9 min read

Strengthening Cloud Security with Hava Security Diagrams

May 1, 2023

Strengthing Cloud Security with Hava Security Diagrams

There's no question organizations need robust cloud infrastructure and security management tools to ensure their data and resources remain secure.

Your security team absolutely needs to be across all the work being deployed on your cloud accounts including new resources as they are added and changes to settings and/or permissions.

Hava.io is a cutting-edge web-based application that generates cloud infrastructure and security diagrams automatically, simplifying the process of visualizing and managing complex cloud environments.

This article will discuss the advantages of using Hava security diagrams for IT teams, specifically for presenting organisation infrastructure to security teams, and highlight the benefits for different stakeholders, including Project Managers, C-Suite executives, Cloud Architects, and CTOs.

What are The Advantages of Hava Security Diagrams for IT Teams?

1. Visualization of resources and security configuration: Hava's security diagrams provide a clear and concise visual representation of all resources running in a VPC and their associated security groups. By displaying open ports and protocol details, IT teams can easily understand how traffic enters and exits the resources, making it easier to identify potential vulnerabilities.

2. Identification of potential security vulnerabilities: Hava security diagrams help IT teams detect potential security risks such as open ports that may permit unauthorized access to sensitive databases or other user data. By providing a clear view of security configurations, IT teams can proactively mitigate these risks before they escalate into serious security incidents.

3. Streamlined collaboration: Hava's security diagrams facilitate effective communication between IT and security teams. By using a visual representation of the infrastructure, IT teams can easily convey complex information, enabling security teams to quickly understand the current state of the environment and provide valuable feedback and recommendations.

What Are The Benefits of Hava Security Diagrams for Stakeholders?

There are a ton of benefits of having self updating security diagrams on hand whenever you need them. They can help stakeholders right across your organisation like:

a) Project Managers: Hava security diagrams enable Project Managers to monitor cloud infrastructure and security configurations throughout the project lifecycle. This visibility ensures that projects remain secure and compliant with organizational and industry best practices. Additionally, the diagrams help Project Managers effectively communicate project progress and potential risks to stakeholders, ensuring alignment and timely decision-making.

b) C-Suite executives: For C-Suite executives, Hava security diagrams provide a high-level overview of the organization's cloud infrastructure and security posture. The diagrams enable executives to understand the state of the infrastructure, make informed decisions regarding resource allocation, and assess the effectiveness of security measures in place. This ultimately contributes to better risk management and overall organizational resilience.

c) Cloud Architects: Hava security diagrams empower Cloud Architects to design, implement, and optimize cloud infrastructure with a security-first mindset. The diagrams provide insights into the security groups and their configurations, making it easier for architects to identify gaps in the security posture and implement appropriate controls. Furthermore, the diagrams serve as a valuable reference for designing future infrastructure and security improvements.

d) CTOs: As technology leaders, CTOs must maintain an up-to-date understanding of the organization's cloud infrastructure and security landscape. Hava security diagrams provide CTOs with a comprehensive view of the current state of their infrastructure, making it easier to prioritize security initiatives and allocate resources effectively. In addition, the diagrams facilitate informed decision-making and enable CTOs to communicate the organization's security posture to other executives and stakeholders.

How can you notify your security team when things change?

Modern cloud based IT is typically fast paced. IT teams are on a mission to continuously develop and deploy new features at a frenetic pace.

Keeping the security team across all the changes can sometimes be a challenge, especially if you have multiple teams developing multiple projects or if you manage cloud infrastructure for dozens or hundreds of managed service clients.

Notifying security when things change is another challenge, however because we're all about automation, as you would expect, we have a solution.

Architectural Monitoring is built into Hava. You can set up alerts so that when changes are detected or an entirely new service is deployed, Hava will send a notification to as many nominated people as you care to add. This of course can (and should) include your security team.

All the alert recipients receive an email with a diff diagram showing the changed environment and what has been added or removed.

Once set up there is no manual intervention required. Hava scans for changes in the background and when detected it generates new interactive infrastructure and security diagrams, send any alerts and then places the superseded diagrams into version history so you have an audit trail of changes made over time.

What do Hava Security Diagrams Look Like?

Here is a run through of Hava Security Diagrams and the other visualisations your IT and cloud security team can leverage.



When you look at the standard infrastructure view built by Hava, you get to see your network gateways and the availability zones, VPC's and subnets that are present and the connections between the gateways and individual resources.

The above security group diagram comes at the infrastructure configuration from another angle. The diagram lays out all the discovered security groups and overlays the ports and traffic ingress / egress details that traverse the VPC.

AWS Diagram of Security Groups

Whether you are freshly qualified security graduate or a battle scarred senior security consultant, the ability to immediately see all your ports, traffic and potential vulnerabilities on one diagram is incredibly useful. 

When you view the Hava AWS security diagram, at a glance, you can see whether the security has been configured in line with your cloud security architect's intentions and that nothing has been missed or left vulnerable.

On the above 'demo' AWS environment you can immediately see port 443 is wide open.

On this AWS security architecture diagram, you can see all of your security groups stacked on top of each other.  These security group rows are interactive.  If you can see an open port and want to know what resources are governed by the security group, all you need to do is click on the group and the attribute information pane to the right of the diagram changes to display that information.


If you select the "Demo-Internal-Servers" security group on the above diagram for instance, the attribute pane metadata on the right habd side changes. Now we can see specific details about the group like:

  • Region
  • Ingress Ports and IP addresses
  • Egress Ports and IP addresses
  • Connected resources EC2 instances / Network Interfaces / Load Balancers
  • Tags

Most of these resources in the attribute pane are also 'selectable', so you can drill into each resource from the security attribute pane should you need to, without leaving the security group view diagram. There's no need to flip flop between consoles and the diagram to find out what is going on.

If you are responsible for cloud security group frameworks as part of a cloud security solutions offering or are a cloud security consultant or engineer, you can probably see how much time you could save adding Hava's security view diagrams to your engineering tool set.


As with AWS, when you connect your Microsoft Azure account(s) to Hava, for each virtual network discovered you will auto generate a diagram like this:


Each Azure security group is represented by the large blue rectangle and the connected destinations shown horizontally. Traffic and rules are represented with arrows with the green and red horizontal arrows displaying inbound and outbound rules, ports, protocols and source/destination and the vertical arrows showing traffic between  different sources and destinations.

With a Network Security Group selected on the diagram the attribute pane to the side of the diagram will show :

  • NSG Name
  • Region
  • Provisioning State
  • Inbound Rules
  • Outbound Rules
  • Connected Network Interfaces
  • Connected Subnets

If you are not familiar with Hava, it is an application that allows you to connect a cloud data source, like an Azure, GCP or AWS account and once connected Hava will scan your cloud config, discover VPCs, virtual networks or container workloads and build an interactive diagram set detailing the resources and security groups discovered.

All automated and hands free - no need for any drag and drop or manual diagramming.

Then once a diagram is generated, Hava continuously polls your configuration looking for changes. Once detected a change will trigger a new diagram set (both infrastructure and security), all hands free, no need to log in or trigger a sync manually.


The superseded diagrams are placed in version history and can be interrogated during an audit or for easier troubleshooting by pulling up older versions of your network and comparing them to the current diagram.

Everything on the diagram is interactive, if you select a resource like an EC2 instance, the attribute pane to the right of the diagram will display all the known metadata related to the instance.


This gives you everything in your VPC on one diagram with the ability to inspect settings and the security stance without having to swap between cloud consoles to dig deeper into what is running and how it is configured.


Hava security diagrams play a critical role in ensuring the effective management and security of cloud infrastructure. By providing a clear and concise visual representation of resources and their associated security configurations, Hava empowers IT teams and various stakeholders to understand, monitor, and optimize their cloud environments.

Implementing Hava security diagrams as a cornerstone of your organization's cloud management strategy will contribute to improved security posture, risk management, and overall organizational resilience.

Hava is available as a SaaS online solution or you can host an entirely isolated instance of Hava on your own cloud infrastructure so it sits behind your own security protocols should your security or governance policies dictate.


You can take Hava for a completely free 14 day trial (no cc required) using the button below. Or you can get in touch to organise a one-on-one demo or to start the conversation about self-hosted.

Topics: aws security azure
Team Hava

Written by Team Hava

The Hava content team