Cloud Shield
This feature is in Technical Preview.
Prerequisites
- Terraform version 1.7
- Sysdig Secure SaaS account connected to your cloud.
Overview
Sysdig Cloud Shield is a mechanism for performing in-account or organization operations that Sysdig Agentless functionality provides. Its purpose is to allow highly regulated industries to take advantage of Agentless functionality while still respecting data and regional requirements.
Cloud Shield currently supports an organizational scanning model in which it is deployed into a single account per region. It uses trust relationships to access and scan other accounts within the same AWS organization and regional boundaries.
To understand the use cases and platforms that Sysdig Cloud Shield supports, see Supported Environments.
Key Benefits
- Complete in-region scanning: All operations take place entirely within your own cloud environment using your own infrastructure.
- No sensitive data leaves your environment: Only sanitized metadata like resource metadata, SBOMs, and findings is shared. All sensitive data remains within your cloud account(s).
- Built for compliance: Supports data sovereignty and privacy by ensuring sensitive workload data remains fully under your control.
- Meets data residency requirements: All supported operations are restricted to your specified cloud account and region.
How It Works
- Streamlined Discovery: Sysdig Cloud Shield uses the Sysdig backend to analyze your cloud resources and monitor your environment.
- Local execution: Security analysis runs entirely within your environment. There’s no need to export images, snapshots, or other sensitive data externally.
- Minimal external communication: Sysdig only receives the redacted metadata necessary for visualization not raw data or sensitive artifacts.
Ideal For
- Organizations with data sovereignty mandates or in-region data processing requirements.
- Enterprises with strict internal data governance policies.
- Teams needing full control and visibility over their cloud security operations.
Supported Environments
| Cloud | Availability | Host Scanning | Container Scanning | Cloud Workload Scanning |
|---|---|---|---|---|
 | PREVIEW | ✅ | ❌ | ❌ |
How to Enable Cloud Shield?
To enable this feature in your environment, contact Sysdig Support or your account representative for detailed onboarding steps.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
