FireMon Cloud Defense
The FireMon Cloud Defense app for Slack helps you automate security operations by enabling you to receive and take action on alerts in Slack. Users set up a connection from the Cloud Defense console and configure specific alerts and actions that are sent to defined Slack channels. The alerts allow the user to take action from Slack with a simple button click. Users can also request, approve, and gain cloud console access using the Authorization Control featureThe Cloud Defense platform automates assessment and remediation procedures of critical cloud security issues. The SaaS-based platform provides clear visibility across multiple accounts, regions, and service providers, and continuously analyzes your infrastructure for misconfigurations and security risks, while providing user with single-click or automated remediations.
Permissions
FireMon Cloud Defense will be able to view:
FireMon Cloud Defense will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
DisruptOps, Inc.
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
4.7 Data Retention and Destruction
Printed materials will be destroyed and made unreadible when no longer required for use. Portable media will be physically destroyed, over-written, or cryptographically shredded when no longer required for use. Customer data stored in online system should be removed when no longer needed for use. Regulated materials must be kept for the minimum retention time required by any regulatory or contractual requirement. Sensitive customer data should be destroyed or deleted as soon as possible when no longer needed for business purposes
Data archiving and removal policy
4.7 Data Retention and Destruction
Printed materials will be destroyed and made unreadible when no longer required for use. Portable media will be physically destroyed, over-written, or cryptographically shredded when no longer required for use. Customer data stored in online system should be removed when no longer needed for use. Regulated materials must be kept for the minimum retention time required by any regulatory or contractual requirement. Sensitive customer data should be destroyed or deleted as soon as possible when no longer needed for business purposes
Data storage policy
7 Policy
DisruptOps categorizes information into four classes: Confidential, Project / Process / Department specific, Internal, and Public.
1. Confidential – The information assets which have high confidentiality value belong to this category. Only a limited set of authorized users shall access these information assets. Examples include business strategy and personnel files.
2. Project / Process / Department specific – The information assets that contain data pertaining to the needs of a specific department, project team, or business process, belong to this category. Such information assets shall be accessible to members of the concerned department, project, or business process only.
3. Internal – The information assets which can be distributed to all employees without restruction but should be not be disseminated outside the organization.
4. Public – The information assets which do not have any confidentiality requirement and / or can be disseminated to the general public belong to this category. Examples include social media posts and information displayed on the website.
Following are the policies for secure handling of information assets of DisruptOps:
1. Handling and labeling of all media shall be according to its indicated classification level. By default all customer identifying information is considered confidential and all development documents, project architectures and plans, and other information directly related to internal operations is considered internal. Labeling is not required when information falls into these categories.
2. Depending on the classification of information, electronic transmission, copying and distribution of copies of such information, shall require prior approval of CISO / CTO / COO / CEO, as applicable.
3. Mailing and/or shipment of confidential information shall require that information be sent through a reputed mail service / courier with proper authentication.
4. Confidential information shall be stored with proper security and / or in safe lockers.
5. Disposition of confidential and Project / Process / Department specific information shall require shredding in the presence of CISO / CTO / COO / CEO / Process In-charge, as applicable.
6. Appropriate access restrictions shall be applied to prevent access from unauthorized personnel.
7. Formal record of the authorized recipients of data shall be maintained.
8. Information processing operations shall ensure the following: that input data is complete, that processing is properly completed, and that output validation is applied.
9. Storage of media shall be in accordance with the manufacturers’ specifications.
10. All copies of media shall be clearly marked for the attention of the authorized recipient.
11. Distribution of data shall be based on “need to know” and “need to use” principles.
12. Distribution lists and lists of authorized recipients shall be reviewed at regular intervals.
Data center location(s)
United States
Data hosting details
Cloud hosted in AWS
Data hosting company
AWS
App/service has sub-processors
no
Certifications & compliance
Data deletion request procedure
When customer is offboarded or requests, we delete all of their application data.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Single Sign On (SSO) with the following providers
SAML in general. Have users using Okta
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
support@disruptops.com
Has a vulnerability disclosure program
no
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
no
Third party services used by this app
Intercom, TrackJS
Uses token rotation
no