SlideShare a Scribd company logo
Leveraging AWS services to streamline
compliance
Steve Seaney
Managing Director, AWS Line of Business
Rego Consulting, Inc
Ganesh Prabhu
Solutions Architect
Amazon Web Services
Agenda
• Rego Introduction
• Annual Governance Life Cycle
• Integrating WAFR within a compliance cycle
• Building a cost reduction roadmap
• Leverage AWS Services to help survive a SOC / ISO Audit
• Essential elements for building a security roadmap
• Conclusion
• Questions
2
Rego Introduction
Who is Rego?
Rego Consulting is one of the world’s largest Project
Portfolio Management (PPM), AWS, FinOps, Apptio, TBM
and Agile consulting firms.
We’ve guided 700+ organizations through their AWS,
PPM, FinOps, and Work Management journeys, including
60% of Fortune 100 companies.
We are the only Clarity by Broadcom SaaS provider on
AWS, as well as the #1 global reseller. We implement and
maintain over ~150 AWS Production Environments for our
clients.
With 10+ years of experience, we bring industry leading
best practices to every client.
4
AWS Governance Life Cycle
Annual Governance Life Cycle
Cost
SOC
Focus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals
and update stories
Q2
Support annual SOC or ISO audit
efforts
Q3
Update roadmap and plan for
critical focus area (security)
Q4
Life Cycle Phase Objectives
WAFR Phase
Q1 Cost Reduction Phase
Q2
SOC or ISO Audit Phase
Q3 Focus Area - Security
Q4
• Objective is to build an annual AWS plan
• Focus on AWS related changes
• Ignore process items redundant with
SOC / ISO Audit
• Real outcome is stories (not a report)
• Objective is to create cost reduction plan
• Include past and upcoming AWS cost reductions
• Minimize process items redundant with SOC / ISO
Audit
• Real outcome is stories with cost goals
• Objective is to satisfy auditors
• Focus on process related items
• Leverage AWS dashboards and reports
• Real outcome is to be efficient
• Objective is to dig into a critical area
• Security can include WAF changes, etc.
• Great time to review guard rails
• Real outcome is stories
Integrating WAFR within a
compliance cycle
Well Architected Review Phase
Tools
Objectives
• 16-month AWS services roadmap
• Roadmap includes creating stories
• Focus on technical aspects of AWS
• Deprioritize process related discussions
• What services changes since the last WAFR
• What services have upcoming changes
• What issues need addressing
• What can we cost effectively automate
• AWS WAFR Tool
• AWS WAFR Lenses
• AWS Security Hub
• AWS Organizations
• Partner Tool Criteria
• Improve Efficiency
• Maintains Data Sovereignty
• Magnifies AWS Tools
• Enables Automated Remediation
• Rego’s preferred tool is 6-Pillars
Building a cost reduction roadmap
Cost Reduction Roadmap
Tools
Objectives
• 16-month AWS net cost reduction roadmap
• Roadmap includes creating stories
• Plan should include high level cost targes
• Update AWS Budget Settings
• Update AWS Cost Categories
• SaaS Customer focus on cost per usage
• Detailed dive into key cost criteria
• Cost for network services
• Cost for storage
• Cost for compute
• Cost for security and support
• AWS Cost Explorer
• AWS Budget Tool with alerting
• AWS Cost Categories
• Partner Tool Criteria
• Forecasting and trending views
• Detail drill down
• Maintains Data Sovereignty
• Magnifies AWS Tools
• Alerts and remediation
• Rego’s preferred tool are Apptio and nOps
SOC or ISO Audit Phase
Surviving the ISO/SOC phase
Tools
Objectives
• Improve efficiency with each audit
• Create stories for required changes
• Create stories for periodic requirements
• Minimize the impact on the DevOps and
SecOps teams
• Ideally, 80% of the discussion will be on
process topics
• AWS Quicksight for reusable reporting
• Users, Groups, and Permissions
• Patch Compliance over time
• License Compliance over time
• Control tower is amazing!
• Security Hub, ASR, and Config are critical
• AWS License Manager for evidence
• AWS SSM including patch manager
• AWS Audit Manager is not listed
• Partner tools - Drata looks compelling
Essential elements for building a
security roadmap
Security is Job Zero
Tools
Objectives
• Create and address security related stories
• Adopt latest Security Hub Standards
• Identify ASR opportunities and gaps
• Adopt changes to Organizations
• Audit and adjust Control Tower Guard Rails
• Audit Patch Manager
• Audit Inspector settings and compliance
• Audit Guard Duty settings
• Security Hub, ASR, and Config
• AWS Control Tower and Config
• AWS Organizations
• AWS SSM and Patch Manager
• Partner Tool Criteria
• Maintains Data Sovereignty
• Magnifies AWS Tools
• Alerts and automated remediation
• Rego’s preferred is 6Pillars
Conclusions & Questions
Annual Governance Life Cycle
Cost
SOC
Focus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals
and update stories
Q2
Support annual SOC or ISO audit
efforts
Q3
Update roadmap and plan for
critical focus area (security)
Q4
Thank you
steve@regoconsulting.com

