Getting started with Yandex Security Deck
Security Deck offers tools for data security and compliance with regulatory requirements and industry standards.
Note
This feature is in the Preview stage. To get access, contact tech support
Getting started
To get started with Security Deck in Yandex Cloud:
- Log in to the management console
. If not signed up yet, navigate to the management console and follow the instructions. - In Yandex Cloud Billing
, make sure you have a billing account linked and its status isACTIVE
orTRIAL_ACTIVE
. If you do not have a billing account yet, create one. - If you do not have a folder yet, create one.
Security Deck is comprised of the following modules: Access Transparency, Data Security Posture Management (DSPM), Cloud Infrastructure Entitlement Management (CIEM), and Compliance Portal.
To connect any of these modules, go to the Security Deck interface
Configuring Security Deck
The resources of Yandex Security Deck modules are located in folders. From the list of available folders, you need to select a folder to store the Yandex Security Deck resource modules in.
To get started, assign roles required to work with Security Deck.
Access Transparency
Access Transparency
The tool ensures transparency of operations and control over the actions of Yandex Cloud engineers: their action logs are automatically analyzed by a specially trained YandexGPT-based model, and issues, if any, can be escalated to have the session checked by a Yandex Cloud information security specialist.
To connect and use Access Transparency, your organization must be linked to a billing account. Follow this guide to link your organization to a billing account.
Once your organization has it linked, select the billing account in the Access Transparencybilling.accounts.owner
role.
For more information, see Access Transparency.
Data Security Posture Management (DSPM)
Data Security Posture Management or DSPM
To get started with the DSPM module, follow the guides on how to create a data source and to create a scan for the bucket information.
Cloud Infrastructure Entitlement Management (CIEM)
Security Deck Cloud Infrastructure Entitlement Management
To get started with the CIEM module, follow the guide for viewing and revoking accesses.
Compliance Portal
Security Deck Compliance Portal
Here you can download public documents or request documents containing confidential data, if available.
For more information, see Compliance Portal.
Required roles
To work with Security Deck, assign the user the required roles for each module. The list of required roles may depend on your organization's security policies.
Module | Service setup role | User role |
---|---|---|
Access Transparency | access-transparency.admin for organization |
access-transparency.viewer for organization |
Data Security Posture Management (DSPM) | dspm.admin for individual resource |
dspm.inspector for organization |
Cloud Infrastructure Entitlement Management (CIEM) | organization-manager-viewer for organization |
organization-manager-viewer for organization |
What's next
- Learn how to scan buckets for sensitive information in Security Deck.
- Learn how to view a subject's access list in Security Deck.
- Learn about the required access permissions to work with Security Deck.