Compliance

Announcing Fugue Risk Manager to Help Identify Cloud Compliance Violations and Protect Against Data Breaches

Fugue announced the release of Fugue Risk Manager. A new Software-as-a-Service (SaaS) solution, Fugue Risk Manager is designed to make it easier for enterprises to identify compliance issues in their cloud environments and prevent them from reoccurring.

Fugue Risk Manager inspects cloud infrastructure environments and identifies resource configuration issues for common compliance regimes, including AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, HIPAA, and custom controls specified by the customer. Once violations are corrected and a known-good baseline is established, Fugue Risk Manager can automatically identify configuration drift and revert it back to the established baseline as soon as it occurs.

"Enterprises that adopt the cloud are quickly confronted with the challenge of guarding against infrastructure misconfiguration that leads to critical data breaches and costly compliance fines," said Phillip Merrick, CEO of Fugue. "We developed Fugue Risk Manager to simplify the task of finding these problems and ensuring they never happen again, and to do so efficiently to support the speed and agility today's business demands."

New Fugue Compliance Suite Helps Enterprises Enforce Cloud Security and Policy to Prevent Breaches

Grazed from Fugue

Fugue, the company automating security and compliance enforcement in the cloud, today announced the availability of the Fugue Compliance Suite to make it easier for enterprises to validate cloud infrastructure against security and compliance policy to prevent data breaches. Included in the Fugue 1.8 product release, the Compliance Suite contains pre-built validations expressed in policy-as-code libraries that are mapped to AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, and HIPAA.

"As enterprise cloud adoption increases, so have data breaches and other security and compliance incidents due to cloud misconfiguration exposure," said Phillip Merrick, CEO of Fugue. "Because of this, cloud security and compliance are now top enterprise priorities, but it's important that solutions don't slow the pace of innovation. The Fugue Compliance Suite is designed to help cloud teams move fast and at scale to ensure that compliance policy is continuously enforced at every stage."

Datica Announces First-Ever Complete Cloud Compliance Tool for Developers

Grazed from Datica

Datica announced its fourth product, the Cloud Compliance Management System (CCMS). The new product completes Datica's suite of offerings focused on the two most difficult technology problems for digital health: cloud compliance and health data interoperability.

The dynamic nature of the cloud has greatly outpaced existing compliance tools available to developers. The modern cloud is no longer simply someone else's computer but is now a constellation of managed services delivered as software that sits on top of the leading cloud service providers, like AWS, Microsoft Azure, and Google Cloud.

API-Driven Continuous Compliance

Continuum Unveils Compliance and Cloud Enhancements for Security Portfolio

Grazed from Continuum

Continuum, the exclusive provider of the only service-enabled technology platform that enables MSPs to scale rapidly and profitably, today announced enhancements to its Continuum Security portfolio. At Navigate 2018, the company's annual user conference, Continuum unveiled new solutions to help MSPs meet the demands of their clients with regulatory requirements and help secure their cloud-based operations. Continuum also announced the expansion of their newly released Continuum Security into the European marketplace.

The new Compliance Dashboard, part of Continuum Security's Profile & Protect offering, provides MSPs with key views that enable MSPs to ensure their clients are compliant with critical regulations, starting with HIPAA, and provides easily consumable information to help clients quickly adhere to their audit and self-assessment requirements. These extensions effectively detail adherence to technical compliance requirements and outline any gaps in those requirements, allowing providers to deliver visibility into vital information required in highly-regulated industries.

Cavirin Delivers Breakthrough Resource Visibility and Security Posture Intelligence for Hybrid Cloud Infrastructures

Grazed from Cavirin Systems

Cavirin Systems, Inc., the only company providing risk, cybersecurity and compliance posture for the enterprise hybrid cloud, today announced the general availability of its Summer 2018 CyberPosture Intelligence release. CyberPosture is a consolidated risk score for the hybrid infrastructure, based on configuration checks, vulnerabilities, and risk, security and compliance audit frameworks requirements, permitting the CISO's team to immediately compare the organization's current security posture against the desired ‘golden posture' and immediately take corrective action. CyberPosture Intelligence provides a set of visibility and control capabilities that allows organizations to automate security policy across their hybrid cloud data centers to reduce a growing attack surface and assure compliance with industry regulations.

"Cavirin for the first time is truly integrating continuous compliance and cloud security posture management into a single, actionable view for the CISO and their teams," said Nemi George, Senior Director of Information Security and Service Operations at Pacific Dental Services. "This innovation will help cut through the myriad of operational noise (event alerts and notifications), helping to identify the real risks across our hybrid infrastructure whilst providing actionable intelligence."

According to research conducted by ESG, businesses plan to increase the number of workloads they have deployed in a public cloud platform. However, as more organizations leverage the flexibility of both on-premise and public cloud platforms to gain agility in an increasingly competitive business environment, the need for cybersecurity and mitigating risk becomes complicated by the resulting expansion of the intrusion surface. The new CyberPosture Intelligence capabilities from Cavirin close the loop for protection, monitoring, and remediation across cloud workloads and cloud security posture management, while permitting organizations to retain full control of their assessment data, important in many verticals such as those subject to FedRAMP. This approach differs from a SaaS-based solution where confidential data is sent outside of the user's environment.

