Documentation

Welcome to SecureZona SPM! This guide will help you get started with securing your cloud infrastructure and SaaS applications in minutes.

What is SecureZona SPM?

SecureZona SPM (Security Posture Management) is a comprehensive cloud-native security platform that:

• Monitors your cloud infrastructure (AWS, Azure, GCP) and SaaS applications
• Detects security misconfigurations, vulnerabilities, and compliance violations
• Assesses third-party vendor and product security risks
• Reports on compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS)
• Tracks data breaches and attack surface exposure

Quick Start in 5 Steps

Step 1: Create Your Account

• Visit app.securezona.com
• Enter your work email address
• Check your email for a 6-digit login code
• Enter the code to access your dashboard

Step 2: Connect Your First Integration

• Navigate to Integrations in the left sidebar
• Click "Add Integration"
• Choose your platform (AWS, Azure, Okta, Microsoft 365, etc.)
• Follow the setup wizard with step-by-step instructions
• Grant read-only permissions (we never modify your resources)

Step 3: Run Your First Security Scan

• After connecting an integration, click "Run Scan"
• Wait 2-5 minutes for the scan to complete
• View real-time progress in the scan status panel

Step 4: Review Security Findings

• Navigate to Findings to see all detected security issues
• Filter by severity: Critical, High, Medium, Low
• Click on any finding to see detailed remediation guidance
• Mark findings as "In Progress" or "Resolved" as you fix them

Step 5: Generate Compliance Reports

• Navigate to Reports in the left sidebar
• Select a compliance framework (SOC 2, ISO 27001, HIPAA, etc.)
• Generate and download PDF reports for auditors
• Share reports with your compliance team

Key Features Overview

🔍 Security Scanning

• 540+ automated security checks across all integrations
• Real-time detection of misconfigurations and vulnerabilities
• Continuous monitoring with scheduled scans

📊 Risk Scoring

• Normalized 0-100 risk scores for all integrations
• Severity-weighted scoring (Critical: 10x, High: 5x, Medium: 2x, Low: 1x)
• Trend analysis to track security improvements over time

🛡️ Compliance Management

• Pre-built compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS)
• Automated compliance certification discovery
• Framework-specific finding filters and reports

🏢 Vendor Risk Management

• Automated third-party vendor security assessments
• SSL/TLS, DNS, email security, and reputation checks
• CVE vulnerability tracking for vendor products
• Data breach monitoring from multiple sources

👥 Team Collaboration

• Role-based access control (Admin, Security Admin, Auditor, Owner)
• Granular permissions for integrations, vendors, and products
• Audit logs of all user activities

Need Help?

• Documentation: securezona.com/resources/documentation
• Support: support@securezona.com
• Live Chat: Available in the app (bottom right corner)

SecureZona SPM connects to 18 platforms with 540+ security checks. All integrations use read-only access and never modify your resources.

☁️ Cloud Infrastructure (3 Platforms, 235+ Checks)

🔐 Identity & Access Management (3 Platforms, 37+ Checks)

💼 SaaS Applications (7 Platforms, 167+ Checks)

🤖 GenAI Platforms (2 Platforms, 69 Checks)

📊 Monitoring & Observability (1 Platform, 27+ Checks)

🔄 Workflow Automation & Social Media (2 Platforms, 103 Checks)

Integration Summary

Category	Platforms	Total Checks	Avg Setup Time
Cloud Infrastructure	3	235+	10-15 min
Identity & Access	3	37+	5-10 min
SaaS Applications	7	167+	5-15 min
GenAI Platforms	2	69	5-15 min
Monitoring	1	27+	5-10 min
Workflow & Social	2	103	10-15 min
TOTAL	18	540+	5-15 min

Dashboard Overview

The SecureZona SPM dashboard provides a comprehensive view of your security posture across all connected integrations.

Main Dashboard Components

1. Risk Score Overview

• Overall Risk Score (0-100): Normalized score across all integrations
• 0-30: Low Risk (Green)
• 31-60: Medium Risk (Yellow)
• 61-80: High Risk (Orange)
• 81-100: Critical Risk (Red)
• Calculation: Weighted by severity (Critical: 10x, High: 5x, Medium: 2x, Low: 1x)

2. Findings Summary

• Total Findings count
• By Severity: Critical, High, Medium, Low breakdown
• By Status: Open, In Progress, Resolved
• Recent Findings with quick actions

3. Integration Health

• Connected Integrations count
• Last Scan Status for each integration
• Scan Schedule and next scheduled scan times
• Quick Actions: Run scan, view findings, configure

4. Compliance Status

• Framework Coverage: SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS
• Compliance Score: Percentage of passing checks per framework
• Certification Status: Active certifications discovered
• Quick Reports: Generate compliance reports with one click

Managing Findings

Findings are security issues, misconfigurations, or compliance violations detected by SecureZona SPM.

