The Leader in Cloud Infrastructure Entitlement Management (CIEM)

Telecom

Engagement Highlights - QA

  1. Created cloud compliance automated solutions.
  2. Developed new cloud compliance benchmark recommendations.
  3. Testing of the complex front-end web application.
CloudKnox logo

CloudKnox Introduction

CloudKnox delivers a single platform for managing the entire identity privilege lifecycle across a hybrid cloud utilizing a revolutionary activity-based authorization model. This groundbreaking approach offers a non-intrusive way to manage identity privileges and protect organizations’ critical infrastructure from malicious and accidental credential abuse.

In July 2021, CloudKnox was acquired by Microsoft.

Challenges & Goals

Neova team was tasked to perform Development and QA activities as below.

  1. Develop new compliance recommendations for AWS, Azure, and GCP.
  2. Existing bug fixes.
  3. Automated solution for Cloud Compliance recommendations for AWS, Azure, and GCP for CIS, PCI DSS, and NIST benchmarks.
  4. CI/CD Integration.

Solutions

After getting a clear understanding of the requirements of the end user, the following automation testing and development scripts were implemented:

  1. Cloud Compliance Automation-

CloudKnox monitors cloud environments for threat events and also validates configurations against the controls established as best practices in the CIS, PCI & SOC 2 Benchmarks for different clouds.

Our Automation solution included creating a framework from scratch & updating all the possible configurations of AWS/Azure/GCP to validate against all the Benchmark recommendations. Implementations were done using AWS/Azure and GCP’s Java SDKs, Cloud-specific CLI & REST API as applicable.

Event Generation – Our Automation solution included Cloud Formation & scripting activities in the cloud as if an end user would use the cloud. This involved interacting with major services from AWS/Azure/GCP services with internal & external resources. Examples of these services include:

a. AWS: S3, EC2, Lambda, IAM, Kinesis, CloudTrail, Amazon Guard Duty, CloudWatch, SNS, SQS, Config, VPC & Glacier. Implementations were done using AWS Java SDK & AWS CLI.

b. Azure: Azure Kubernetes Service (AKS), Key Vault, Security Center, Storage, Virtual Network, Azure DNS, SQL Database, Cosmos DB, Identity, Compute, Batch. Implementations were done using Java Azure SDK, REST API & CLI’s.

c. GCP: Compute, Storage, Cloud SQL, Cloud Bigtable, Virtual Private Cloud (VPC), Cloud IAM, Cloud Security Scanner, Kubernetes Engine, Cloud DNS, Monitoring, Cloud Dataflow. Implementations were done using Google-cloud-SDK & CLIs.

2. New Recommendations Development –

a. Neova team came up with new versions of compliance recommendations and developed them to have more enhanced security for the end users which included recommendations from CIS, PCI-DSS, NIST, and Trends Micro benchmarks.

b. Neova team also helped in the development of the already existing backlog of new recommendations.

c. The existing backlog of bug fixes and development was also owned and delivered by the Neova team.

3. CI & DevOps – We achieved Continuous Integration and testing of various activities via pipelined jobs using Jenkins.