BMC Helix Cloud Security has room for improvement in terms of integrating its various features. It currently consists of separate point solutions that don't flow together as seamlessly as they could. This lack of integration, unlike platforms like ServiceNow, may be due to historical factors. Enhancing this integration would make it a more compelling choice from a business perspective and offer a smoother user experience. In the next release of BMC Helix Cloud Security, I would like to see additional features, particularly AI integration, which has already been announced. AI integration could bring more precision to the platform, making it even more interesting and effective.
Portfolio Manager/ Helix Administrator at Frontier Communications
Real User
Top 20
2023-07-31T17:26:03Z
Jul 31, 2023
I want the role-based security feature to be improved. We can provide group security, but we have to go in and individually configure the roles for other features.
I think its TOA interfaces are still not that comfortable. The UI could be more user-friendly, easier to use. Now, the technical guys don't have that much time. When I'm using it on the cloud it takes a lot of time to use it manually on all the tools and to keep track of everything that's going on in the infrastructure. So if the UI interface was much better configured, it would be easier for us to take care of our devices. Also, all the vulnerabilities should be listed out in one code telling me that out of the 100 worker nodes that I have with my organization right now, 50 are impacted with this particular vulnerability. This is one implementation that they need to do. Additionally, it could be made more visible which integrating and ticketing tools are available. It could be better integrated.
An area for improvement is that we get a lot of questions about creating customized policies in the tool. You get several out-of-the-box policies that you can delete and upload, but I would like to see them improve the understanding of how to write those policies; maybe a Help wizard. There should be a clearer understanding of how to write security policies to scan against. Also, we've had some issues with connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go. We've also helped identify bugs here and there, which only makes the tool better.
The biggest challenge now, which is a good problem to have, with BMC Helix is content. There are some foundational regulatory bodies and controls that are well known in the industry. There is this defense information systems agency with big content, which is very popular out there with the regulator and government environment. You have PCI controls. You also have CIS which provides a great community and paid service for controls and operating systems applications. There is a big need that we're feeling in the industry from VVL systems to help customers take their organizational policy and marry it with a lot of their regulatory controls in the industry to come up with their own set of policies that are important for them. Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated. BMC Helix Cloud Security has a variety of connectors, not only connecting to public cloud providers, but also connecting to other types of resources, such as Docker and Kubernetes, for applying security assessment at scale to other technologies. I would like to see BMC release additional connectors for industry technologies that keep popping up as technology evolves at a rapid pace. That's the part that I would like to see them keep with their momentum going forward.
BMC Helix Cloud Security is a SaaS tool designed to help organizations reduce compliance and security lapses resulting from next-gen container and cloud technologies. The solution offers a fully transparent, user-friendly view of all compliance data gathered throughout container resources, cloud, and data centers. BMC Helix Cloud Security can be used to insert compliance inquiries precisely in DevOps workflows for immediate assessment in relation to critical “go, no-go” conclusions...
BMC Helix Cloud Security has room for improvement in terms of integrating its various features. It currently consists of separate point solutions that don't flow together as seamlessly as they could. This lack of integration, unlike platforms like ServiceNow, may be due to historical factors. Enhancing this integration would make it a more compelling choice from a business perspective and offer a smoother user experience. In the next release of BMC Helix Cloud Security, I would like to see additional features, particularly AI integration, which has already been announced. AI integration could bring more precision to the platform, making it even more interesting and effective.
I want the role-based security feature to be improved. We can provide group security, but we have to go in and individually configure the roles for other features.
I think its TOA interfaces are still not that comfortable. The UI could be more user-friendly, easier to use. Now, the technical guys don't have that much time. When I'm using it on the cloud it takes a lot of time to use it manually on all the tools and to keep track of everything that's going on in the infrastructure. So if the UI interface was much better configured, it would be easier for us to take care of our devices. Also, all the vulnerabilities should be listed out in one code telling me that out of the 100 worker nodes that I have with my organization right now, 50 are impacted with this particular vulnerability. This is one implementation that they need to do. Additionally, it could be made more visible which integrating and ticketing tools are available. It could be better integrated.
An area for improvement is that we get a lot of questions about creating customized policies in the tool. You get several out-of-the-box policies that you can delete and upload, but I would like to see them improve the understanding of how to write those policies; maybe a Help wizard. There should be a clearer understanding of how to write security policies to scan against. Also, we've had some issues with connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go. We've also helped identify bugs here and there, which only makes the tool better.
The biggest challenge now, which is a good problem to have, with BMC Helix is content. There are some foundational regulatory bodies and controls that are well known in the industry. There is this defense information systems agency with big content, which is very popular out there with the regulator and government environment. You have PCI controls. You also have CIS which provides a great community and paid service for controls and operating systems applications. There is a big need that we're feeling in the industry from VVL systems to help customers take their organizational policy and marry it with a lot of their regulatory controls in the industry to come up with their own set of policies that are important for them. Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated. BMC Helix Cloud Security has a variety of connectors, not only connecting to public cloud providers, but also connecting to other types of resources, such as Docker and Kubernetes, for applying security assessment at scale to other technologies. I would like to see BMC release additional connectors for industry technologies that keep popping up as technology evolves at a rapid pace. That's the part that I would like to see them keep with their momentum going forward.