Managed Security Services
The cloud operates within a shared security model where AWS or your chosen cloud provider applies security controls up to and including the hypervisor. The customer (Yes, that means you!) then secures the operating system and applications deployed on said cloud platform.
The shared security model can be an overwhelming process for those not well-versed in the intricacies of cloud computing, which is where CloudHesive comes in. We help our customers secure, manage and pass compliance audits such as FedRAMP, HIPAA, PCI, SOC2 and others. This includes helping to define your security policies and standards, your security control plane deployment, and managing your security posture across your cloud environment.
Our Trusted Partners
The Shared Security Model
When leveraging the cloud you have to remember that there is a shared security model. Amazon Web Services or other cloud providers provide the security controls up to and including the hypervisor and the customer (which means you… yes… you) needs to secure everything above the hypervisor which includes the OS, and applications.
That’s where CloudHesive can help. We help our customers secure, manage and pass compliance audits such as FedRAMP, HIPAA, PCI, SOC2 and others. This may mean assisting with security policies through deployment of your security control plane and managing your security posture across your cloud environment.
Watch AWS Shared Security Video
- Encryption of Data at Rest and in Transit Using Best of Breed Technology
- Off-Cloud Encryption Key Management with FIPS Compliant Hardware Security Modules
- Host-Based Firewalls, Intrusion Detection Systems, Antivirus and File Integrity Checking
- Hosted Two-Factor Authentication into any Customer Environment (cloud, on-premises, hybrid)
- Centralized Logging and Log Retention
- Centralized Security Incident Event Management
CloudHesive understands that for you to be successful, you must be able to pass critical regulatory and third party audits. CloudHesive works with you to ensure that your cloud security controls are in place and always up-to-date.
We will work with your internal IT security team to ensure that we are aligned with your annual audit schedule. This ensures commonly requested supporting documentation can be provided in an agreed upon time frame.
We can help you meet the controls required for:
- IS0 27001
- SSAE 16 SOC2
- Any other control framework that you may require