CMD proudly partners with Cloud Conformity to provide security, compliance and governance scaffolding for our cloud environments. Recently, Cloud Conformity spoke with our CTO Adam Durbin about the CMD partnership. The case study is reproduced below.

Introduction

CMD Solutions is a professional services and cloud consulting company that focuses on the design of hybrid cloud solutions that are secure, scalable and efficient. CMD specializes in DevSecOps transformations. Based in Sydney, Australia, their team of AWS certified consultants are well versed in IRAP, APRA and PCI-DSS compliance standards.

The challenge

CMD needed a continuous security monitoring tool that would help their team identify baseline security controls for their clients, while remaining consistent and up to date with evolving security best practices. Agility and responsiveness to the market was key for CMD. Being an AWS Premier Consulting Partner, it was important for their tool of choice to measure against the five pillars of the AWS Well-Architected Framework and common industry compliance standards. As CMD’s clients move through a DevSecOps transformation and add services during migration, real-time visibility into their evolving cloud infrastructure is critical to ongoing support and assessments.

Requirements

• Save time conducting comprehensive AWS Well-Architected and industry compliance reviews on customer’s public cloud infrastructure.
• Leverage data-driven reports to provide recommendations and actionable tasks for customers to remediate security and operational risks.
• Improve customers visibility into their cloud environments to encourage greater ownership of day-to-day infrastructure responsibilities.

Solution

• Automate scans of customer environments against 520-plus security and compliance rules.
• Access to step-by-step remediation guidance for fast resolution of security and compliance risks.
• Continuous assurance for real-time insights into the health of their environment.

Key Benefits

• Improved productivity and relationships with clients Added new Managed Service feature to portfolio.
• Increased business value by providing greater infrastructure insight and granular results.

The solution

CMD uses the Cloud Conformity platform with 520-plus rules mapped against the five pillars of the AWS Well-Architected Framework and industry compliance standards to assess their customer’s public cloud environments. With every rule violation, remediation steps are offered via both the AWS console and CLI.

Cloud Conformity’s approach to cloud security, compliance and governance is well aligned with CMD’s expertise in professional consulting services that focus on DevSecOps transformations.

“Its allowed us to provide visibility to our customers that we’re configuring their infrastructure correctly.”

Adam Durbin, CTO

Direct results

A NEW MANAGED SERVICE: CMD has leveraged Cloud Conformity’s extensive reporting feature to create a new upselling service for their managed service arm. Their monthly reviews, based on findings by the Cloud Conformity platform, enable their clients to set a higher bar for security and DevOps as new initiatives are set.

GREATER VISIBILITY, ENGAGED CLIENTS: Cloud Conformity provides CMD’s clients with greater visibility into their cloud infrastructure. By using a third party audit, CMD are able to present clients unbiased assurance results and maintain a consistently productive relationship as updates and implementations take place.

TIME SAVED ON COMPLIANCE REVIEWS: Using Cloud Conformity, CMD is able to run a single infrastructure security review, which covers several compliance standards. Time saved in the discovery process allows more time to focus on growth opportunities, without compromising on the critical regulatory standards their clients are held to.

Results

CMD’s partnership with Cloud Conformity allowed them to create a new managed service arm, provides greater visibility and trust between them and their clients, and enables them to maintain their aim for designing secure, scalable, and efficient cloud solutions and enabling DevSecOps transformations.