Flatt Security, a respected developer of security solutions, is excited to announce a significant enhancement to its Shisho Cloud product. The latest update introduces fine-grained permission controls and project-focused scopes for the Shisho Cloud security posture dashboards. This new feature enables organizations to have a more controlled and project-specific approach to managing their cloud security, bridging the gap between security and engineering teams.
Overview
Traditionally, this task has been primarily handled by a limited number of engineers and security teams, including Product Security Incident Response Teams (PSIRT) and Computer Security Incident Response Teams (CSIRT). However, with the growing reliance on public cloud resources, engineering teams have been expanding rapidly, contributing significantly to the organization's cloud assets and infrastructure. This growth has led to an imbalance and isolation of scope between the security and engineering teams, resulting in added complexity and increased security management costs.
Shisho Cloud's new feature allows your security team to delegate visibility and control over cloud-related risks to your engineering teams through Shisho Cloud projects. These projects are designed to address the challenges of isolation and imbalance by improving communication and situational awareness between your security and engineering teams. Each team can now have its own dedicated visibility within Shisho Cloud projects tailored to their specific cloud resources.
Getting Started
Try it with Shisho Cloud for free
Shisho Cloud offers a free trial program so you can experience for yourself how it works for your teams. The program has provided a practical insight for the cloud security posture management of many tech organizations. Any number of engineers can join the program during the trial period, and an almost unlimited† scope of cloud resources can be integrated to Shisho Cloud for your trial.
Anyone can join the free trial program at https://shisho.dev to explore how project-based security posture management and team-specific visibility can contribute to advancing your organization's cloud security in a unified manner.
Try it with an existing Shisho Cloud organization
Set Up Users with Project Permission Controls
First, be sure to follow our documentation to set up your Shisho Cloud organzation to associate and start scanning external resources like your AWS, Google, or GitHub resources. Then you will be ready to start delegating permissions to your users for viewing dashboards, security risk findings, and remediation guidance.
Now let's set up a Shisho Cloud project to group scanned resources for delegation to the users that you invite:
Add a new project and give it a name that is meaningful to you, and optionally add a description.
Add resources to your project that you want to delegate to your users. The resources are the associated external cloud resources from your third-party providers, like AWS, Google, and GitHub. What you are delegating is access to interact with the resulting security risk findings discovered by Shisho Cloud security scans.
Add users to this project and select their role.
The "Viewer" role will allow users to simply view dashboards, reports, and remediation steps for security risks related to the resources you added to this project. The "Triager" role allows the same Viewer access, plus it adds permissions to acknowledge, comment, and accept security finds.
If some users have not yet been invited to your Shisho Cloud organization, you can also conveniently invite from here in this step.
Review your users and their roles. As an added convenience, you can also monitor their invitation status from here as a one-stop location to manage your project permissions and users. As they accept their invitations, they will immediately have access to your Shisho Cloud organization's project, and nothing else you do not delegate or provide access with other permissions.
That's it! You've delegated permissions for the latest security risks related to your organization's public cloud assets, and shared your Cyber Security Posture Management with your users!
What Your Users Can Do with Project Permissions
Now that you've delegated permissions to your users, and after they have accepted any pending invitations, they will have access to key Shisho Cloud features for sharing in your organization's Cyber Security Posture Management at a glance with the unified dashboard.
Shisho Cloud provides insightful reports on teams’ cloud security posture, with enhanced guidance on risks and remediation steps. Your users will have immediate access to effective and relevant education materials to stay informed and take action for their unique cloud security posture needs via the findings view.
The project users can start to immediately review each finding for assessing its risks on their own and in coordination with security teams. Automated notifications can further help keep your teams aware of the most urgent issues and receive status updates. Shisho Cloud also enhances communication between your teams via a triage feature that can track when actions are applied to individual findings, who was last to review, with any comments they wanted to make.
Key Benefits
Key Benefits of Shisho Cloud's Permission Control Feature:
- Enhanced Collaboration: Foster better collaboration and information sharing between security and engineering teams, ensuring everyone is on the same page when it comes to cloud security.
- Customized Visibility: Empower different teams to have their own dedicated dashboards within Shisho Cloud projects, focusing on their unique set of cloud resources, and enabling them to make informed decisions.
- Streamlined Security Posture Management: Simplify the management of your organization's public cloud security posture by aligning the efforts of your security and engineering teams.
“Democratization is a key for successful cloud security posture management because it covers too wide an area for a single team”, says Takashi, CTO of Flatt Security. In the survey Flatt Security conducted against 41 organizations, half saw the limitation of cloud security talents as a problem.
With Shisho Cloud's new permission controls, you can take a proactive approach to security management, reduce costs, and enhance your organization's overall cloud security posture. Don't let imbalances in your teams hinder your cloud security efforts; empower them with Shisho Cloud.