Governance, risk, and compliance (GRC) management presents some unique challenges for organizations that deploy a myriad of cloud resources, services, and accounts. Simple misconfigurations in any of these assets can lead to a serious data breach, and compliance issues become even more prevalent as organizations try to inventory and manage assets across multiple cloud platforms and security and auditing tools. Datadog Cloud Security Posture Management (CSPM) enables you to address these gaps in coverage by providing a single place where you can track the compliance posture of your cloud environments, automate evidence collection for audits, and catch misconfigurations that leave your organization vulnerable to attacks.
We’re excited to announce that we’ve expanded our CSPM offering to the Azure platform. Now, you can:
- Get a high-level overview of your Azure environment’s security and compliance posture with tailored reports
- Detect drift from compliance controls for Azure resources
- Correlate findings with other security issues and infrastructure data
Regardless of whether you are running apps in Azure exclusively or leveraging a multi-cloud infrastructure, CSPM offers a complete picture of the state of your resources. And with support for industry-standard frameworks like PCI DSS, SOC 2, GDPR, HIPAA, and CIS, you can easily verify that your cloud and multi-cloud environments follow best practices promoted by the latest compliance and security standards.
Review the compliance posture of Azure resources with curated reports
Datadog’s expert-built security posture dashboard offers a high-level overview of your cloud environments, including Azure. The dashboard also gives you access to compliance reports that are available within minutes of integrating your Azure account with Datadog. These reports are tailored to all of our supported frameworks, enabling you to easily evaluate Azure resources against critical benchmarks. For example, the CIS for Azure report gives you insight into which CIS controls are failing in your environment, along with more details about the misconfigured resources. At the top of the report, you can see a summary of which of these violations require your immediate attention.
This data helps you prioritize the most critical violations and save time on searching for resources that are not compliant, such as those that are potentially accessible to the public internet via methods like SSH or RDP. Restricting access to these methods can protect your resources—and networked devices outside of your Azure environment—from malicious activity and reduce the risk of data breaches.
Detect drift from compliance controls for Azure resources
Datadog CSPM runs over 250 security and compliance rules against your Azure cloud and multi-cloud resources, which enable you to quickly detect when an asset’s configuration deviates from standard compliance controls. For instance, you can spot:
- a key vault that does not consistently rotate passwords, API keys, and other secrets
- a SQL Database instance that allows all ingress traffic
- an App Service web application that does not use the latest version of TLS
When Datadog identifies a violation, it will generate a finding with more information about the associated compliance control, all affected resources, and detailed remediation steps to resolve the issue. CSPM findings also incorporate the infrastructure data that you already collect from Azure via Datadog’s integration, enabling you to contextualize a violation in terms of the affected subscriptions, services, and resource groups. You can review a finding by clicking on a relevant compliance control in any report or by searching for specific Azure resources and compliance controls in the Findings Explorer.
In the example above, Datadog CSPM identified five Azure SQL servers that allowed all traffic to associated database instances, which can result in an attacker accessing and exposing sensitive data. You can mitigate this issue by updating firewall policies to only allow connections from an approved list of authorized IP addresses.
Correlate findings with other security issues and infrastructure data
Datadog CSPM is a part of the Datadog Cloud Security Platform, which identifies and alerts you to unusual or potentially malicious activity in your environment. You can review findings alongside generated security signals in the platform’s Security Explorer, enabling you to trace activity back to a misconfiguration in an Azure resource.
You can also build team dashboards that incorporate security, compliance, and infrastructure data from all of your Azure resources, allowing you to quickly see an issue’s overall impact. Dashboards are shareable, so you can collaborate with other engineering and GRC teams to resolve a compliance violation.
Maintain compliance in your Azure environment
Datadog Cloud Security Posture Management provides critical insight into the compliance status of your Azure environment while leveraging our existing Azure integration to place that information in context. CSPM is also part of the Datadog Cloud Security Platform, which offers a full-stack solution for threat detection, along with workload and application security. Check out our documentation to learn more, or self-enroll to get started—compliance reports are available within minutes of enrolling. If you don’t already have a Datadog account, you can sign up for a free 14-day trial today.
