We’re pleased to announce that Orca Security now supports AI-generated Azure policies to prevent future cloud security risks and enforce security standards across Azure cloud environments. Orca customers can now leverage GenAI to create business rules for Azure resources in one click, accelerating remediation efforts and the implementation of policy-based guardrails. 

This latest release builds on the expanding capabilities of Orca’s AI-Driven Cloud Security solution, which streamlines and automates critical tasks for security, DevOps, and development teams. 

What is Azure Policy and why is it important?

Azure Policy is a configuration management service that helps organizations enhance the security of their Azure infrastructure. Teams can create and enforce customizable policies that ensure Azure resources adhere to specific rules, such as only deploying for approved regions, enforcing the consistent use of resource tags, and more. While the service helps organizations enhance their security and compliance efforts, many organizations lack the institutional expertise, capacity, and time to leverage Azure Policy effectively. 

Orca’s latest update solves these challenges by streamlining policy creation and compensating for skill and talent shortages.

What are the benefits of the new enhancement? 

Orca’s new feature for AI-generated Azure policies provides three important benefits.

#1. Accelerated remediation 

Resolving existing policy errors—not to mention creating new policies—is a time-intensive process that involves working with the function, parameters, logical operators, conditions, and aliases of policies in JSON format, a technical programming language. For organizations without deep institutional knowledge of JSON or Azure Policy, this can prove challenging and the result may not match desired expectations. 

Orca’s AI-generated Azure Policy feature fills an immediate gap in your team’s resource, capacity, and skill requirements. Using the feature, security teams can better understand their Azure Policy definitions and initiatives and what they contain. In one click, they can automatically generate detailed remediation steps, commands, and guidance for fixing issues with existing policies. The feature offers on-demand resolutions for a full range of policy risks in Azure resources, helping even the most under-resourced teams expedite their response and hygiene activities.

A screenshot of Orca’s AI-Driven Remediation generating suggested remediation steps for Azure Policy
Orca’s AI-Driven Remediation generates suggested remediation steps for Azure Policy in seconds

#2: Automated guardrail creation 

Due to resource shortages or other circumstances, many security teams are forced to take a reactive approach to securing their cloud infrastructure. This includes spending considerable time addressing multiple instances of the same risk, rather than resolving the problem at the source, such as a flawed Infrastructure-as-Code (IaC) template. Due to talent or know-how constraints, these teams often can’t introduce the preventative measures that result in downstream time savings. 

Orca’s AI-generated Azure Policy feature gives security teams the ability to take a proactive and tailored approach to fortifying their security posture. For example, teams can choose to stop risky builds if an Azure resource doesn’t comply with a policy initiative, or allow the build to proceed with a prompt notifying the developer. Orca’s AI-generated Azure Policy tool accelerates the process of creating these guardrail policies without extensive experience or expertise using the service. 

#3: AI-driven support for policy creation

As mentioned previously, JSON can prove challenging to use for teams lacking fluency in the programming language. And with the extensive flexibility of Azure Policy, the biggest challenges for most teams are knowing where to start and how to structure a policy effectively. 

Orca’s AI-generated Azure Policy feature solves both challenges. Using the feature’s query field, teams can prompt the AI tool to customize newly generated policies to suit their needs. For example, they can submit requests to modify the scope of the policy or change any of its conditions, commands, or other elements to reflect desired outcomes. Additionally, teams can also use this query field to better understand newly generated code. Both use cases enable teams to maximize their productivity without possessing significant Azure Policy expertise. 

A screenshot of Orca’s dialog field allowing users to submit prompts or questions in plain language to customize or better understand newly generated policies
Orca’s dialog field allows you to submit prompts or questions in plain language to customize or better understand newly generated policies

About the Orca Platform 

The Orca Cloud Security Platform identifies, prioritizes, and remediates security risks and compliance issues across the multi-cloud environments of AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud, and Alibaba Cloud. Orca offers an agentless-first approach powered by its patented SideScanning™ Technology, which provides full coverage and comprehensive risk detection of your cloud estate. 

Orca detects all types of security risks, including vulnerabilities, misconfigurations, API risks, malware, sensitive data risks, AI risks, overly permissive identities, and more. Unlike other solutions that require agents or loosely integrate multiple point solutions, Orca delivers comprehensive cloud security in a unified platform. 

Learn More 

Interested in seeing Orca’s AI-Driven Security solution in action? Book a personalized 1:1 demo with one of our experts and we’ll show you how Orca can enhance your team’s performance and capacity.