizations lack resources to ensure cloud infrastructure is configured and deployed securely.

Our Trend Micro Cloud One™ – Conformity offering was built for exactly these challenges. The good news is, we’re now expanding its support for multi-clouds and Terraform users to add even more value for our customers.

Cloud security isn’t easy

Organizations are often expanding their Infrastructure as a Service footprint faster than they can secure it, which lead to increased misconfigurations and vulnerabilities. Estimates suggest 92% of enterprises now have a multi-cloud strategy and 80% have a hybrid cloud strategy. The complexity of cloud environments can cause challenges. Cloud service providers today offer hundreds of services in their platforms to help customers drive innovation. Yet these require specialized skills to ensure they’re running in a secure and compliant fashion. Misconfiguration of resources is commonplace and can lead to sensitive data leaks and other risks.

As an AWS Technology Partner of the Year, Cloud One – Conformity has a proven track record for understanding the challenges facing its cloud customers, and providing innovative solutions to overcome them. Conformity enables organizations to fulfil their side of the shared responsibility model by automatically checking for adherence to best practices and compliance standards for their cloud configurations, from development to runtime. And it allows the same organizations to auto-remediate issues they find, with self-healing and integration into DevOps workflows.

Introducing Google Cloud Platform support

However, Trend Micro Cloud One is always looking for new ways to innovate, as the complexity and velocity of cloud adoption continues to accelerate. That’s why we added over 250 configuration checks for Microsoft Azure environments, complementing the hundreds we already offer to AWS customers. And it’s why we’re now adding support for Google Cloud. Here are the key points of the announcement:

• Our public preview is now live
• We’re adding new configuration rules weekly for 15 discrete Google Cloud services, mapping to the CIS Google Cloud Foundations Benchmark
• 180 Google Cloud best practices have been added to the publicly available Conformity Knowledge Base, offering step-by-step instructions on how to remediate misconfigurations
• Customers now have a single dashboard view of their entire cloud environment, including the ability to create, schedule and send reports, and includes our profiles feature to store and manage rule settings in reusable templates for enforcing governance at scale
• Users simply need to sign-in to Cloud One and in minutes they’ll have access to cloud security posture management across their multi-cloud environments
• Existing Conformity customers can add their Google Cloud accounts for free during the public review period (until the end of 2021), to better understand their security posture
   

Backing Terraform cloud builders

Another key consideration when managing cloud security posture is the infrastructure as code (IAC) tools, such as AWS CloudFormation and Terraform, which engineers use to automate the provisioning of infrastructure. Although such tools add undoubted benefits, they can also rapidly introduce critical changes which may have serious security, compliance and operational implications.

That’s why we’re also rolling out support for Terraform, meaning templates are checked for compliance so that only the cleanest and most secure make it into a customer environment. Running these checks without the need to execute code first makes issues easier to fix before going live, saving valuable time and resources for under pressure cloud builders. This adds to Cloud One – Conformity’s existing support for AWS CloudFormation.

The pace of cloud development is relentless, and will surely kick up another gear as organizations look to exit the pandemic with momentum. When they do, Trend Micro will be there with them to make sure that any digital transformation projects are built on a foundation of best practice security and compliance.
 

Read More HERE