Getting started with Yandex Security Deck
Security Deck offers tools for data security and compliance with regulatory requirements and industry standards.
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Getting started
To get started with Security Deck in Yandex Cloud:
- Log in to the management console. If not signed up yet, navigate to the management console and follow the on-screen instructions.
- In Yandex Cloud Billing, make sure you have a billing account linked and its status is
ACTIVEorTRIAL_ACTIVE. If you do not have a billing account yet, create one. - If you do not have a folder yet, create one.
Security Deck includes the following modules: Access Transparency, Data Security Posture Management (DSPM), Cloud Infrastructure Entitlement Management (CIEM), and Compliance Portal.
To connect any of these modules, go to the Security Deck interface and click Connect next to the module description. You will then be able to learn more about the tool's features and terms of use.
Configuring Security Deck
The resources of Yandex Security Deck modules are located in folders. From the list of available folders, you need to select a folder to store the Yandex Security Deck resource modules in.
To get started, assign roles required to work with Security Deck.
Access Transparency
Access Transparency is an automated tool you can use to view analytical data about actions by Yandex Cloud engineers involving the organization's resources, whether when processing requests, addressing security issues, or during maintenance.
The tool ensures operations are transparent and provides control over actions by Yandex Cloud engineers: a specially trained YandexGPT-based model automatically analyzes their action logs and escalates issues, if any, so that a Yandex Cloud information security specialist can check the session.
To connect and use Access Transparency, your organization must be linked to a billing account. Follow this guide to link your organization to a billing account.
Once your organization links a billing account, select it in the Access Transparency module. This can only be done by a user with the billing.accounts.owner role.
To learn more, see Access Transparency.
Data Security Posture Management (DSPM)
Data Security Posture Management, or DSPM, helps you quickly detect sensitive information stored in Yandex Object Storage buckets for timely action to protect it from unauthorized access or leaks. To learn more, see Data Security Posture Management (DSPM).
To get started with the DSPM module, follow the guides on how to create a data source and a scan for bucket information.
Cloud Infrastructure Entitlement Management (CIEM)
Security Deck Cloud Infrastructure Entitlement Management provides a centralized view of the full list of accesses to the organization's resources available to subjects: users, service accounts, user groups, system groups, and public groups. The tool also makes it easy to revoke accesses from subjects. To learn more, see Cloud Infrastructure Entitlement Management (CIEM).
To get started with the CIEM module, follow the guides for viewing and revoking accesses.
Required roles
To work with Security Deck, assign the required roles to the user for each module. The list of required roles may depend on your organization's security policies.
| Module | Service setup role | User role |
|---|---|---|
| Access Transparency | access-transparency.admin for organization |
access-transparency.viewer for organization |
| Data Security Posture Management (DSPM) | dspm.admin for individual resource |
dspm.inspector for organization |
| Cloud Infrastructure Entitlement Management (CIEM) | organization-manager-viewer for organization |
organization-manager-viewer for organization |
What's next
- Learn how to scan buckets for sensitive information in Security Deck.
- Learn how to view a subject's access list in Security Deck.
- Learn about the required access permissions to work with Security Deck.