Every quarter, we host a webinar to share everything that’s new with Enclave and Gridiron.
In case you missed it, you can watch a recording of our October webinar below. You can also grab the transcript and the slide deck in our resources section. And, we provide a full recap of the event in this post.
October 2017 Quarterly Product Update Webinar
Achieving ISO 27001 Certification
In September, we earned our ISO 27001 certification, covering both Enclave and Gridiron.
ISO 27001 is a cross-industry, international standard of security. It prescribes security controls for use across an organization, not just technical safeguards. Becoming ISO 27001 helps communicate your commitment to security to customers and auditors.
Aptible’s ISO 27001 certification is great news for our customers. You can use our certificate to show that your cloud infrastructure meets international standards of security.
As an aside: we used Gridiron to help us achieve our ISO 27001 certification. Don’t hesitate to let us know if you’d like to discuss attaining your own cert. We built Gridiron to make the process of meeting organization-wide security and compliance requirements straightforward.
Enclave: Easier to Audit (and Easier to Use)
This past quarter we released an array of features to make Enclave easier to audit. Of course, we also launched features that make it easier to use Enclave.
Sneak Preview: Managed HIDS
In the coming weeks, you’ll hear more about Enclave Managed Host-level Intrusion Detection System (Managed HIDS). This is an exciting upgrade to the security of your hosts.
With Managed HIDS, the Aptible Security Team collects, monitors, investigates, and responds to security events—such as sudo logins, file integrity changes, rootkit detection—within your infrastructure. Aptible manages the entire process on your behalf, and notifies you of the results.
Managed HIDS provides an additional level of security for your infrastructure, automatically enabled for all Stacks.
Aptible will also offer a weekly digest of Managed HIDS activity. The Enclave Intrusion Detection Report will be available for an additional subscription. It’ll be prepared automatically, so you can provide customers and auditors evidence that your Stack is monitored for host-level intrusions.
Other Audit-Ready Enclave Features
We added SSH Session Logging so you can capture SSH session activity. This is important: auditors and customers will want to ensure access to your prod data is audited. In particular, this is often a requirement for HITRUST.
Activity Reports enables you to review every operation within your Stack, attributed to individual users. Your auditors will want confirmation that you are monitoring for suspicious activity.
Making Enclave Easier to Use
Part of making Enclave the best place to deploy regulated and sensitive projects is ensuring that it we are making it as easy as possible to use and deploy to Enclave.
This quarter, we released the following improvements:
- New documentation
- Self-Service Environment Creation
- Endpoint Management via the CLI
- Cross-Environment Database Backups
- Automatic, Configurable Maintenance Pages (when your app is scaled to zero)
- CPU Metrics for troubleshooting sluggish apps
- Support for PostgreSQL 10 and Redis 4.0
Gridiron: Enhancing your Information Security Management System
Gridiron is the easiest and fastest way to create and manage your information security management system (ISMS).
This quarter, we focused on:
- Helping you to achieve certifications (such as ISO 27001, SOC 2) and pass customer audits with new reporting
- Managing and auditing internal compliance obligations, including your agreements with customers and vendors
- Updating the Gridiron Risk Model
Improved Audit and Certification Prep with Gridiron Reports
We launched a collection of reports designed to meet audit requirements. By using Gridiron, these reports will be automatically prepared so you can share with your auditors (and use for internal audits), shortcutting the audit process.
Training History shows all security and compliance training activity. Asset Inventory contains all details about assets covered in your ISMS. Business Continuity allows you to implement and execute on business continuity plans faster. And, the Audit Log Report shows details about all audit logs captured for each part of your ISMS.
Other Gridiron Enhancements
- Customer and Vendor Management - meet audit (such as ISO 27001) requirements by creating an index of all legal and regulatory requirements you’re bound to by agreements with customers and vendors.
- ISMS Asset Management - track all information security assets, such as networks, devices, and third-party systems.
- Gridiron Risk Model - perform deep risk analysis across all aspects of your internal ISMS
There’s much more about all the changes to Enclave and Gridiron in the webinar recording.
Register for January 2018 Aptible Product Update Webinar
We’ll host our next product update webinar January 25, 2018 at 11 a.m. PT (2 p.m. ET).
All registrants will receive a webinar recap and recording shortly after the conclusion of the webinar.