This document summarizes a webinar on continuous compliance in the cloud presented by thought leaders from Sumo Logic, Coalfire Systems, and AWS. It discusses the shared responsibility model of security between cloud providers and customers. It also covers auditing cloud environments, challenges of compliance in the cloud, benefits of using cloud services for compliance, and how security analytics can help with cloud compliance. The speakers recommend learning about AWS assurances and certifications, understanding IT audit issues in moving to the cloud, and using data analytics to gain visibility into cloud workloads.
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Cloud Compliance Best Practices
1. Continuous Compliance in the Cloud –
Best Practices from Industry Thought
Leaders
Bill Shinn, Tim Winston, George Gerchow
Oct 15 2015
2. Agenda
• Welcome & Introductions
• Security & Compliance in the Cloud: Shared Responsibility Model
• Auditing Cloud Based Environments
• Security Analytics’ Role in Cloud Compliance
3. Housekeeping
• Attendees will be muted throughout the webinar
• Ask questions at anytime by typing them in the chat window
• The webinar recording will be sent to all participants
• You’ll be prompted to answer a single survey question at the end
5. Today’s Speakers
George Gerchow
Director, Security and
Compliance
Sumo Logic
Tim Winston
Director of PCI
Practice
Coalfire Systems
Bill Shinn
Principal Security Solutions
Architect
AWS
9. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity Data Infrastructure
Customer applications & content
You get to define
your controls IN
the Cloud
AWS takes care
of the security
OF the Cloud
You
AWS And You Share Responsibility for Security
11. Coalfire Systems Introduction
• Largest independent cyber risk management firm in North America
• Founded in 2001
• Cyber Risk Advisory, Payment Card Industry, FISMA/FedRAMP,
HIPAA, NERC/CIP, ISO, Pen Testing, Application Security
12. Cloud-Based Solution Compliance: Hot Points
1. Access control to cloud service management
2. Level of expertise in platform
3. Logging and monitoring cloud services
4. Leveraging the cloud to improve security controls
13. Compliance Challenges
• Service management layer access control
– Console
– CLI
– Authentication
– Authorization
– Service accounts
• Configuration automation
– Mapping to legacy compliance controls
– Security controls
• Logging and monitoring
– New audit activities – Service Management
– Dynamic implementation
– Alert management
15. Sumo Logic. Inc.
Eliminating Risk for the New IT Model
On
Premise
Limited
Flexibility
Monitoring
Silo
Secured
Later
Old IT ToolsNew IT Services
Cloud
Native
True
SaaS
Full Stack
Visibility
Secure by
Design
Introducing Continuous Intelligence
Sumo Logic is a Cloud Native Analytics and Management
solution architected to meet the the operational and business
demands for companies migrating and building applications on
dynamic infrastructures, such as AWS.
Delivered as True SaaS, our focus is to make sure Software
Centric companies Continuously Innovate and Deliver
Applications with confidence and speed.
We call this Continuous Intelligence.
16. Sumo Logic. Inc.
AWS Customers Master Their Data with Sumo Logic
Accelerate migration and operations in AWS with the
Sumo Logic True SaaS ModelTrue SaaS
Full Stack
Visibility
Discover patterns, anomalies and outliers from the full
stack – in AWS or on premise
Architected for
the Cloud
Real-time operational insights from a comprehensive
set of AWS applications and integrations
Security
Posture
Trust their data to the industry’s most secure native-
cloud analytics platform
Purpose Built on AWS
17. Sumo Logic. Inc.
The Industry Benchmark in Secure SaaS
• U.S. – EU Safe Harbor
framework compliance
• SOC 2, Type II attestation
• HIPAA compliance
• PCI DSS Level 1 for 3.0
• FIPS 140 compliance
• AES 256-bit encryption
• TLS encryption
Protecting Customer Data with the Best-in-Class Security Measures
Industry’s Most
Secure
Cloud-Native
Analytics Service
20. Next Steps
• It is more than OK to move workloads to the cloud. Everyone is going there. Learn
more about AWS’ assurances here.
https://aws.amazon.com/compliance
• Get more specific insights into IT audit & compliance issues faced by company
leaders, IT professionals and risk managers.
https://www.coalfire.com/Resources
• Learn how data analytics helps provide visibility into your cloud workloads.
https://www.sumologic.com/lp/security-and-compliance/01/