A catalog of pre-built building blocks to quickly design security
oak9's Security Blueprints are security architectures that are developed using our Security as Code framework. You get a catalog of pre-built Security Blueprints that cover all of the cloud-native capabilities in your application and security best practices you want to follow to help you jump start your security design & architecture practice. oak9's Blueprints are:
Customizable and Extensible
These Blueprints incorporate industry best practices defined by organizations like NIST, Cloud Security Alliance, OWASP, AWS, Azure, GCP and more. They also provide support for a variety of compliance and regulatory frameworks including HIPAA, HITRUST, PCI, ISO, GDPR, US state regulations around PII and more.
For every change to your infrastructure as code, or deployed cloud environment, oak9 dynamically applies your tailored Security Blueprints to assess the change against your security and compliance requirements. The Blueprint Security as Code takes as input attributes of your business use-case, your compliance and regulatory needs, the security best practices you want to follow and details of your application architecture, to dynamically determine:
What security requirments apply
Where do they apply across the application architecture
What is the level of rigor at which these requirements must be met at to meet your security standards and compliance needs
What is the risk if the requirements are not met
oak9's validation engine can then assess your applicaiton architecture against the blueprint to provide developers with actionable, achievable and tailored guidance that helps them quickly remdiate these issues.
Types of Blueprints
Oak9 has defined two types of blueprints:
Reference- These are security architectures or design patterns that can be defined once and reused across many different solution architectures.
Component- These are security architectures for a specific technology component either defined by oak9 or you. Component Blueprints are similar to Reference Blueprints but focus on a single or tightly coupled technology components, and hence do not incorporate interactions across components.