Continuous compliance

Watch for drift, notify, and remediate.

Turbot Team
3 min. read - May 06, 2020
Watch for drift, notify, and remediate.

You have tens to thousands of cloud accounts, in one more many clouds including AWS, Azure, and GCP. Every day, engineers make changes to infrastructure resources. How do you know that everything is configured per best practices and stays in compliance with your security standards and controls?

Turbot Pipes provides a single pane to query and report on the state of your cloud infrastructure, and to share reports with your teams. But it's not enough to just report problems and notify in realtime when things go wrong. You need to remediate, and do so without writing unmanageable custom scripts.

Guardrails delivers robust, realtime automation that not only alerts on policy violations but also takes the necessary actions on your behalf. Use it to prevent, detect, and repair misconfiguration across your entire enterprise cloud environment. Turbot's policy-based controls adapt to the complexity and scale of your operations.

Let's explore some of the ways Turbot can revolutionize how you manage compliance.

Enforce cloud guardrails

Experience robust cloud governance with Turbot's intelligent guardrails. Our context-aware, realtime system keeps your multi-cloud environments secure, efficient, and continuously compliant.

Automatically correct runtime drift

Turbot not only detects and reports changes to your cloud resources as they occur, it automatically remediates misconfiguration to ensure you are always in compliance.

Automatally correct deployment drift

Turbot also manages the IaC state of your resources, and corrects configuration drift in the stacks that Turbot deploys. Any changes to the underlying resources trigger its Configured control which reapplies configuration according to policy. This proactive drift correction ensures continuous alignment with the desired state of your deployments, and maintains compliance with initial configuration at runtime.

Preventative and Boundary Control Management

Preventative guardrail controls restrict actions based on factors such as service, region, configuration, privileged access, and budget. This robust layer of zero-trust protection, enforced for identities and access policies, strengthens your overall cloud governance.

Resource hierarchy

Turbot's Cloud Policy Engine structures resources in a hierarchical manner, enabling policies set at higher levels to automatically flow down and apply to lower levels. This hierarchical approach simplifies policy management, and ensures consistent enforcement as resources are introduced into the hierarchy.

Realtime policy calculations

As Turbot monitors changes, it evaluates them against defined policies. When an AWS S3 bucket is created, for example, Turbot immediately evaluates the change and decides on the appropriate action. If a policy says the bucket should have been encrypted but wasn't, Turbot will encrypt the bucket in a matter of seconds. This realtime detection and remediation, working across resource types, ensures that you're always compliant and secure.

Intelligent context-driven policy engine

The Cloud Policy Engine uses dynamic context to make intelligent compliance decisions. It considers a variety of policy factors: a resource's position in the hierarchy, the actor who initiated the change, the nature of the resource, the nature of a change, compliance impact, risk level, and more. All these variables feed into Guardrails' policy calculations, enabling realtime, context-based reasoning to determine why 'resource X' necessitates 'action Y' based on a specific change.

Dynamic and context-based exceptions

For complex enterprise cloud environments, advanced exception management can enforce requirements without jeopardizing compliance across the board. Turbot supports both permanent and time-limited policy exceptions, providing adaptability to shifting requirements or time-sensitive scenarios. With dynamic exceptions, your guardrails can automatically adjust based on nuanced rules in unique circumstances. Tune them to strike the right balance between control and adaptability across your cloud environments.

Get started with Turbot Guardrails

Be always compliant with Turbot Guardrails' intelligent automation of the management of your multi-cloud resources. Are you ready to ensure continuous compliance without the overhead? Connect with us to discuss your use cases and discover how Turbot can make it happen.