More Related Content

Similar to Steve Seaney: Leveraging AWS services to streamline compliance

AWS Community Day - David Matthews - Living Well-Architected
AWS Community Day - David Matthews - Living Well-ArchitectedAWS Community Day - David Matthews - Living Well-Architected
AWS Community Day - David Matthews - Living Well-Architected
AWS Chicago
 
AWS Community Day Chicago 2019 - Well Architected
AWS Community Day Chicago 2019 - Well ArchitectedAWS Community Day Chicago 2019 - Well Architected
AWS Community Day Chicago 2019 - Well Architected
Ashley Black
 
Private Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value CreationPrivate Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value Creation
Tom Laszewski
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
Management@Scale
Management@ScaleManagement@Scale
Management@Scale
Amazon Web Services
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud Readiness
Amazon Web Services
 
Best Practices for Building Partner-Managed Services on AWS
Best Practices for Building Partner-Managed Services on AWSBest Practices for Building Partner-Managed Services on AWS
Best Practices for Building Partner-Managed Services on AWS
Amazon Web Services
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 
Post transaction cloud value creation
Post transaction cloud value creation Post transaction cloud value creation
Post transaction cloud value creation
Tom Laszewski
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud Strategy
Amazon Web Services
 
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Amazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
Amazon Web Services
 
Technical Due Diligence with AWS
Technical Due Diligence with AWSTechnical Due Diligence with AWS
Technical Due Diligence with AWS
Tom Laszewski
 
AWS Summit Singapore - Secrets to Successful Cloud Migrations
AWS Summit Singapore - Secrets to Successful Cloud MigrationsAWS Summit Singapore - Secrets to Successful Cloud Migrations
AWS Summit Singapore - Secrets to Successful Cloud Migrations
Amazon Web Services
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
Amazon Web Services
 
Best Practices for Partnering with AWS
Best Practices for Partnering with AWSBest Practices for Partnering with AWS
Best Practices for Partnering with AWS
Amazon Web Services
 
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
Amazon Web Services
 
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout SessionAccenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Tom Laszewski
 
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Amazon Web Services
 
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
Amazon Web Services
 

Similar to Steve Seaney: Leveraging AWS services to streamline compliance (20)

AWS Community Day - David Matthews - Living Well-Architected
AWS Community Day - David Matthews - Living Well-ArchitectedAWS Community Day - David Matthews - Living Well-Architected
AWS Community Day - David Matthews - Living Well-Architected
 
AWS Community Day Chicago 2019 - Well Architected
AWS Community Day Chicago 2019 - Well ArchitectedAWS Community Day Chicago 2019 - Well Architected
AWS Community Day Chicago 2019 - Well Architected
 
Private Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value CreationPrivate Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value Creation
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
Management@Scale
Management@ScaleManagement@Scale
Management@Scale
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud Readiness
 
Best Practices for Building Partner-Managed Services on AWS
Best Practices for Building Partner-Managed Services on AWSBest Practices for Building Partner-Managed Services on AWS
Best Practices for Building Partner-Managed Services on AWS
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Post transaction cloud value creation
Post transaction cloud value creation Post transaction cloud value creation
Post transaction cloud value creation
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud Strategy
 
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 
Technical Due Diligence with AWS
Technical Due Diligence with AWSTechnical Due Diligence with AWS
Technical Due Diligence with AWS
 
AWS Summit Singapore - Secrets to Successful Cloud Migrations
AWS Summit Singapore - Secrets to Successful Cloud MigrationsAWS Summit Singapore - Secrets to Successful Cloud Migrations
AWS Summit Singapore - Secrets to Successful Cloud Migrations
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
 
Best Practices for Partnering with AWS
Best Practices for Partnering with AWSBest Practices for Partnering with AWS
Best Practices for Partnering with AWS
 
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
(ENT206) Migrating Thousands of Workloads to AWS at Enterprise Scale | AWS re...
 
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout SessionAccenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
 
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog - ...
 
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
AWS Summit Singapore Webinar Edition | Move it! Migrating to AWS (Level 200) ...
 

