Private early release Invite-only while we onboard design partners. Interested? Get in touch.
Troposphere
Sign in Request access
Pillar · Governance

Is it compliant?

Define guardrails as policy and evaluate them continuously across every connected resource. Surface every policy violation in one prioritised feed — with severity, the rule that broke, and a fix.

Read the docs
All features 01 Cost 02 Access 03 Governance
Policies

Guardrails, designed visually. Evaluated continuously.

Every rule in your security playbook, configured in the visual designer — from closing port 22 to capping admins, requiring encryption at rest, or restricting SKUs. Or reach into the policy-pack library — PCI, HIPAA, SOC 2, CIS, and the frameworks your auditor actually asks about. Troposphere evaluates every rule on every scan, across every connected resource. What you wrote is what runs.

  • Visual designer — no YAML, no DSL
  • Policy packs for the frameworks you answer to
  • Every rule, every connection, every scan
  • Severity and remediation on each policy
54
Total Policies
8
Compliance Packs

Policy packs

PCI DSS

28 rules

Active

HIPAA

35 rules

Active

CIS Benchmarks

43 rules

Active

SOC 2

22 rules

Active

Open Violations by Severity

Critical (2)
High (7)
Medium (8)
Low (4)

Active insights

Public storage account

storage-prod
Critical

Risky number of admins

prod-platform
High

Encryption at rest disabled

data-warehouse
Medium

Port 22 open to 0.0.0.0/0

web-services
Medium
Insights

One feed, ranked by what hurts.

Risky admin counts, public storage accounts, unencrypted volumes, failed pack checks — every policy violation, surfaced in one ranked feed. Each row carries a severity, the rule that broke, and the resource that triggered it.

  • Security, access, and compliance findings in one feed
  • Linked to the rule and the resource that triggered it
  • Remediation guidance on every finding, not just alarms
Alerts

Every violation, on the record.

Every policy violation creates an alert — classified by severity, linked back to the resource that triggered it, and persisted indefinitely. Auditors get a paper trail; engineers get a queue to work through.

  • Severity classified — Critical, High, Medium, Low, Info
  • Linked to the resource and the policy
  • Persisted for audits and reviews
  • Filter by severity, policy, or connection

Severity breakdown

Last 7 days
Critical
3
High
9
Medium
14
Low
22
Info
41
Who it's for

Governance that holds, without stopping the work.

Security & GRC

Stop shipping IAM code. Author policies in the visual designer, enable the packs that match your framework, tune severity — then let continuous evaluation do the watching.

Platform & SRE

Catch the misconfiguration in a scan, not a post-mortem. Public storage, open SSH, unencrypted volumes — flagged the moment they land.

Compliance & Audit

Audit readiness as a running process. Every violation timestamped, severity-classified, and persisted — not reconstructed from Slack threads at quarter-end.

See governance on your own cloud.

Connect a read-only credential and you're live in under five minutes.

Talk to us