The single source of truth for cloud governance. Icon
01

The single source of truth for cloud governance.

Concourse manages all control elements—policies, roles, and responsibilities—across the enterprise, providing a system of record for cloud governance, along with a verifiable and auditable database of cloud usage history. Concourse’s powerful combination of a governance engine and a time series database allows enterprises to know and prove their state of compliance at any point in time, current or historical. These data are collected in real time and stored permanently.

A complete system of record for creating, testing, and maintaining enterprise cloud policies as code. Icon
02

A complete system of record for creating, testing, and maintaining enterprise cloud policies as code.

Concourse provides full lifecycle management of policies, including policy development, testing, sandbox runtime testing, version control, and change management.

Policies can be tested against all historical cloud usage to ensure that new and updated policies accomplish their objectives. This will also expose unintended side effects during the development phase that could be disruptive or even catastrophic if released into production. It also does the reverse, allowing users to test infrastructure changes against existing policy.

Concourse maintains an auditable system of record of all versions of policies throughout history, enabling users to definitively prove their state of compliance at any point in time.

The system comes out of the box with a large set of policies. Each one can easily be customized to meet the needs of each specific part of the business, enabling policies to be tuned for each line of business, department, geography, application, or type of data affected.

No-code and low-code tools enable rapid creation and customization of policies. Concourse experts can create sophisticated policies for customers, or customers can develop policies themselves using STRONG™, a powerful policy-as-code development environment.

03

Context-aware enterprise policies.

Enterprises are complex organizations, spanning different business units, geographies, customers, applications, and data repositories. It is rare for one set of policies to meet the needs of every part of the enterprise. Concourse enables enterprises to create multi-tenant environments that reflect the diverse needs of every part of the enterprise. Policies can be established globally, and they can also be created or customized based on the requirements of each group.

With this approach, enterprises can establish policies which are appropriate for each part of the organization and gain a comprehensive understanding of the entire organization’s risk posture, regardless of cloud provider or technology stack. This provides an accurate enterprise-wide view of risk, reduces the likelihood controls are bypassed by end users, and provides reporting that accurately reflects actual cloud usage and compliance.

In contrast, most vendors focus their efforts on proposing standard configurations for specific technology stacks and testing actual configurations against these ideals. This is necessary but far from sufficient for an enterprise cloud governance tool. At Concourse, we start with a very different approach: we enable users to articulate the complexity of the enterprise, specify appropriate behaviors — in terms relevant to the business — for each part of the enterprise, and then establish the appropriate controls and configuration for each technology stack in use. By working top-down, Concourse not only gives enterprises full visibility of their risk posture (now and at any point in history), but also full control and configurability.

Context-aware enterprise policies. Icon
Comprehensive infrastructure-as-code risk analysis. Icon 04

Comprehensive infrastructure-as-code risk analysis.

Visibility of cloud risk requires a thorough analysis of cloud configuration code, such as CloudFormations Templates (CFTs) on Amazon Web Services. Concourse takes this analysis to a new level by doing a full semantic analysis of these infrastructure-as-code files, resolving parameters contained within them and evaluating nested configuration files. This provides far more comprehensive identification of gaps and risks prior to deployment.

Other vendors do a basic static analysis and typically consider only for an individual configuration file in isolation. This allows for only rudimentary assessment of risk. Validation against policies will necessarily have significant gaps, exposing the enterprise to greater risk and potential cost.

Concourse’s preventative protection is easily integrated into the CI/CD pipeline, enabling developers to innovate rapidly, and eliminating the bottleneck of manual security reviews. This is an essential step for enterprise Shift Left implementation. Concourse allows security teams to focus on reviewing policies rather than every application release, eliminating their backlog and freeing them for higher value activities, while ensuring the enterprise is protected.

Automatic anomaly detection and AI-based policy suggestion. Icon
05

Automatic anomaly detection and AI-based policy suggestion.

As Cloud Service Providers rapidly expand their already large set of cloud services, and as more (and more complex) applications move to cloud, it becomes unrealistic to expect staff to identify the complete set of required policies a priori. Concourse’s advanced analytics and artificial intelligence can spot behavior which may indicate previously unknown risks and automate the creation of policy recommendations. Using these technologies brings an additional level of protection to an enterprise’s cloud governance system.

Concourse combines its immutable records of cloud usage and policy with advanced statistical modeling and AI techniques to identify unusual user behavior, data transfer, privilege, network connectivity, and other factors to identify potential risks. Staff can review these and assess where to focus based on risk potential and severity. Policies can be developed to proactively protect against those risks, and workflows initiated to remediate vulnerability. This technology is also central to providing effective governance for applications built on Platformsas-a-Service (PaaS). PaaS is typically a “black box” with limited introspection channels. By automatically comparing current behavior to baselines, risks can be identified and assessed.

06

A single governance pane for multiple clouds.

The future of enterprise cloud is multi-platform. Concourse enables control objectives to be managed across cloud providers while supporting cloud native policy assessment, evaluation, and scanning. Customers specify their policies once, and Concourse applies those policies on customers’ diverse cloud platforms.

This approach delivers consistent protection, without gaps, across all cloud platforms. It enables easier portability across clouds, with the assurance that controls will be implemented as the application moves. And it allows organizations to develop policies once and use them everywhere.

A single governance pane for multiple clouds. Icon

Interested in learning more?

Download our eBook “The Six Steps to Effective Cloud Governance”