BMC Helix Cloud Security overview

BMC Helix Cloud Security is a SaaS-based solution that can help you close security and compliance gaps associated with the latest cloud and container technologies. It provides a unified view of compliance data collected across datacenter, cloud, and container resources. You can also use Cloud Security to embed compliance checks directly in DevOps pipelines for instant feedback regarding important "go, no-go" decisions in the process. This solution provides organizations a single compliance solution with powerful capabilities to address multiple use cases that can impede digital transformation, such as:

  • Multi-source cloud compliance for containers, PaaS Service configurations, network and storage
  • DevOps pipelines with integrated compliance and security for application libraries, WebApp vul nerabilities and application blueprints. Cloud Security has several out-of-the-box use cases ranging from:
  • Integrating compliance into DevOps pipelines
  • Identifying accounts, configurations and resources that are not in compliance with standards based (for example, CIS - Center for Internet Security) or your own corporate policies

Cloud Security is also flexible enough to provide support for many organization-specific needs, by incorporating extensible data connectors, a powerful policy-as-code (YAML) based policy language, and open RESTful APIs.

Organizations have regulations and policies that they must comply with to operate businesses in various industries. Compliance determines whether the systems in your environment meet a specific standard. That standard might be an industry regulatory standard, such as Defense Information Systems Agency (DISA) or Sarbanes-Oxley (SOX) Act, or some type of internal compliance requirement. Companies that don’t implement a comprehensive compliance coverage strategy that encompasses mode-two resources increase their risk of data breaches and ransomware.

Today, compliance and security often remains a manual, ad-hoc activity at the end of a release which then forces tough decisions about risk-acceptance versus costly late code fixes. Further, cloud and containerization adoption introduces mode-two resources into these processes that create real security and compliance gaps that most organizations haven’t considered. DevOps processes are being adopted to increase application delivery speed, yet these processes effectively slow to a crawl when, typically manual, critical security and compliance checks are introduced. In addition, multi-source cloud and container adoption is introducing new mode-two resource types that open security gaps that many organizations aren’t considering - simply because they don’t realize they exist and pose real risks.

Cloud Security can help you:

  • Integrate compliance and security into the DevOps pipeline
  • Evaluate new objects introduced by public cloud and containerization (such as, CloudTrails, Docker containers, IAM, S3, and so on), all of which can pose security and compliance risks

It provides a simple, yet powerful, comprehensive compliance strategy to help enterprises stay ahead of the competition, while shutting the door on compliance vulnerabilities.

Public clouds and containers introduce new services, resources and objects that create security and compliance blind-spots. For example, Amazon Web Services (AWS) accounts contain services that must be consistently managed to adhere to industry and organizational standards. These are AWS services that are often overlooked in compliance checks, such as: ElasticSearch, Identity and Access Management (IAM) credentials, Password Policy, Relational Database Service (RDS), S3 buckets, Security Groups, Key Management Services (KMS) and CloudTrails.

Containers and container hosts also pose security risks if not addressed. For example, if not configured correctly, seemingly secure containers can have openings for unintended access. To properly ensure compliance, container environments should be checked for compliance at three different levels: host configuration, daemon configuration, and images.

For both of the previous examples, Cloud Security can help identify these blind spots by analyzing compliance data for cloud and container resources and presenting the results in a unified dashboard. It is flexible enough to provide support for many organization-specific needs, by incorporating extensible data connectors, a powerful policy-as-code policy language, and open RESTful APIs. It provides support for custom sources through a base data connector that can be easily extended to handle any source. The only requirement for a source to be analyzed by the service is that the data be output in a JavaScript Object Notation (JSON) format, which is routinely supported or easily scripted.

Where to go from here

To obtain an overview of the tasks that you need to perform to get started with Cloud Security, see the Quick start.

Was this page helpful? Yes No Submitting... Thank you