Getting started with Yandex Security Deck

Security Deck offers tools for data security and compliance with regulatory requirements and industry standards.

Getting startedGetting started

To get started with Security Deck in Yandex Cloud:

1. Log in to the management console. If not signed up yet, navigate to the management console and follow the instructions.
2. In Yandex Cloud Billing, make sure you have a billing account linked and its status is ACTIVE or TRIAL_ACTIVE. If you do not have a billing account yet, create one.
3. If you do not have a folder yet, create one.

Security Deck is comprised of the following modules: Access Transparency, Data Security Posture Management (DSPM), Cloud Infrastructure Entitlement Management (CIEM), and Compliance Portal.

To connect any of these modules, go to the Security Deck interface and click Connect next to the module description. You will then be able to learn more about the tool's features and terms of use.

Configuring Security DeckConfiguring Security Deck

The resources of Yandex Security Deck modules are located in folders. From the list of available folders, you need to select a folder to store the Yandex Security Deck resource modules in.

To get started, assign roles required to work with Security Deck.

Access TransparencyAccess Transparency

Access Transparency is an automated tool you can use to view the analytical data about Yandex Cloud engineers' actions with the organization's resources – whether during maintenance, request processing, or when addressing security issues.

The tool ensures transparency of operations and control over the actions of Yandex Cloud engineers: their action logs are automatically analyzed by a specially trained YandexGPT-based model, and issues, if any, can be escalated to have the session checked by a Yandex Cloud information security specialist.

For more information, see Access Transparency.

Data Security Posture Management (DSPM)Data Security Posture Management (DSPM)

Data Security Posture Management or DSPM is a tool that helps to quickly detect sensitive information stored in Yandex Object Storage buckets for timely action to protect it from unauthorized access or leaks. For more information, see Data Security Posture Management (DSPM).

To get started with the DSPM module, follow the guides on how to create a data source and to create a scan for the bucket information.

Cloud Infrastructure Entitlement Management (CIEM)Cloud Infrastructure Entitlement Management (CIEM)

Security Deck Cloud Infrastructure Entitlement Management is a tool that provides a centralized view of the full list of accesses to the organization's resources available to the subjects: users, service accounts, user groups, system groups, and public groups. The tool also makes it easy to revoke accesses from subjects. For more information, see Cloud Infrastructure Entitlement Management (CIEM).

To get started with the CIEM module, follow the guide for viewing and revoking accesses.

Compliance PortalCompliance Portal

Security Deck Compliance Portal contains all the required documents, reports, guides, and additional information about the Yandex Cloud security system.

Here you can download public documents or request documents containing confidential data, if available.

For more information, see Compliance Portal.

Required rolesRequired roles

To work with Security Deck, assign the user the required roles for each module. The list of required roles may depend on your organization's security policies.

What's nextWhat's next

• Learn how to scan buckets for sensitive information in Security Deck.
• Learn how to view a subject's access list in Security Deck.
• Learn about the required access permissions to work with Security Deck.