Yandex Security Deck service modules are provided free of charge and on request, and are currently at the Preview stage.
Managing security and risks in the cloud with Yandex Security Deck
A single platform allowing companies to automate key IS processes: controlling employee access rights, ensuring data transparency, and reducing the risk of leaks.
September 25, 2024
10 mins to read
Cloud‑Native Application Protection Platform is a platform for comprehensive protection of cloud infrastructure and applications, combining security mechanisms at all stages, from code development to execution.
Yandex Security Deck is a CNAPP platform that allows you to control the security of cloud resources, data, and applications. It combines tools for access control, transparency and data security, making it possible to automate key information security processes and protect cloud environments in a centralized manner.
The Federal Law of the Russian Federation “On Personal Data.”
The Payment Card Industry Data Security Standard is an international data security standard for organizations that work with payment cards.
The platform combines several security management and risk management tools. The DSPM module identifies sensitive data in the infrastructure, CEM can be used to control user access rights to cloud resources, and the integration of Access Transparency with YandexGPT ensures transparency of the Yandex Cloud platform’s security.
Learn more about the features available on the platform:
| Function | Description |
|---|---|
| Data control | The DSPM (Data Security Posture Management) module finds and classifies confidential data in the cloud, assesses the risks of leaks, and only provides access to components that have successfully passed authorization. |
| Access transparency | Using the Access Transparency module, a company can check the reasons why the provider’s employees have access to infrastructure, e.g., for support engineers to perform additional diagnostics of IT systems, or software updates. The built-in YandexGPT creates summaries about access events for increased transparency. Suspicious sessions are automatically sent for review to the Yandex Cloud security team. |
| Access diagnostics | Cloud Infrastructure Entitlement Management (SIEM), as an access diagnostics module, analyzes and manages user roles and access rights, and also ensures the principle of least privilege. |
| Compliance with IS requirements | Yandex Cloud complies with federal and international standards such as Russian Federal Law 152‑FZ and PCI DSS. Companies can request reports and regulations confirming compliance. |
“Transparency is an important principle of our cloud platform. We regularly publish information about our safety certificates, new tools, and transparently investigate incidents. With Yandex Security Deck, customers can manage the security of their infrastructure transparently and in a centralized manner, and thereby promptly prevent risks.”
