Sophos, the British FTSE 250 security company, have launched a dedicated public cloud security product – Cloud Optix.
As many benefits as the public cloud can provide, it can also offer an equal – perhaps greater – number of potential security threats. Managing assets in the cloud becomes a different proposition – with multiple cloud providers such as Amazon, Microsoft, and Google, and the ability to turn things on/off at the click of a button, it can be difficult to know a) what you have and b) where it is.
Sophos’ new offering aims to simplify the security management of multiple cloud environments by offering a “single pane of glad” – and it looks to have some benefits for ITAM too.
According to Sophos, Cloud Optix is “an agentless solution [that provides] complete network inventory, topology visualization and continuous asset monitoring” across Amazon AWS, Microsoft Azure, and Google Cloud Platform (GCP).
It starts to generate a picture of the three cloud providers and shows what elements are live, such as:
According to the online materials, Cloud Optix will also highlight unused resources although, from playing around with the online demo, this appears to only look at unattached network security groups.
The service also monitors for regulatory compliance against such standards as:
using a range of out of the box policies. Interestingly, the bulk of these are Amazon AWS only, with just CIS, PCI DSS, and SOC2 being available for Microsoft Azure, and just CIS for Google Cloud Platform.
The policy focuses on 2 specific articles of this EU regulation, “Article 25 – Data Protection by Design & Default” and “Article 32 – Security of Processing”. There are 10 rules used to address both GDPR elements; they’re mainly focused on encryption such as:
This features 12 different rules in Azure (31 in AWS) across 4 elements of the PCI DSS regulation, covering various points such as:
Policies can also be customised where needed and “Guardrails” can be set to prevent certain changes taking place within your public cloud systems:
And inbuilt integrations with services such as Jira and ServiceNow help CloudOptix fit into existing workflows.
The Cloud Optix dashboard gives an overview of alerts – ranked by severity – and shows in which cloud provider and environment the problem exists.
Yes, this is very much a security product but some of the information it provides can certainly be useful for ITAM purposes. Being able to get a total overview of resources across your Amazon, Microsoft, and Google public cloud environments may enable the identification of duplicate resources and also help with identifying things where they shouldn’t be – i.e. SQL servers in AWS when your policy says “all SQL server must be in Azure”.
This is a great opportunity to talk to your security team and discuss how you can work together. Even if they don’t intend to use Cloud Optix, you can use this as a starting point to understand how their other tool/s – for they surely must have such a tool soon if they wish to maintain security in the cloud – can plug into ITAM too.
Sophos Announcement – https://news.sophos.com/en-us/2019/04/09/sophos-cloud-optix-is-solving-the-toughest-challenges-in-public-cloud-security/
Cloud Optix site –https://www.sophos.com/en-us/products/cloud-optix.aspx