Cloud Governance, Compliance and Security
Kumolus integrates Cloud Management tightly with Governance, Compliance and Security by helping you define, continuously monitor and audit your policies. Kumolus automates and controls the processes that allocate your Cloud resource deployment and configuration.
Cloud Governance and Security Features
Cloud Governance – embed security and compliance!
Kumolus is a full stack application centric Cloud Management Platform enforcing Federated policy, compliance, cost management and governance. The Kumolus Cloud Management Platform allows the master tenant or MSP to federate policies whilst giving delegated authority to tenants, departments, LoB and teams – invisibly enforcing security, business assurance and cost management.
Automate Tagging and Naming Conventions
Ensure every service AMI, ELB, RDS, Subnet, etc deployed has an appropriate tag and naming policy. This ensures that the appropriate meta data has been assigned to each resource so you can report and automate functions to optimize the service based on policy driven triggers.
Policy-based Governance – drive optimization and policy assurance
With tags available for every service you can shutdown services, such as dev / test workloads out of hours. You have flexible whether to enforce tag information and can be as strict as automatically removing any untagged resource as soon as its deployed.
Global Security Dashboard – instant CIS benchmark!
Visualise existing security posture against the Cloud for Internet Security (CIS) benchmark. Understand the risk level and remediate the threats based on automated recommendations. Enforce on-going security posture utilising Kumolus comprehensive pattern control automation capability and continuously validate for non-compliance.
Audit, Revision Control and Roll-back
According to Gartner, up to 80% of system outages are due to unplanned changes within the IT environment. Kumolus allows for the continuous monitoring, version control and roll-back of environment changes to allow easy identification of incidents and more importantly faster resolution.
Identify Security Vulnerabilities and Remediate
Identify, classify and re-mediate potential security risks and exposures via our detailed drill through dashboard. Automate security validation against ASGs, EBS volumes, EBS, ELB, IAM, KBS and many more services. Enforce security posture via template patterning and continuously identify anomalies within your Cloud security perimeter.
Patch Management – avoid Security vulnerabilities!
Automate the patching of Windows and Linux machines. Ensure the latest security patches have been applied to hosts within your AWS environment. Include patching as part of policy-based workflows to ensure your base level security risks have been addressed.
Limit technology sprawl – control who deploys what!
The ability to provision cloud services needs to be managed or you risk technology sprawl and spiralling costs. Set rules around what different groups and / or individuals in your organisation can do. For example, using Role Based Access Control (RBAC) functionality would allow you to limit a development team to only provision specific instances, of a certain size and in specified network(s).
Asset Tracking Automation
Set custom tagging rules, including mandatory rules on every cloud object within your Cloud environment. Whether it’s an operationally triggered snapshot or a security group added as part of a security change, custom tagging ensures these movements can be tracked.
SOE Management – configuration vulnerability management!
Kumolus enables SOE control of AMIs and services to assist in the reduction of cost and time taken to deploy, configure, maintain, support and manage Cloud environments. Kumolus SOE foundation creates a repeatable known, expected and supportable environment whilst fostering speed via increases automation and reduced change management.
Single Sign-on and Access Management
Single Sign On (SSO) for single and multiple-tenant deployments. Integrate seamlessly into Enterprise SSO systems including SAML 2.0, Okta, ADFS and OAuth. SSO can be configured as part of the master tenant or configured for individual customer tenants using their own SSO systems.
Application Mapping – manage dependencies!
Visualise an architecture and view / manage by individual application and it’s related components. Easily filter our visualizations by Application tags, and we will map appropriate service dependencies. Click on any component of the full-stack and all the details are displayed and configurable.
Ensure Backup compliance – never be without a backup!
Schedule tag-based Cloud Backup so you never miss a snapshot again. Federate both in and out-of-region snapshots for EBS Volumes, Database, Database Snapshots, Root Volumes, Volume Snapshots and Servers. Customize policy based retention periods and bacjup frequency. Enforce deletion of AMI, detached Volumes and clean up orphaned Snapshots.