Finding Types

• Configuration Findings: Security misconfigurations, best practice violations
• Vulnerability Findings: CVEs in third-party products, known exploited vulnerabilities
• Exposure Findings: Public cloud resources, open ports, publicly accessible databases
• Compliance Findings: SOC 2 control failures, HIPAA violations, GDPR issues
• Certificate Findings: Expired SSL/TLS certificates, weak cipher suites

Finding Workflow

1. Review Findings: Navigate to Findings page, filter by severity/status/integration
2. Understand the Risk: Read description, review affected resources, check compliance mappings
3. Take Action: Mark as "In Progress", add comments, assign to team member
4. Remediate: Follow remediation steps, make changes in your platform
5. Verify & Resolve: Run new scan to verify the fix
6. Ignore (If Applicable): Click "Ignore Finding" for accepted risks with justification

Understanding Risk Scores

SecureZona SPM uses a normalized 0-100 risk scoring system to quantify your security posture.

Risk Score Calculation

Formula:

• Raw Score = (Critical × 10) + (High × 5) + (Medium × 2) + (Low × 1)
• Normalized Score = 100 × (1 - e^(-Raw Score / 50))

Risk Levels

Risk Score	Risk Level	Meaning
0-30	🟢 Low	Good security posture, minor issues only
31-60	🟡 Medium	Some security gaps, remediation recommended
61-80	🟠 High	Significant security risks, urgent action needed
81-100	🔴 Critical	Severe security risks, immediate action required

Compliance Reports

SecureZona SPM provides automated compliance reporting for major frameworks.

Supported Compliance Frameworks

• SOC 2: Trust Services Criteria (Security, Availability, Confidentiality, Privacy)
• ISO 27001: Information security controls (Annex A)
• HIPAA: Protected Health Information (PHI) security and privacy
• GDPR: Personal data protection and privacy
• PCI-DSS: Cardholder data protection
• NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, Recover
• FedRAMP: Cloud security for federal agencies

Generating Compliance Reports

1. Navigate to Reports → Compliance Reports
2. Choose framework (SOC 2, ISO 27001, HIPAA, etc.)
3. Select report type: Summary, Detailed, or Executive
4. Configure date range, scope, and format (PDF, CSV, JSON)
5. Click Generate Report and download

Team Management

Manage users, roles, and permissions for your organization.

User Roles

• Admin: Full access to all features and settings
• Security Admin: Full access except organization settings
• Auditor: Read-only access for compliance and security teams
• Owner: Limited access to only assigned integrations/vendors/products

Managing Users

Adding Users:

1. Navigate to Settings → Users tab
2. Click "Add User"
3. Enter name, email, and select role
4. For Owner role, assign specific permissions
5. User receives email with login instructions

Account Configuration

Configure organization-wide settings and preferences.

Organization Settings

• Organization Name: Your company name
• Industry: Select your industry (Technology, Healthcare, Finance, etc.)
• Company Size: Number of employees
• Website: Company website URL
• Logo: Upload company logo (displayed in reports)

Email Configuration (SMTP)

Configure custom SMTP server for sending login codes and alerts.

Supported SMTP Providers:

• Gmail (smtp.gmail.com:587)
• Microsoft 365 (smtp.office365.com:587)
• SendGrid (smtp.sendgrid.net:587)
• Amazon SES
• Custom SMTP server

Scan Scheduling

Scan Frequency Options:

• Daily: Run scans every day at specified time
• Weekly: Run scans on specific days of the week
• Monthly: Run scans on specific day of the month
• Manual Only: No automated scans

User Permissions & Roles

Detailed guide to role-based access control (RBAC).

Role Comparison

Feature	Admin	Security Admin	Auditor	Owner
View Findings	✅ All	✅ All	✅ All	⚠️ Assigned Only
Manage Findings	✅	✅	❌	⚠️ Assigned Only
Manage Integrations	✅	✅	❌	❌
Run Scans	✅	✅	❌	⚠️ Assigned Only
Manage Users	✅	❌	❌	❌
Manage Settings	✅	❌	❌	❌

Alert Configuration

Configure email alerts and notifications for security events.