More from AWS Chicago

David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024
AWS Chicago
 
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
AWS Chicago
 
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado	Managing EKS Clusters at Scale using Blueprints and Infra...Julia Furst Morgado	Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
AWS Chicago
 
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning ModelsMax De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
AWS Chicago
 
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz	Building Testable Serverless Applications with the Hexagonal Archi...Jason Butz	Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
AWS Chicago
 
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary	AWS Datasync to migrate objects from on-prem to s3Muthukumaran Ardhanary	AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
AWS Chicago
 
Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?
AWS Chicago
 
Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!
AWS Chicago
 
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
AWS Chicago
 
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
AWS Chicago
 
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdfChris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
AWS Chicago
 
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial IntelligenceCameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
AWS Chicago
 
Brian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage SystemBrian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage System
AWS Chicago
 
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
AWS Chicago
 
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David:  User desktops in AWS for low latency and grap...Mayur Runwal and Steven David:  User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
AWS Chicago
 
Justin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler	How to Explain AWS to Non-Technical PeopleJustin Wheeler	How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical People
AWS Chicago
 
Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...
AWS Chicago
 
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWSChristopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
AWS Chicago
 
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
AWS Chicago
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
AWS Chicago
 

More from AWS Chicago (20)

David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024David Michels: DevOps My AI at AWS Community Day Midwest 2024
David Michels: DevOps My AI at AWS Community Day Midwest 2024
 
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
Girish Bhatia: 2024 CommunityDay AWS Lambda develop locally with SAM, Docker ...
 
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado	Managing EKS Clusters at Scale using Blueprints and Infra...Julia Furst Morgado	Managing EKS Clusters at Scale using Blueprints and Infra...
Julia Furst Morgado Managing EKS Clusters at Scale using Blueprints and Infra...
 
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning ModelsMax De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
Max De Jong: Avoiding Common Pitfalls with Hosting Machine Learning Models
 
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz	Building Testable Serverless Applications with the Hexagonal Archi...Jason Butz	Building Testable Serverless Applications with the Hexagonal Archi...
Jason Butz Building Testable Serverless Applications with the Hexagonal Archi...
 
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary	AWS Datasync to migrate objects from on-prem to s3Muthukumaran Ardhanary	AWS Datasync to migrate objects from on-prem to s3
Muthukumaran Ardhanary AWS Datasync to migrate objects from on-prem to s3
 
Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?Jeff Maruschek: How does RAG REALLY work?
Jeff Maruschek: How does RAG REALLY work?
 
Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!Jay Kahlon: Tagging Compliance The Tags are Coming!
Jay Kahlon: Tagging Compliance The Tags are Coming!
 
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
Jason Wadsworth: Step Up Your SaaS Game: Serverless Orchestration and Automat...
 
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
Drake Pocsatko: We have HOW many documents? We have HOW many Documents? Archi...
 
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdfChris Ebert: Getting Started With Serverless Website Analytics.pdf
Chris Ebert: Getting Started With Serverless Website Analytics.pdf
 
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial IntelligenceCameron Williams: Intelligent Document Processing for Artificial Intelligence
Cameron Williams: Intelligent Document Processing for Artificial Intelligence
 
Brian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage SystemBrian Tarbox: S3 - Sophisticated Storage System
Brian Tarbox: S3 - Sophisticated Storage System
 
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
Bob Eisenmann and Justin Ranta: Automated Application Delivery on AWS using G...
 
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David:  User desktops in AWS for low latency and grap...Mayur Runwal and Steven David:  User desktops in AWS for low latency and grap...
Mayur Runwal and Steven David: User desktops in AWS for low latency and grap...
 
Justin Wheeler How to Explain AWS to Non-Technical People
Justin Wheeler	How to Explain AWS to Non-Technical PeopleJustin Wheeler	How to Explain AWS to Non-Technical People
Justin Wheeler How to Explain AWS to Non-Technical People
 
Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...Angelo Mandato: Learn about the benefits with examples how to create and main...
Angelo Mandato: Learn about the benefits with examples how to create and main...
 
