Creating your first project
oak9 automatically collects and analyzes infrastructure code that for any vulnerabilities before you deploy. Creating your project is the first step.
Projects are an application or workload that you want to secure in the cloud.
In modern cloud native architectures there are hundreds of cloud native features and services that are interacting with each other via access policies, events, network communications, etc. These services are often developed by different teams or business units each with their own life cycles. This makes it very difficult to infer boundaries of an application or workload. A project is a flexible way for an organization to help define these often-blurred boundaries and enable oak9 to dynamically apply specific security requirements and standards that the organization is looking to meet.
That said, creating a project is simple, we've created a handy project wizard to help guide you through it!
From the oak9 dashboard, select the projects icon on the left hand side. You'll then select the create project button. You may also select + New Project from the dashboard.
Adding a Project
General Information
Pick a name that would speak to you and to the rest of the team, this is how you will identify this particular application
(optional) You can include a description about this application
Tell us how you application architecture is built and deployed
- Public cloud (i.e. Aws, Azure)
- Deploying to a public cloud environment means the infrastructure and services being utilized are shared broadly
- Hybrid - split across the public cloud and data centers
- These application components are being deployed across a combination of public, private, or on-premise environments.
-
Business Context
For a comprehensive list of compliance and security standards, please see our Compliance Frameworks page linked below. You will need to select which frameworks you require during analysis. If you are unsure or just want security best practices, don't select any framework, oak9 will always suggest best security practices.
Data sensitivity relates to the extent to which access to data should be limited and the potential risk associated with unauthorized access to data. Data can be classified along a spectrum from public to business sensitive.
Is any information that is in the public domain, the unauthorized access to which poses little or no risk. At the other end of the spectrum is business sensitive data, or data that must be strictly protected from access by outside and/or unauthorized parties. An example of sensitive data is Personally Identifiable Information, or PII. PII data permits the identity of an individual to be directly or indirectly discovered and includes home address, social security number, financial or medical records.
Data includes intellectual property, trade secrets, and financial and customer data. If the project created must conform to data protection standards or regulations such as HIPPA, PCI-DSS, or GDPR, refer to those standards to discern the level of sensitivity, and therefore data protection, that must be configured into the project.
As noted, the level of data sensitivity can be chosen for the project by referring to the data protection standard to which the project must conform. Choose public if the data is generally available in the public domain. Choose business sensitive if access to the data must be strictly limited to authorized users, or categories of authorized users. Choose a setting between those two points depending upon the extent to which access to the data should be limited.
Business Impact addresses the Impact that a loss/incident could have on your organization
- The Impact can be financial loss, disruption to business operations or systems, legal, regulatory, reputational, or related to safety
- Select the business impact that would apply if the confidentiality of the platform is compromised_._
High: Catastrophic or significant impact to the business
Medium: Moderate impact to the business
Low: Low impact to the business
Only one impact level can be selected for a project
End Users addresses the type of users that will be interacting with the oak9 platform
- Select the type(s) of end-users.
- Workforce
- Consumers
- Business Partners
Select all end-user types that apply
Click create project, the next screen is where you will create or connect to an existing integration
Create or pick integration
You're ready to learn how to connect to your cloud, repositories, and other avalilable oak9 integrations.
Last modified 4mo ago