Alert Types

• New Finding Alerts: Immediate alerts for Critical or High severity findings
• Scan Failure Alerts: Immediate notification when integration scan fails
• Compliance Alerts: Daily digest when compliance score drops below threshold
• Vendor Risk Alerts: Immediate alerts when vendor risk score increases
• Data Breach Alerts: Immediate notification of new data breaches affecting vendors
• Certificate Expiration Alerts: Weekly alerts for SSL certificates expiring within 30 days

Configuring Alerts

1. Navigate to Settings → Alerts tab
2. Toggle on/off for each alert type
3. Configure severity threshold (e.g., Critical only, Critical + High)
4. Configure recipients (Default: All Admins and Security Admins, or custom emails)
5. Configure frequency (Immediate, Daily Digest, Weekly Digest)
6. Customize email template and test alerts

Custom Policies

Create custom security policies tailored to your organization's requirements.

What are Custom Policies?

Custom policies allow you to define organization-specific security rules beyond the default 540+ checks. Examples:

• "All S3 buckets must have versioning enabled"
• "All users must have MFA enabled within 7 days of account creation"
• "All databases must be encrypted with customer-managed keys"
• "All public-facing resources must have WAF enabled"

Creating Custom Policies

1. Go to Settings → Policies tab
2. Click "Create Custom Policy"
3. Define policy metadata (name, description, severity, category)
4. Define policy conditions (resource type, condition logic, threshold)
5. Configure actions (create finding, send alert, remediation guidance)
6. Test policy on a test integration
7. Activate policy

Passwordless Authentication

SecureZona SPM uses passwordless authentication for enhanced security and user experience.

How It Works

1. User Enters Email: Navigate to app.securezona.com and enter work email
2. System Generates Login Code: 6-digit code valid for 10 minutes sent to email
3. User Enters Code: Enter 6-digit code in login page
4. Session Created: Session token valid for 7 days

Security Benefits

• ✅ No Password Reuse: Users can't reuse weak passwords
• ✅ No Password Breaches: No passwords to steal or leak
• ✅ Phishing Resistant: Codes expire in 10 minutes
• ✅ No Credential Stuffing: No passwords to brute force
• ✅ Email Verification: Ensures user owns the email address

SOC 2 Compliance Guide

Focus: Trust Services Criteria (Security, Availability, Confidentiality, Privacy, Processing Integrity)

Use Case: SaaS vendors, cloud service providers

Checks: 150+ SOC 2-relevant security checks

Report Includes: Control status, evidence, remediation guidance

Key SOC 2 Controls Covered

• Access controls and authentication (MFA, password policies)
• Encryption at rest and in transit
• Logging and monitoring
• Change management and version control
• Incident response procedures
• Vendor management and third-party risk

ISO 27001 Implementation

Focus: Information security controls (Annex A)

Use Case: Global organizations, enterprise security

Checks: 140+ ISO 27001-relevant security checks

Report Includes: Control implementation status, gaps, recommendations

ISO 27001 Control Domains

• A.9: Access Control
• A.10: Cryptography
• A.12: Operations Security
• A.13: Communications Security
• A.14: System Acquisition, Development and Maintenance
• A.18: Compliance

HIPAA Compliance

Focus: Protected Health Information (PHI) security and privacy

Use Case: Healthcare organizations, health tech companies

Checks: 120+ HIPAA-relevant security checks

Report Includes: Technical safeguards, administrative safeguards, physical safeguards

HIPAA Security Rule Requirements

• Technical Safeguards: Access control, audit controls, integrity, transmission security
• Administrative Safeguards: Security management, workforce security, information access management
• Physical Safeguards: Facility access controls, workstation security, device and media controls

GDPR Data Protection

Focus: Personal data protection and privacy

Use Case: EU operations, global data processing

Checks: 100+ GDPR-relevant security checks

Report Includes: Data protection measures, privacy controls, breach detection

GDPR Key Requirements

• Data protection by design and by default
• Lawful basis for processing personal data
• Data subject rights (access, rectification, erasure)
• Data breach notification (72 hours)
• Data Protection Impact Assessments (DPIA)
• International data transfers

PCI-DSS Requirements

Focus: Cardholder data protection

Use Case: E-commerce, payment processors, merchants

Checks: 110+ PCI-DSS-relevant security checks

Report Includes: Network security, access control, encryption, monitoring

PCI-DSS 12 Requirements

1. Install and maintain firewall configuration
2. Do not use vendor-supplied defaults
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data
5. Protect systems against malware
6. Develop and maintain secure systems
7. Restrict access to cardholder data
8. Identify and authenticate access
9. Restrict physical access to cardholder data
10. Track and monitor network access
11. Regularly test security systems
12. Maintain information security policy

Cloud Security Best Practices

Essential security practices for AWS, Azure, and GCP environments.