CloudWave Achieves SOC 1 Type 2 and SOC 2 Type 2 Compliance

Grazed from CloudWave

CloudWave, an IT infrastructure, cloud services, and technology consulting services provider for healthcare organizations, has successfully completed Service Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 examinations, performed by Assure Professional - a leading cybersecurity, assurance and compliance solutions provider. CloudWave's financial transaction processing system is both SOC 1 Type 2 and SOC 2 Type 2 compliant, in accordance with the attestation standards established by the American Institute of Certified Public Accountants (AICPA).

"We have had the opportunity to work with CloudWave for the past several years in evaluating their control environment as it relates to adherence to the SOC examination standard as published by the AICPA. Once again CloudWave has demonstrated their commitment to Security and Availability in their service offerings," said Juan Vargas, Assure Professional Senior IT Security Auditor.

SoftwareONE Launches Security for Microsoft 365

Grazed from SoftwareONE

SoftwareONE, a leading software and cloud portfolio management provider, announced that it has launched Security for Microsoft 365, a new managed service that enhances the security of Microsoft 365 environments as well as manages and protects users, devices, applications and information from advanced security threats. In a mobile-first, cloud-first world, the attack surface has expanded past the traditional IT perimeter and enterprises need to manage identities, protect devices, govern and manage Shadow IT, and make sure sensitive information is safeguarded.

Security for Microsoft 365 is powered by Microsoft 365 and includes Microsoft Enterprise Mobility + Security to help enterprises stay ahead of advanced security threats as employees become more mobile and cloud services are adopted across the organization. SoftwareONE plans, configures, implements and supports the solution to meet customer business requirements. Microsoft 365 provides security capabilities including identity management, mobile device management, endpoint protection, advanced threat protection and cloud application security. Security for Microsoft 365 will help enterprises prioritize and deploy the capabilities taking into account business, security and compliance requirements.

Alibaba Cloud Becomes the First Cloud Computing Company to Obtain C5 Attestation with Additional Requirements

Grazed from Alibaba Cloud

Alibaba Cloud, the cloud computing arm of the Alibaba Group, announced today that it had completed its assessment for the Cloud Computing Compliance Controls Catalogue (C5) set out by the Federal Office for Information Security in Germany, also known as Bundesamt für Sicherheit in der Informationstechnik (BSI). Alibaba Cloud is the world's first cloud provider to achieve this attestation with the additional requirements. The attestation covers Elastic Compute Service ("ECS"), Relational Database Service ("RDS"), Object Storage Service ("OSS"), Content Delivery Network ("CDN"), Server Load Balancer ("SLB"), Virtual Private Cloud ("VPC") and Alibaba Cloud Security available on Alibaba Cloud's regions in Singapore and Germany.

Alibaba Cloud's commitment to applying the highest levels of compliance in controls and security is shown by meeting the C5 standard that serves not only as a benchmark for the German market, but also increasingly as a benchmark for institutions across Europe. With the attestation, customers in German states can leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads using Alibaba Cloud services.

C5 is intended primarily for professional cloud service providers, their auditors and customers of the cloud service providers. It has 17 distinct control requirements that the cloud providers either have to comply with or meet defined minimum standards. It is a required assessment for working with the public sector in Germany and is being increasingly adopted by the private sector. The philosophy behind C5 is to unify the currently fragmented certification of cloud provisions that are measured against no agreed standards and possess no coherent oversight.

Chef Announces New Compliance and Application Automation Capabilities for AWS

Grazed from Chef

Chef, the leader in Continuous Automation, today announced new capabilities designed to further accelerate enterprise adoption of Amazon Web Services (AWS) by addressing users' compliance and containerized application lifecycle control concerns. Building on AWS OpsWorks for Chef Automate announced in 2016, new functionality includes Chef Automate with integrated compliance.

"As enterprises accelerate their migration to the cloud, working with DevOps leaders like Chef is crucial," said Scott Wiltamuth, Vice President of AWS Dev and Management Tools, Amazon Web Services, Inc. "Chef is providing valuable on-ramps for enterprise customers who are migrating workloads from on-premises data centers to AWS. We are pleased to see Chef's compliance-as-code capabilities as part of AWS OpsWorks for Chef Automate."

"When AWS launched OpsWorks with Chef Automate we immediately jumped on that," said Eric Schneider, CTO of Verisk. "It is one less component that we had to worry about. The experts at Chef and AWS are worrying about it for us, and that allows us to focus what is important for us and our customers."

Atlantic.Net Talks Cloud Hosting, HIPAA and HITECH Compliance

Grazed from VMblog.com



If your company is in the market for a Cloud Hosting, Managed Hosting, Dedicated Hosting, or HIPAA-Compliant Hosting provider, you may have already come across Atlantic.Net.  I recently sat down with the company's VP of Marketing, Adnan Raja, and asked him some questions about the company and their services.  

VMblog:  Tell us a little bit about Atlantic.Net and its history.

Adnan Raja:  Atlantic.Net was founded in 1994 by Marty Puranik as an ISP. Under Marty's leadership, Atlantic.Net has led the way in changing and adapting to new technologies, consistently introducing new services and solutions. Atlantic.Net is now a market leading cloud hosting provider, specializing in on-demand, private, and hybrid cloud hosting solutions. We operate our own SSAE 16 SOC 1 SOC 2 datacenter facilities, with presence in six international data centers.