Automated compliance that auditors and customers will love. From closed-loop remediation to market leading out-of-the-box content, from exception management to audit reports, get a compliance process that fits your enterprise. All of this is ready to go, ready to scale with container-based architecture.
IT compliance not going away, it’s getting bigger. And more dynamic, with cloud- and container-based applications
There’s a lot to comply with, across hundreds of systems, thousands of apps, security benchmarks and regulatory compliance that span rules like CIS, PCI DSS, FISMA, and HIPAA. Now, with short-lived, self-service cloud- and container-based applications in the mix, compliance is getting more dynamic, and increasingly challenging.
While manual, intermittent compliance is an expensive endeavor, brand exposure is also a real risk
Manual, intermittent compliance is an expensive, inefficient process that leaves the door open to further expenses—fines, long audit times, and additional audit costs. Without a modern solution, it’s difficult to keep up with the scale of compliance, a process that is often random, limited to a point-in-time, with no single-view of compliance across the data center. It also means slow, error-prone remediation that leaves long lapses between detection and correction.
Scale of compliance is the biggest problem I have. We are bound by at least 3 different sets of regulations that we must be compliant to, which means at least 3 sets of audits every month. Technology Architect, Telecom, May 2017
Brand exposure is also a real risk—a negative event leads to interruption to business continuity, brand damage, loss of revenue, and market exclusion. Indeed, 2017 has come with high-profile hacks such as Equifax and Ransomware. Not all hacks are complex. Some hacks were relatively simply, exploiting known vulnerabilities or misconfigured systems.
“Fundamentally, integrated, ongoing compliance is part of the solution to data breaches,” says Joe DeBlaquiere, Senior Product Manager for DCA, “one that detects and remediates vulnerabilities and misconfigured infrastructure and applications timely, regardless of what they are, and how they were provisioned.” Joe further adds that running outdated and vulnerable software is a violation of PCI DSS rules.
Fundamentally, integrated, ongoing compliance is part of the solution to data breaches—one that detects and remediates vulnerabilities and misconfigured infrastructure and applications timely, regardless of what they are, and how they were provisioned. Joe DeBlaquiere, Senior Product Manager for DCA
The Micro Focus Data Center Automation (DCA) Suite 2017.08 release offers ongoing, integrated compliance—all in one place
The latest release of the DCA Suite includes the updated container-based compliance micro service with built-in exception management, role-based access control, and high-availability support.
Five things to know about DCA compliance
1. One platform to manage and view compliance across the data center
Automate and manage compliance in one place across heterogeneous physical servers, virtual machines, databases and middleware, including but not limited to Windows, RHEL, Ubuntu, Docker, Oracle, IBM DB2, Microsoft SQL Server, JBoss Application Server, and Internet Information Services (IIS). Through a colorful compliance dashboard, access compliance state across the data center, alongside pre-formatted, easy-to-tailor reports that include compliance job history, compliance status by policy, and service level objective (SLO) conformance.
2. Out-of-the-box (OOTB), market-leading compliance content
Access pre-built compliance benchmarks (e.g. CIS, PCI DSS, FISMA, and HIPAA), compliant deployment templates, and remediation actions. Compliant templates deliver desired compliance—by the time resources are provisioned and configured, they’re already in desired compliance state.
By the time resources are provisioned and configured, they’re already in desired compliance state.
3. Closed-loop remediation with Service Level Objective (SLO) enforcement
Remediate timely, consistently, and correctly. Eliminate scripting, tribal remediation, and lapses in correction. DCA stands out with OOTB remediation actions and SLO enforcement. Restore compliance levels automatically against business objectives and within a defined time period.
4. Ongoing, integrated compliance that’s enterprise-ready
Adopt a compliance process that fits your enterprise. DCA offers ongoing compliance, as part of continuous lifecycle management. It comes with enterprise-ready features that include: role-based access control (RBAC—simplifies security administration and ensures only authorized users access data center resources based on their roles), integrated exception management (a consistent way to document compliance exceptions with approval authorization), and high-availability (embedded PostgreSQL cluster for the DCA database).
5. Container-based architecture that’s ready to go, ready to scale
Because DCA is built on open-source container technology, it’s easy to install, patch, and upgrade. Scale effortlessly and meet higher workloads by simply running multiple, stateless container services, all within a single DCA installation. In the face of a sudden threat, scale out to run compliance scan and remediation across the data center quickly, then scale down when vulnerability is closed.
What else should you know about the 2017.08 DCA Suite release?
DCA offers mixed-mode deployment for existing Server Automation (SA) customers—agent or agentless to facilitate adoption of the container-based compliance micro service. Using an SA agent, DCA discovers SA managed resources, which can all be synchronized with DCA. Agentless, DCA uses orchestration flows (Operations Orchestration) to import resources directly from the data center.
Want to learn more about the DCA Suite? Download the DCA Suite infographic here to read what makes the DCA Suite stand out, the advantages of container-based architecture, and benefits achieved by customers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.