Hacker News new | past | comments | ask | show | jobs | submit login

I don't know anything about cloud VMs, but I'm confused about how this is possible. Wouldn't determining whether you are HIPAA complaint depend on auditing all kinds of application details about how information flows through the system and how authentication and authorization are done? How could this be validated statically by looking at cloud VM config? Is Wiz doing some kind of AI magic over your whole codebase?

I am sure I am misunderstanding something, but I'm not sure what.




> I am sure I am misunderstanding something, but I'm not sure what.

You're missing that a lot of "security" is in reality just a bunch of check-boxes for a form that someone asks you to fill out.

The security you need to really think about is outside of those checkboxes, and it seems like Wiz is not for this type of security, but the former.


Exactly


They scan for everything they can and report on that. They don't claim to be able to tell you if you're 100% compliant--they just claim to be able to alert you if some subset of the requirements are out of order.

And that still provides a lot of value to the right customers.


It probably appeals to the kind of businesses that see compliance as a list of checkboxes. Just make sure employees have signed the nda and contract and stuff. Doesn't matter if they are a salesperson and the nda says they can't talk about the product.


HIPAA was an example.

Yes there are other parts to HIPAA than just VM config, but it’s just giving you policies and checks out of the box


They don't only look at the configuration of the VM, they also look inside the data inside the VM.


Cloud configuration can create compliance issues that are distinct from codebase compliance issues




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: