1. Overview

As cloud platforms continue to add new services, it’s becoming more difficult and impractical to ensure the apps running on them are protected. Consider that you might be using multiple cloud platforms, and that you have many separate accounts per platform, such as different accounts per business unit or geography. You could easily have hundreds of combinations of providers, accounts, and regions where cloud native services are deployed.

Cloud Platform Compliance helps you centrally discover all the cloud-native services used in AWS, Azure, and Google Cloud, across all regions and accounts. Cloud Provider Compliance continuously monitors these accounts, detects when new services are added, and reports which services are unprotected. It can help you mitigate risks introduced by rogue deployments, abandoned environments, and environments not protected by Prisma Cloud.

Kubernetes has a rich RBAC model based around the notion of service and cluster roles. This model is fundamental to the secure operation of the entire cluster because these roles control access to resources and services within namespaces and across the cluster. While these service accounts can be manually inspected with kubectl, this manual approach can be difficult to visualize and understand service account scope at scale.

Prisma Cloud Radar provides a discovery and monitoring tool for service accounts. Every service account associated with a resource in a cluster can easily be inspected. For each account, Prisma Cloud shows detailed metadata describing the resources it has access to and the level of access it has to each of them. This visualization makes it easy for security staff to understand role configuration, assess the level of access provided to each service account, and mitigate risks associated