Discovering Risk in Your Cloud


Dave Welch (@OraVBCA), Chief Evangelist

It’s at once both a relief and unsettling to tell your professional services client, “We’re sorry. But we’re feeling the need to hijack this engagement. You have no backup. Yes, we understand ops is going through the motions. But your backup media is non-restorable and/or non-recoverable.”

We’ve had that experience three times that I can recall in 22 years. Luckily, each time the message was well-received. While we apply our expertise in this area preventatively, we are of course prepared to help in such emergencies. We quickly got after the business of reconfiguring systems and operations for recoverability, then turned our attention to the reason we all thought House of Brick was there to begin with.

Decades ago I was part of a team that was on the production end of such a scenario. In my case, it wasn’t a services provider making the statement. Rather, it was a clinical system that refused to recover to the point in time of failure despite our extensive backup/recovery white boarding, what-if scenarios, and peer-reviewed configuration. Prior to the emergency, I pled for a backup/recovery trial, but my request was denied.

These days we’re making similar statements, and we’re making them a lot more frequently, when addressing risk in cloud environments. And the risk avoidance behind the statements could be judged to be substantially escalated for clients and their customers and users compared to our team’s historical backup statements.

How can clients evaluate their cloud workloads and determine their risk? The same process used on-prem doesn’t directly translate to the cloud. Do clients have a plan in place with a security export for each cloud they are deployed in? How do they intend to leverage native tooling across their organization and across multiple clouds? With our OpsCompass SaaS solution, clients can quickly gain valuable insights into the state of their cloud workloads, see a clear and concise compliance score, and explore security recommendations for remediating issues uncovered in their cloud accounts. The score is based on industry-standard compliance benchmarks (like CIS and NIST) as well any additional corporate benchmarks added by the client.

To be clear, organizations can get their security coverage score as part of our free trial. In fact, with the right person pushing the buttons, they can get the score without getting on a call with us.

OpsCompass is agnostic to the brands of the security components that you may have in play. The ways the various providers’ tools compare becomes insignificant in a hurry for workload components that have no coverage at all.

While there is a plethora of other benefits to our SaaS solution, I suggest you start here.

Table of Contents

Related Posts