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWSChristopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
Christopher Judd: Monitor All Your Stuff with OpenTelemetry and AWS
 
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
 

Recently uploaded

Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
alexjohnson7307
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 

Recently uploaded (20)

Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
 

Steve Seaney: Leveraging AWS services to streamline compliance

  • 1. Leveraging AWS services to streamline compliance Steve Seaney Managing Director, AWS Line of Business Rego Consulting, Inc Ganesh Prabhu Solutions Architect Amazon Web Services
  • 2. Agenda • Rego Introduction • Annual Governance Life Cycle • Integrating WAFR within a compliance cycle • Building a cost reduction roadmap • Leverage AWS Services to help survive a SOC / ISO Audit • Essential elements for building a security roadmap • Conclusion • Questions 2
  • 4. Who is Rego? Rego Consulting is one of the world’s largest Project Portfolio Management (PPM), AWS, FinOps, Apptio, TBM and Agile consulting firms. We’ve guided 700+ organizations through their AWS, PPM, FinOps, and Work Management journeys, including 60% of Fortune 100 companies. We are the only Clarity by Broadcom SaaS provider on AWS, as well as the #1 global reseller. We implement and maintain over ~150 AWS Production Environments for our clients. With 10+ years of experience, we bring industry leading best practices to every client. 4
  • 6. Annual Governance Life Cycle Cost SOC Focus WAFR Leverage WAFR to update AWS roadmap and stories Q1 Set annual cost reduction goals and update stories Q2 Support annual SOC or ISO audit efforts Q3 Update roadmap and plan for critical focus area (security) Q4
  • 7. Life Cycle Phase Objectives WAFR Phase Q1 Cost Reduction Phase Q2 SOC or ISO Audit Phase Q3 Focus Area - Security Q4 • Objective is to build an annual AWS plan • Focus on AWS related changes • Ignore process items redundant with SOC / ISO Audit • Real outcome is stories (not a report) • Objective is to create cost reduction plan • Include past and upcoming AWS cost reductions • Minimize process items redundant with SOC / ISO Audit • Real outcome is stories with cost goals • Objective is to satisfy auditors • Focus on process related items • Leverage AWS dashboards and reports • Real outcome is to be efficient • Objective is to dig into a critical area • Security can include WAF changes, etc. • Great time to review guard rails • Real outcome is stories
  • 8. Integrating WAFR within a compliance cycle
  • 9. Well Architected Review Phase Tools Objectives • 16-month AWS services roadmap • Roadmap includes creating stories • Focus on technical aspects of AWS • Deprioritize process related discussions • What services changes since the last WAFR • What services have upcoming changes • What issues need addressing • What can we cost effectively automate • AWS WAFR Tool • AWS WAFR Lenses • AWS Security Hub • AWS Organizations • Partner Tool Criteria • Improve Efficiency • Maintains Data Sovereignty • Magnifies AWS Tools • Enables Automated Remediation • Rego’s preferred tool is 6-Pillars
  • 10. Building a cost reduction roadmap
  • 11. Cost Reduction Roadmap Tools Objectives • 16-month AWS net cost reduction roadmap • Roadmap includes creating stories • Plan should include high level cost targes • Update AWS Budget Settings • Update AWS Cost Categories • SaaS Customer focus on cost per usage • Detailed dive into key cost criteria • Cost for network services • Cost for storage • Cost for compute • Cost for security and support • AWS Cost Explorer • AWS Budget Tool with alerting • AWS Cost Categories • Partner Tool Criteria • Forecasting and trending views • Detail drill down • Maintains Data Sovereignty • Magnifies AWS Tools • Alerts and remediation • Rego’s preferred tool are Apptio and nOps
  • 12. SOC or ISO Audit Phase
  • 13. Surviving the ISO/SOC phase Tools Objectives • Improve efficiency with each audit • Create stories for required changes • Create stories for periodic requirements • Minimize the impact on the DevOps and SecOps teams • Ideally, 80% of the discussion will be on process topics • AWS Quicksight for reusable reporting • Users, Groups, and Permissions • Patch Compliance over time • License Compliance over time • Control tower is amazing! • Security Hub, ASR, and Config are critical • AWS License Manager for evidence • AWS SSM including patch manager • AWS Audit Manager is not listed • Partner tools - Drata looks compelling
  • 14. Essential elements for building a security roadmap
  • 15. Security is Job Zero Tools Objectives • Create and address security related stories • Adopt latest Security Hub Standards • Identify ASR opportunities and gaps • Adopt changes to Organizations • Audit and adjust Control Tower Guard Rails • Audit Patch Manager • Audit Inspector settings and compliance • Audit Guard Duty settings • Security Hub, ASR, and Config • AWS Control Tower and Config • AWS Organizations • AWS SSM and Patch Manager • Partner Tool Criteria • Maintains Data Sovereignty • Magnifies AWS Tools • Alerts and automated remediation • Rego’s preferred is 6Pillars
  • 17. Annual Governance Life Cycle Cost SOC Focus WAFR Leverage WAFR to update AWS roadmap and stories Q1 Set annual cost reduction goals and update stories Q2 Support annual SOC or ISO audit efforts Q3 Update roadmap and plan for critical focus area (security) Q4