Secure State Architectural Overview

This document is written to give readers an understanding of CloudHealth Secure State’s security controls with a general overview of the key mechanisms and processes Secure State uses to manage information and provides insight on how Secure State interfaces between the customer and the cloud provider to support the shared responsibility for providing security in a modern cloud computing environment.

Secure State runs on Amazon Web Services (AWS) infrastructure. A user can access Secure State features through the web application, a browser-based dashboard, which provides a user-friendly interface over calls to Secure State public APIs. Users can also access these APIs directly, and Secure State maintains and publishes a comprehensive list of the APIs that allow customers to integrate with the product.

Identity and access management for Secure State is handled through VMware Cloud Services Platform (CSP). Customers must provide IAM credentials for each cloud account they want to connect to Secure State. The credentials are required for Secure State to collect the data needed to operate the service. To follow least-privilege principles, all credentials must be configured with read-only access. When onboarded through the Secure State web application, each credential is associated to a cloud account.

The findings module then searches the data for findings by querying the databases and storing the results in Elastisearch. When findings are generated, the customer can optionally create alerts and integrate them with several third-party services like Slack, Email, or Splunk. Secure State also offers a unique approach to remediating findings, allowing customers to configure automated remediation actions across AWS and Azure cloud environments. This feature is governed by the cloud permissions control policy, which enables the customer to manage and remediate misconfigurations, while providing Secure State read-only access (least privileges) to their cloud accounts. Secure State acts as the control plane for any configured remediation actions, and sends event triggers to one or more remediation worker groups, which can run remediation workers on physical or virtual servers. The worker group is deployed and managed by the customer in their environment. All connections between Secure State and the worker groups are encrypted.