Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Security Deck
    • Overview
  • Pricing policy

In this article:

  • Getting started
  • Configuring Security Deck
  • Access Transparency
  • Data Security Posture Management (DSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Required roles
  • What's next
  1. Getting started
  2. Overview

Getting started with Yandex Security Deck

Written by
Yandex Cloud
Updated at May 12, 2025
  • Getting started
  • Configuring Security Deck
  • Access Transparency
  • Data Security Posture Management (DSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Required roles
  • What's next

Security Deck offers tools for data security and compliance with regulatory requirements and industry standards.

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Getting startedGetting started

To get started with Security Deck in Yandex Cloud:

  1. Log in to the management console. If you have not signed up yet, navigate to the management console and follow the on-screen instructions.
  2. In Yandex Cloud Billing, make sure you have a billing account linked and its status is ACTIVE or TRIAL_ACTIVE. If you do not have a billing account yet, create one.
  3. If you do not have a folder yet, create one.

Security Deck includes the following modules: Access Transparency, Data Security Posture Management (DSPM), Cloud Infrastructure Entitlement Management (CIEM), and Compliance Portal.

To connect any of these modules, go to the Security Deck interface and click Connect next to the module description. You will then be able to learn more about the tool's features and terms of use.

Configuring Security DeckConfiguring Security Deck

The resources of Yandex Security Deck modules are located in folders. From the list of available folders, you need to select a folder to store the Yandex Security Deck resource modules in.

To get started, assign roles required to work with Security Deck.

Access TransparencyAccess Transparency

Access Transparency is an automated tool you can use to view analytical data about actions by Yandex Cloud engineers involving the organization's resources, whether when processing requests, addressing security issues, or during maintenance.

The tool ensures operations are transparent and provides control over actions by Yandex Cloud engineers: a specially trained YandexGPT-based model automatically analyzes their action logs and escalates issues, if any, so that a Yandex Cloud information security specialist can check the session.

To connect and use Access Transparency, your organization must be linked to a billing account. Follow this guide to link your organization to a billing account.

Once your organization links a billing account, select it in the Access Transparency module. This can only be done by a user with the billing.accounts.owner role.

To learn more, see Access Transparency.

Data Security Posture Management (DSPM)Data Security Posture Management (DSPM)

Data Security Posture Management, or DSPM, helps you quickly detect sensitive information stored in Yandex Object Storage buckets for timely action to protect it from unauthorized access or leaks. To learn more, see Data Security Posture Management (DSPM).

To get started with the DSPM module, follow the guides on how to create a data source and a scan for bucket information.

Cloud Infrastructure Entitlement Management (CIEM)Cloud Infrastructure Entitlement Management (CIEM)

Security Deck Cloud Infrastructure Entitlement Management provides a centralized view of the full list of accesses to the organization's resources available to subjects: users, service accounts, user groups, system groups, and public groups. The tool also makes it easy to revoke accesses from subjects. To learn more, see Cloud Infrastructure Entitlement Management (CIEM).

To get started with the CIEM module, follow the guides for viewing and revoking accesses.

Required rolesRequired roles

To work with Security Deck, assign the required roles to the user for each module. The list of required roles may depend on your organization's security policies.

Module Service setup role User role
Access Transparency access-transparency.admin for organization access-transparency.viewer for organization
Data Security Posture Management (DSPM) dspm.admin for individual resource dspm.inspector for organization
Cloud Infrastructure Entitlement Management (CIEM) organization-manager-viewer for organization organization-manager-viewer for organization

What's nextWhat's next

  • Learn how to scan buckets for sensitive information in Security Deck.
  • Learn how to view a subject's access list in Security Deck.
  • Learn about the required access permissions to work with Security Deck.

Was the article helpful?

Next
All tutorials
Yandex project
© 2025 Yandex.Cloud LLC