Role-based security is a valuable feature. The solution is pretty straightforward.

The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities.

The great thing about Helix Cloud Security is that you can operate it in multiple modes. You can have it as a passive, e.g., I just want to baseline and understand what is happening. This might be Shadow IT or well-versed IT in how you're deploying your cloud services. It provides you with metrics and artifacts to prove that your baseline reflects your policy. 

Developers can still continue to do what developers do, right or wrong. However, you can also progress to be more forward-leaning and defining policies in Helix Cloud Security which are more forceful. E.g., there is an unapproved deployment or somebody makes a change to an Esri bucket that doesn't comply to your policy regulations that you're able to detect and report. Then, going further, you are being more proactive by taking action to snap back to compliance. So, it doesn't change your DevOps model. It enriches it for better visibility, giving you a second set of eyes to ensure that you're not introducing human error where it's against corporate policy.

If you identify a vulnerability, e.g., identify a cloud security vulnerability for which you can automatically raise an incident and a change ticket on the service management platform of your choice, this could be with BMC or a third-party. Then, you can force these remediations to go through your change management process that allows you to document, review, schedule, and effectively approve them for execution. Now, you're not limiting operations from taking action, but you're introducing governance as part of the automation process.

The most valuable aspects of BMC Helix Cloud Security are its security features and regulatory compliance capabilities. It effectively addresses security concerns and aligns with regulatory requirements like GDPR and ISO 27001, which is essential for our needs.

The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box. The dashboard is very user-friendly. Being able to remediate in-tool is valuable. There are a lot of cloud tools out there that can tell you what your vulnerabilities are, but don't necessarily have the ability to remediate with a click of a button.

It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP. That's one of the best features. 

In addition, the solution's automated remediation of cloud IaaS and PaaS resource misconfigurations is one of the biggest things that we need to focus on, as far as public cloud goes. There are a lot of misconceptions out there within companies that are going into the cloud. They think that the cloud provider is responsible for that security piece. There's a misunderstanding of where that line is drawn for security. A lot of companies only understand, once they're in the cloud, that it's their responsibility to ensure the security of their resources. That is where this tool fits in perfectly. You can set it to auto-remediate. As soon as it identifies an issue or a vulnerability within your environment, if you've configured it to auto-remediate, it takes care of that vulnerability and saves that time so you can focus on other things as an organization. And if you don't want to auto-remediate, if you're testing something out, for example, you don't have to.

There's also an archive of the history with a list of all the resources in the cloud environment and how they're connected. It tracks any actions that have been taken on those resources over time. You can go back several months and see how the resources were connected and what they were connected to and any vulnerabilities that were remediated within the tool.

And it gives us the ability to control who can remediate something and where. You have to be an admin. A user or viewer cannot go in and configure remediation. That allows us to see who's doing what because, as I mentioned, there can be vulnerabilities that you don't want automatically remediated. That can be true not only for testing but it's possible that a vulnerability is not a true vulnerability for that environment; or the remediation could affect other users and needs to be planned instead of remediating right then and there.

The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools.