Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Trend Cloud One™

Conformity Knowledge Base

Cloud One - Conformity provides real-time monitoring and auto-remediation for the security, compliance and governance of your cloud infrastructure. Leaving you to grow and scale your business with confidence with over 1000 automated best practice checks.

Knowledge Base

Along with better visibility, compliance and faster remediation for your cloud infrastructure, Conformity also has a growing public library of 1000+ cloud infrastructure configuration best practices for your AWS™, Microsoft® Azure, Alibaba Cloud and Google Cloud™ environments. Providing simple, step-by-step resolutions to rectify any security vulnerabilities, performance, cost inefficiencies, and reliability risks. This catalogue of cloud guardrails is a core part of Conformity which automatically monitors and auto-remediates cloud infrastructure.

Please note: Alibaba Cloud is currently available only in Trend Vision One™ and not in Trend Cloud One™ – Conformity.

Below are the cloud, services and their associated best practice rules with clear instructions on how to perform the updates – made either through the console or via the Command Line Interface (CLI).


Service coverage for

AWS

Service coverage for

Azure
  • AI Services

    Azure AI services help developers and organizations rapidly create intelligent, cutting-edge, market-ready, and responsible applications with out-of-the-box and prebuilt and customizable APIs and models.

  • AKS

    Microsoft AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure

  • API Management

    Microsoft Azure API Management is a hybrid, multicloud management platform for APIs across all environments. As a platform-as-a-service, API Management supports the complete API lifecycle.

  • Access Control

    Microsoft Entra ID Access Control (also known as Access Control Service or ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services

  • Microsoft Entra ID

    Microsoft Entra ID provides an identity platform with enhanced security, access management, scalability, and reliability for connecting users with all the apps they need.

  • Activity Log

    The Azure Activity Log provides insight into subscription-level events that have occurred in Azure

  • Advisor

    Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.

  • AppService

    Azure AppService

  • Container Apps

    Run modern apps and microservices using serverless containers.

  • Container Registry

    Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0. Create and maintain Azure container registries to store and manage your container images and related artifacts.

  • CosmosDB

    Microsoft Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.

  • Front Door

    Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe.

  • Azure Functions

    Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

  • KeyVault

    Microsoft Azure Key Vault enables you to securely store and access secrets within your Azure cloud environment

  • Locks

    Microsoft Azure Locks provide a way for administrators to lock down resources to prevent deletion or changing of a resource

  • Machine Learning

    Use an enterprise-grade AI service for the end-to-end machine learning (ML) lifecycle.

  • Monitor

    Monitor your applications and infrastructure

  • MySQL

    Azure Database for MySQL servers

  • Network

    Network

  • Policy

    Policy

  • PostgreSQL

    Azure Database for PostgreSQL servers

  • Recovery Services

    Azure Recovery Services provides multiple backup solutions based on the backup requirement and infrastructure topology

  • Redis Cache

  • Resources

  • Search

  • Defender

    Security posture management for cloud workloads

  • Service Bus

    Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics.

  • Sql

    Azure Database for SQL servers

  • Storage Accounts

    An Azure storage account contains all of your Azure Storage data objects

  • Subscriptions

  • Synapse

    Azure Synapse is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics.

  • Virtual Machines

    VirtualMachines your applications and infrastructure


Service coverage for

  • GCP APIGateway

  • GCP ArtifactRegistry

    Artifact Registry enables you to centrally store artifacts and build dependencies as part of an integrated Google Cloud experience.

  • GCP BigQuery

    BigQuery's serverless architecture lets you use SQL queries to analyze your data. You can store and analyze your data within BigQuery or use BigQuery to assess your data where it lives. To test how it works for yourself, query data—without a credit card—using the BigQuery sandbox.

  • GCP CertificateManager

    Certificate Manager securely stores and deploys certificates to your selected proxies, which lets you provision certificates in advance and helps ensure zero downtime during migrations.

  • GCP API

    Google Cloud APIs are programmatic interfaces to Google Cloud Platform services. They are a key part of Google Cloud Platform, allowing you to easily add the power of everything from computing to networking to storage to machine-learning-based data analysis to your applications.

  • GCP CloudCDN

    Cloud CDN works with the global external Application Load Balancer or the classic Application Load Balancer to deliver content to your users. The external Application Load Balancer provides the frontend IP addresses and ports that receive requests and the backends that respond to the requests.

  • GCP Domain Name System (DNS)

    Cloud DNS offers both public zones and private managed DNS zones. A public zone is visible to the public internet, while a private zone is visible only from one or more Virtual Private Cloud (VPC) networks that you specify.

  • GCP Cloud Function

    Cloud Function is a serverless execution environment for building and connecting cloud services. With Cloud Functions you write simple, single-purpose functions that are attached to events emitted from your cloud infrastructure and services. Your function is triggered when an event being watched is fired, or by an HTTP request.

  • GCP Identity and Access Management (IAM)

    With IAM, you manage access control by defining who (identity) has what access (role) for which resource. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources.

  • GCP Cloud Key Management Service (KMS)

    Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services.

  • GCP Cloud Load Balancing

    A load balancer distributes user traffic across multiple instances of your applications. By spreading the load, load balancing reduces the risk that your applications experience performance issues. Google's Cloud Load Balancing is built on reliable, high-performing technologies such as Maglev, Andromeda, Google Front Ends, and Envoy—the same technologies that power Google's own products.

  • GCP Cloud Logging

    Cloud Logging is a fully managed service that allows you to store, search, analyze, monitor, and alert on logging data and events from Google Cloud and Amazon Web Services. Using BindPlane, you can also collect this data from over 50 common application components, on-premise systems, and hybrid cloud systems.

  • GCP Cloud Pub/Sub Service

    Pub/Sub is an asynchronous and scalable messaging service that decouples services producing messages from services processing those messages.

  • GCP Cloud Run

    Cloud Run is a fully managed platform that enables you to run your code directly on top of Google’s scalable infrastructure. Cloud Run is simple, automated, and designed to make you more productive.

  • GCP Cloud SQL

    Cloud SQL manages your databases so you don't have to, so your business can run without disruption. It automates all your backups, replication, patches, encryption, and storage capacity increases to give your applications the reliability, scalability, and security they need.

  • GCP Cloud Storage

    Cloud Storage's nearline storage provides fast, low-cost, highly durable storage for data accessed less than once a month, reducing the cost of backups and archives while still retaining immediate access. Backup data in Cloud Storage can be used for more than just recovery because all storage classes have ms latency and are accessed through a single API.

  • GCP VPC

    Google Cloud Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, Google Kubernetes Engine (GKE) containers, and serverless workloads. VPC provides networking for your cloud-based services that is global, scalable, and flexible.

  • GCP Compute Engine

    Compute Engine is a computing and hosting service that lets you create and run virtual machines on Google infrastructure, comparable to Amazon EC2 and Azure Virtual Machines. Compute Engine offers scale, performance, and value that lets you easily launch large compute clusters with no up-front investment.

  • GCP Dataproc Service

    Use Dataproc Serverless to run Spark batch workloads without provisioning and managing your own cluster. Specify workload parameters, and then submit the workload to the Dataproc Serverless service. The service will run the workload on a managed compute infrastructure, autoscaling resources as needed. Dataproc Serverless charges apply only to the time when the workload is executing.

  • GCP Google Kubernetes Engine Service

    A GKE cluster has a control plane and machines called nodes. Nodes run the services supporting the containers that make up your workload. The control plane decides what runs on those nodes, including scheduling and scaling. Autopilot mode manages this complexity; you simply deploy and run your apps.

  • GCP IAM

    Identity and Access Management (IAM) lets you create and manage permissions for Google Cloud resources. IAM unifies access control for Google Cloud services into a single system and presents a consistent set of operations.

  • GCP Resource Manager

    Google Cloud provides resource containers such as organizations, folders, and projects that allow you to group and hierarchically organize other Google Cloud resources. This hierarchical organization lets you easily manage common aspects of your resources such as access control and configuration settings. Resource Manager enables you to programmatically manage these resource containers.

  • GCP VPC

    Google Cloud Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, Google Kubernetes Engine (GKE) containers, and serverless workloads. VPC provides networking for your cloud-based services that is global, scalable, and flexible.

  • GCP VertexAI

    Vertex AI combines data engineering, data science, and ML engineering workflows, enabling your teams to collaborate using a common toolset and scale your applications using the benefits of Google Cloud.


Service coverage for

Alibaba Cloud
  • Alibaba Cloud ACK

    A Kubernetes-based service that ensures high efficiency for enterprises by running containerized applications on the cloud

  • Alibaba Cloud ActionTrail

    ActionTrail tracks your Alibaba Cloud account actions and records them as events to facilitate auditing. ActionTrail allows you to deliver these events to the specified Log Service Logstores and Object Storage Service (OSS) buckets. You can also query and download the recorded events. Then, you can perform behavior analysis, security analysis, and compliance auditing and track resource changes based on the events.

  • Alibaba Cloud ECS

    Elastic Compute Service (ECS) is a high-performance, stable, reliable, and scalable IaaS-level service provided by Alibaba Cloud. ECS eliminates the need for upfront investments in IT hardware and allows you to scale computing resources on demand.

  • Alibaba Cloud OSS

    Alibaba Cloud Object Storage Service (OSS) provides industry-leading scalability, durability and performance. Customers of all sizes and industries can use it to store and protect any amount of data for use cases, such as backup and restore, content distribution, data lakes, websites, mobile applications ,data archive and IoT devices.

  • Alibaba Cloud RAM

    Alibaba Cloud Resource Access Management (RAM) is an identity and access control service which enables you to centrally manage your users (including employees, systems or applications) and securely control their access to your resources through permission levels. RAM thereby allows you to securely grant access permissions for Alibaba Cloud resources to only your selected high-privileged users, enterprise personnel and partners.

  • Alibaba Cloud RDS

    ApsaraDB RDS is a stable, reliable, cost-effective, and scalable online database service. ApsaraDB RDS supports most mainstream database engines, including MySQL, SQL Server, PostgreSQL, and MariaDB. ApsaraDB RDS provides a comprehensive portfolio of solutions for disaster recovery, backup, restoration, monitoring, and migration to facilitate database O&M.

  • Alibaba Cloud SLS

    Simple Log Service is a cloud-native observation and analysis platform that provides large-scale, low-cost, and real-time services to process multiple types of data such as logs, metrics, and traces.Simple Log Service allows you to collect, transform, query, analyze, visualize, ship, and consume data.SLS helps enterprises improve their digital capabilities in terms of R&D, O&M, and data security.

  • Alibaba Cloud Security Center

    Security Center is a centralized security management system that dynamically identifies and analyzes security threats, and generates alerts when threats are detected. Security Center provides multiple features to ensure the security of cloud resources and servers in data centers. The features include anti-ransomware, antivirus, web tamper proofing, container image scan, and compliance check.

  • Alibaba Cloud VPC

    VPC helps you build an isolated network environment based on Alibaba Cloud including customizing the IP address range, network segment, route table, and gateway. In addition, you can connect VPC and a traditional IDC through a leased line, VPN, or GRE to provide hybrid cloud services.