Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

2,247 views

Published on

Governance, risk, and control of technology is critical for the performance of any organization’s assurance management process. In practice, implementation of this is a near impossible task given the constantly evolving regulatory landscape, massive amounts of incoming and outgoing data, and business units working within siloes. However, through automation, IT departments and compliance teams can efficiently support numerous audit demands imposed on organizations within highly regulated industries like Financial Services, Healthcare, and Life Science. AWS will share best practices around infrastructure design, configuration set-up, and monitoring to augment your compliance operating model so that you can easily automate updates and real-time notifications to take human error out of your compliance functions and demonstrate comprehensive governance of your business.

Learning Objectives:
• Learn what an comprehensive governance model looks like
• Learn why it's important for an organization to automate in its 3 lines of defense – operations, compliance, and internal audit
• Learn what AWS services you can enable to

Who Should Attend:
• Technology risk managers, third-party risk managers, compliance officers, information security executives

Published in: Technology
  • Ripley's Believe It Or Not Investigated Him After His 5th Win...(unreal story inside) ♣♣♣ http://t.cn/Airf5UFH
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • This is Amazing! He Won the Lotto Jackpot 7 Times, and Doesn't Mind Revealing His Secrets? ♣♣♣ https://tinyurl.com/t2onem4
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • TEENS ARE LOOKING FOR REAL SEX NEAR YOU! HOOK-UP TONIGHT! ■■■ http://t.cn/AiuW9zn5
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Your opinions matter! get paid BIG $$$ for them! START NOW!!.. ➤➤ https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Automating Compliance Defense in the Cloud - September 2016 Webinar Series

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started with Automating Compliance Defense in the Cloud
  2. 2. What are you going to take-away  AWS Shared Responsibility  Know the cloud governance steps  How to use cloud services to create a persistent state of compliance  Best practices for a strong compliance defense
  3. 3. Poll Question To understand the make up of today’s audience, please select the option that best describes your role.
  4. 4. https://aws.amazon.com/solutions/#industry https://aws.amazon.com/financial-services Regulated, audited, and sensitive data will be better fit to be stored and processed in the cloud.
  5. 5. Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & AccessManagement Operating System, Network & Firewall Configuration Customer content AWS Shared Responsibility You get to define your controls IN the cloud AWS takes care of security OF the cloud aws.amazon.com/compliance/shared-responsibility-model AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations
  6. 6. Tao of Cloud Compliance 1. Partner the cloud tech SMEs and the security/ compliance SMEs 2. Integrate industry standards, independent benchmarking, regulatory requirements 3. Design and Package: Create a master design that meets internal and external requirements 4. Constrain: Enforce deployment to that design 5. Deploy: Mechanize a scalable governance and auditing program
  7. 7. Step 1: Partner the cloud tech SMEs and the security/ compliance SMEs
  8. 8. Customer Governance Model: Permanent Supervision  AWS Best Practices  Industry Standards  AWS Architecture for Standards  Internal & Regulatory Requirements  Service Documentation  AWS Workbooks  AWS Technology Resources Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & AccessManagement Operating System, Network & Firewall Configuration Customer content AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations
  9. 9. Poll Question Within your organization, how closely does your compliance department work with your information technology team?
  10. 10. Step 2: Integrate industry standards, independent benchmarking, regulatory requirements
  11. 11. Industry Standards and Benchmarking CIS Amazon Web Services Foundations Benchmark v1.0.0 Description This document provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings.
  12. 12. FFIEC Assessment Guide for AWS
  13. 13. Poll Question Has your organization leveraged CIS benchmarks to implement industry-standard best practices?
  14. 14. Step 3: Create a master design that meets internal and external requirements
  15. 15. Create a golden environment  Using baseline requirements to create a gold OS image  Configure use of AWS services, for example: Amazon S3 Amazon EBS Amazon Redshift  Force SSE  Turn on logging  Specify retention  Set Amazon Glacier archiving  Prevent external access  Specify overriding permissions  Set event notifications  Define volume type  Volume size limits  IOPS performance (input/output)  Data location – regions  Snapshot (backup) ID  Encryption requirements  Cluster type (single or multi)  Encryption (KMS or HSM)  VPC location  External access (yes/no)  Security groups applied  Create SNS topic  Enforce Amazon CloudWatch alarms
  16. 16. Poll Question What are your greatest challenges prohibiting the automation of controls throughout your organization?
  17. 17. Step 4: Enforce deployment to that design
  18. 18. Enforce AWS Service Catalog Allows administrators to create and manage catalogs of approved resources (products) that users can access via a personalized portal.  Control which IT services and versions are available  Control the configuration of the available services  Control permission access by individual, group, department, or cost center. Provisioning Team creates and manages Service Catalog Products built from CloudFormation Templates An AWS Service Catalog product is a deployable AWS CloudFormation template.
  19. 19. Step 5: Mechanize a scalable governance and auditing program
  20. 20. Governance & Auditing Program
  21. 21. Best Practices for a Strong Compliance Defense 1. How is the entity using the cloud? 2. Is the entity leveraging credible, third-party assessments? 3. Has the entity benchmarked their use of the cloud against CIS or another independent body? 4. How do they monitor use of the cloud? 5. How has application, logical access, resiliency, governance changed?
  22. 22. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jodi Scrofani, Financial Services Compliance Strategist at AWS Thank You!

×