It’s great that you link to resources for entering access and secret keys without giving keys to the kingdom, but I’d love it if you’re were more explicit.
Hey! We’ll need read-only access to get started.
If you don’t know how, here’s some guides to help you.
A service like this is built on trust and that kind of direct transparency and guidance will help build that into your brand right from the beginning. Even if it’s at the cost of conversion.
There's a lot of text on that homepage. The most important reason you need to stick in my head is why it's scary NOT to do this regularly and (ideally) automatically. It's too hard to find the info that tells me I can't do this myself...that I need help.
Thanks so much for the feedback! You're absolutely right that this kind of service requires a large amount of trust upfront. One of the ways I'm trying to do that is by being completely transparent about how the data is being used, what is being scanned, etc. I guess one downside of that is too much text. I'll definitely try to slim down the home page and move some of it to different pages a altogether.
Well, one way to do it would be link to your open-sourced code on github (or wherever). Of course, that makes commercializing the product a bit tougher. One general approach is value-added or "freemium" services, though: the nice UI dashboard is not free.
Definitely agree. There is a link to the GitHub on the homepage (under the sign up section "Looking for the open-source repository? Here's the GitHub link.") But if anyone is curious, here is the direct link: https://github.com/cloudsploit/scans
Excellent reply, sorry I'm so blind. But, maybe this is also just the same question of too much text -- tighten up the copy. At any rate, my apologies for missing it the first time through.
No worries! You're certainly not the first person to mention too much text. It's something I'll definitely be fixing soon. I have zero UI/UX experience (all my work is backend) so this has been a learning project for me. Thanks again for taking time to check it out!
Founder here :) Soliciting any and all feedback! We're still in beta and getting lots of helpful feedback from our users. If you would like an invite, either add your email on the pre-registration page, or email me at matt@cloudsploit.com and I'll get one to you ASAP. Thanks!
One of the things I'm trying to do with CloudSploit is improve security for AWS users overall, without locking out users who can't afford expensive plans. For that reason, I've made CloudSploit free to use, and even open source so that anyone can download and run it. My hope is that by engaging the community, they will contribute back, making the service better for everyone. I've actually had a number of users email me and submit pull requests for updates or new scan types.
Now "being open source and low cost" isn't really a direct competitive advantage or a feature. To be completely transparent, CloudSploit is something I just started a few weeks ago, so CloudCheckr is most likely more feature complete at the moment. However, I'm trying to add more features ASAP that will focus on training users to use AWS security features correctly, receive alerts when specific conditions are triggered, and really dive into each resource within the account.
There's a lot of text on that homepage. The most important reason you need to stick in my head is why it's scary NOT to do this regularly and (ideally) automatically. It's too hard to find the info that tells me I can't do this myself...that I need help.