David Angus
Stax on Stax
05 Jun 2020

Rule Bundles: Making It Easier to Manage AWS Risk with Stax

Last month we rolled out a major update to our Risk Management feature: Rule Bundles. This update radically changed how we display Rules, and how users can apply them to their AWS resources. Here’s a bit more about what we changed, and why.

Rules are the core elements of our Risk Management feature, allowing teams to track their alignment to internal policies for working in AWS. Organizations use Rules to build a unique set of compliance checks, each tracking an important aspect of their risk and security posture. Teams use Rules to continuously improve their infrastructure and build better cloud services.

Rule Bundles streamline managing AWS risk for businesses

We now have more than 200 Rules on the platform, with more added all the time. These Rules track compliance with organizational policies: from enforcing encrypted storage or multi-factor authentication to ensuring S3 Buckets are not Publicly Open. Your organization will have its own particular compliance needs, but we know every Rule matters to someone.

With so many Rules on the platform, we knew we had to guard against confusion or overload. We wanted to make it easy for users to find the Rules they needed, and to add them in a minimal number of steps.

So we decided the next stage for Rules was to build out an organizing framework, and to streamline the process of adding Rules. Rule Bundles allowed us to achieve both goals. Rule Bundles are groups of related Rules, each Bundle focused on a specific outcome. We’re building out Bundles to help customers achieve external frameworks such as the CIS AWS Foundations Benchmark, and also targeting specific AWS technologies like EC2, RDS or S3, so customers can be confident their cloud ecosystem aligns with industry best practice.

Rule Bundles group together Rules targeted to a particular aspect of AWS compliance

Customers can add Bundles to their organization in a few steps. While they’re adding them, they can fine-tune the specific Rules they want included, to further target the checks they wish to apply to their AWS resources.

The feature makes it much easier to monitor only the things you care about in AWS, removing the possibility of “noise”, alerts from Rules that aren’t relevant to you or your teams. With Rule Bundles, you can focus your team’s compliance and quality efforts on the Rules that matter, and more easily adhere to your team’s internal guidelines. Learn more about how the Rules and Rule Bundles features work in our documentation.

For the Stax team, this change to the interface makes it easier for us to add more Rules to the platform while maintaining a positive user experience for our customers. No longer will we be restricted to adding Rules to a long list. We plan to take advantage of this change, so expect plenty of announcements of new Rule Bundles targeting relevant industry standards and an expanded range of AWS services.

This was a major update to one of our core features, so it wasn’t one we made lightly. Early feedback from customers has emphasized how much easier it is to understand now Rules are organized in a logical way. It seems like we made the right call. So we’re looking forward to taking the feature even further, with more Bundles on their way, and continue helping customers to manage their risk.

If Rule Bundles sound like a good fit for your organization, get in touch and we’ll arrange a demo.