Coalfire has added two new platforms to its suite of cloud security services: Secure Cloud Automation Services and Cloud Security Strategy and Maturity Assessment.
According to Coalfire, SCAS helps enterprises build customized and automated security processes for compliant, audit-ready cloud environments. Cloud service providers seeking business with the federal government have to meet Federal Risk and Authorization Management Program (FedRAMP) cloud security requirements. Coalfire claims that organizations typically spend more than 18 months and $2 million to meet these requirements but that SCAS can help providers be audit-ready in less than six months and at a fraction of the cost.
This is accomplished, according to Coalfire, by providing preconfigured AWS and security partner servers, as well as ready-made compliance documentation. Coalfire's cloud automation services for FedRAMP use AWS CloudFormation, Terraform, DevOps tools and security best practices to deploy clouds into a preconfigured AWS GovCloud or AWS East/West cloud infrastructure.
The Cloud Security Strategy and Maturity Assessment service is an assessment of an organization's current cloud security, as well as a guide to an improved state of maturity that aligns with business goals and objectives, according to Coalfire.
Coalfire's cloud maturity assessment:
- is customized to any cloud service provider, environment size, implementation approach or hybrid architecture;
- provides actionable recommendations that can be implemented;
- conveys findings to key stakeholders throughout the organization; and
- incorporates aspects of multiple security frameworks to enable the adoption of approaches that meet security risk requirements.
The assessment uses three maturity pillars that represent the core of the cloud security maturity models: strategic alignment, capabilities and efficacy.
Strategic alignment shows how an organization's approach to planning and implementing cloud security aligns with enterprise goals, business requirements and risk appetite. Capabilities assess how an organization has accounted for, designed, implemented, operationalized and managed a detailed security controls program. Efficacy breaks down how an organization visualizes and monitors cloud security, drives efficient cloud usage and supports DevSecOps.
The other services in Coalfire's Secure Cloud Services suite include Cloud Security Penetration Testing, Cloud Security Compliance and Cloud Security Risk Assessment.