Identity & Access Management (IAM)

• ✅ Enable MFA for all users, especially privileged accounts
• ✅ Use least privilege principle - grant minimum permissions needed
• ✅ Rotate access keys every 90 days
• ✅ Use IAM roles instead of access keys for applications
• ✅ Implement strong password policies (12+ characters, complexity)
• ✅ Remove unused users and credentials

Data Protection

• ✅ Enable encryption at rest for all storage (S3, EBS, RDS, etc.)
• ✅ Enable encryption in transit (TLS 1.2+)
• ✅ Use customer-managed keys (CMK) for sensitive data
• ✅ Enable versioning on S3 buckets
• ✅ Configure backup and disaster recovery
• ✅ Implement data classification and tagging

Network Security

• ✅ Use VPC/VNet for network isolation
• ✅ Implement security groups with least privilege
• ✅ Disable public access to databases and storage
• ✅ Enable VPC Flow Logs / NSG Flow Logs
• ✅ Use Web Application Firewall (WAF) for public applications
• ✅ Implement DDoS protection

Logging & Monitoring

• ✅ Enable CloudTrail / Activity Log / Cloud Audit Logs
• ✅ Configure log retention (minimum 90 days)
• ✅ Enable CloudWatch / Azure Monitor / Cloud Monitoring
• ✅ Set up alerts for security events
• ✅ Centralize logs in SIEM or log management platform

SaaS Security Hardening

Best practices for securing SaaS applications like Microsoft 365, Google Workspace, Slack, Salesforce.

Authentication & Access

• ✅ Enforce MFA for all users
• ✅ Implement SSO with SAML 2.0 or OAuth 2.0
• ✅ Configure session timeout policies
• ✅ Restrict access by IP address or location
• ✅ Review and remove inactive users quarterly

Data Loss Prevention (DLP)

• ✅ Enable DLP policies for sensitive data (PII, PHI, PCI)
• ✅ Configure external sharing restrictions
• ✅ Monitor and alert on sensitive data sharing
• ✅ Implement data classification labels
• ✅ Enable audit logging for file access

Third-Party App Management

• ✅ Review and approve all third-party app integrations
• ✅ Audit app permissions regularly
• ✅ Disable unused or risky apps
• ✅ Monitor OAuth grants and API access

Identity & Access Management

Comprehensive IAM best practices across all platforms.

Zero Trust Principles

• ✅ Never trust, always verify
• ✅ Assume breach - limit blast radius
• ✅ Verify explicitly - authenticate and authorize every request
• ✅ Use least privilege access
• ✅ Segment access by role, location, device

Multi-Factor Authentication (MFA)

• ✅ Enforce MFA for all users (no exceptions)
• ✅ Use phishing-resistant MFA (FIDO2, WebAuthn, hardware tokens)
• ✅ Avoid SMS-based MFA (vulnerable to SIM swapping)
• ✅ Implement adaptive MFA based on risk

Privileged Access Management (PAM)

• ✅ Separate privileged accounts from regular accounts
• ✅ Use just-in-time (JIT) access for privileged operations
• ✅ Implement privileged session recording
• ✅ Rotate privileged credentials frequently
• ✅ Monitor and alert on privileged access

Data Protection Strategies

Protect data throughout its lifecycle - at rest, in transit, and in use.

Encryption

• ✅ Encrypt all data at rest (AES-256)
• ✅ Encrypt all data in transit (TLS 1.2+)
• ✅ Use customer-managed encryption keys
• ✅ Implement key rotation policies
• ✅ Protect encryption keys with HSM or key vault

Data Classification

• ✅ Classify data by sensitivity (Public, Internal, Confidential, Restricted)
• ✅ Apply appropriate controls based on classification
• ✅ Tag and label data for automated policy enforcement
• ✅ Implement data retention and disposal policies

Backup & Recovery

• ✅ Implement 3-2-1 backup strategy (3 copies, 2 media types, 1 offsite)
• ✅ Encrypt backups
• ✅ Test backup restoration regularly
• ✅ Implement immutable backups to prevent ransomware
• ✅ Define Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

Incident Response

Prepare for and respond to security incidents effectively.

Incident Response Plan

1. Preparation: Define roles, tools, communication channels
2. Detection & Analysis: Identify and assess the incident
3. Containment: Isolate affected systems to prevent spread
4. Eradication: Remove threat from environment
5. Recovery: Restore systems and services
6. Post-Incident: Document lessons learned and improve

Incident Response Team Roles

• Incident Commander: Overall coordination and decision-making
• Security Analyst: Investigation and analysis
• IT Operations: System containment and recovery
• Communications: Internal and external communications
• Legal/Compliance: Regulatory requirements and legal implications

Incident Response Tools

• ✅ SIEM for log aggregation and analysis
• ✅ EDR/XDR for endpoint detection and response
• ✅ Network traffic analysis tools
• ✅ Forensics tools for evidence collection
• ✅ Communication platform for incident coordination
• ✅ Ticketing system for incident tracking