When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
23. “We are embarking on a journey to shape the future of banking while
creating a culture of innovation, efficiency and automation. We
are introducing global platforms, machine learning and bringing
forth intelligent technology. We want to lead this change and not
be led by it.”
Michael Gorriz
Group Chief Information Officer
30. Our Cloud Foundational Principles
Gall’s Law
“A complex system that works is invariably found to have evolved from a
simple system that worked. A complex system designed from scratch never works
and cannot be patched up to make it work. You have to start over with a working
simple system.”
- John Gall -
35. Use Case 1
Compliance-as-Code for storing customer data
§ Changes tracked via AWS CloudTrail
§ AWS Config
o Data encrypted at rest using KMS
o No public access to S3 buckets
o Principle of Least Privilege enforced
§ Extensible
36. Use Case 2
Compliance-as-Code for Internet Access
§ Changes tracked via AWS CloudTrail
§ AWS Config
o Data encrypted in transit using SSL
o Inbound access enforced via our Content Delivery Network
o Running Amazon Machine Image (AMI) up-to-date
§ Extensible