Cloud Security Posture Management (CSPM)
Gain Control of Cloud Security
- Security recommendations
- Status reports
What can we do for your cyber security?
Monitoring and Management of Cloud Security Configuration
Companies' digital transformation brings the adoption of the public cloud. This introduces a new paradigm of shared responsibility with providers (CSP) as well as new security challenges. It also comes with the adoption of agile development methodologies (DevOps) that prioritize delivering value in a quicker manner, occasionally overlooking established security policies.
Clients are responsible for 99% of security incidents in the public cloud. Unawareness of security native capabilities, lack of visibility and prioritization of agility in DevOps processes result in a wrong or insufficient configuration of asset security.
The security configuration monitoring and management service helps to implement and ensure compliance with security policies in public clouds.
Inventory of assets and non-intrusive unified view of their configurations, regardless of the CSP (Cloud Solution Provider).
Set of guidelines including the good practices developed by Telefónica.
Periodic assessment of the degree of compliance with security policies and good practices.
Enrichment of results with the specific features of each client.
Monitoring, detection and response
Continuous detection of changes in configurations, impact analysis and immediate detection of modifications through automated responses in the various environments.
Automatic resolution of bad configurations or infringement of policies.
Implementation of robust security policies through the various CSP.
Integration and automation
Security integration and automation along the deployment and continuous integration processes (CI/CD). Encryption of information at rest, in transit and in use.
GDPR and PCI-DSS
Support to regulatory compliance (GDPR and PCI-DSS).
- Agentless deployment. Agile and non-intrusive integration into the client’s environment and operations.
- Set of control rules adapted to the various CSP and their services.
- Service managed by the SOC. Professionals specialized in Cloud security implement specific rules of clients.
- Automatic remediation configuration. Implementation of specific resolution mechanisms without any intervention from the client.
- Integration with MSS, the security services architecture managed by Telefónica.
- Compliance driver. Set of rules adapted to the main regulatory frameworks.
- The security configuration monitoring and management service is aimed at companies using Amazon (AWS), Microsoft (Azure) Google (GCP) public cloud services and need to improve their visibility and understanding of the security status of their assets.
- Companies with deployments in multi-vendor environments.
- Companies with compliance needs: regulated and banking sectors, (PCI-DSS); companies that process personal data (GDPR).