AWS compliance and governance

1. AWS compliance and governance

In this video, we will review how to establish governance controls and create a compliant AWS cloud deployment.

2. Cloud governance

Cloud governance is a set of policies and rules used by companies who work in the cloud. This framework is designed to ensure corporate strategy, ethical behavior, risk management, and compliance. Sound governance practices help minimize internal risks such as ethical behavior and external risks such as cyber attacks, and regulatory compliance.

3. Regulations around the world

Regulations remain a big factor for most large companies around the world. For example, in the US, all public companies have to comply with Sarbanes-Oxley for accounting. In the Europe, companies have to comply with GDPR to protect consumer data.

4. Governance functions

Governance functions can be divided in five categories. An organization needs to first identify critical resources and how they plan to govern including the division of responsibility. Detection helps find anomalies and malicious activities. Tools and systems for protection help increase the security of critical resources. Incident response planning helps prepare an organization to respond to critical events. And recovery processes and tools help with business continuity and resumption of activities.

5. AWS tools for governance

Once an organization knows what to protect and the processes for response and recovery have been agreed upon, it is time for the implementation. AWS offers multiple tools in each of these categories. You may be wondering why there are so many AWS tools. It is because large cloud implementations are complex. Different tools specialize in different areas. Let us look at a few tools from each category.

6. Threat identification

For threat identification, Security Hub automatically and continuously checks your AWS resources for security best practices. It helps you find misconfiguration and gathers security alerts (called findings) in a standard format.

7. Tools for protection

For protection, AWS offers tools to set up defensive controls to protect personal data. AWS Shield helps protect computer network from large coordinated attacks knows as DDoS. Identity and Access Management (IAM) help protect login attempts with multi-factor authentication.

8. Detect malicious activities

Detection tools help you detect anomalies and malicious activities. Most businesses expect automated continuous monitoring which is possible using Amazon CloudWatch.

9. Detect malicious activities

Other detection tools include AWS Inspector and AWS Guard Duty. AWS Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities. AWS GuardDuty is a threat detection service that monitors for malicious activity. It's a malware protection service in the cloud.

10. Respond and recover

For security response, you need robust tools for investigation and recovery. CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. In other words, CloudTrail keeps a record of user activity and major events that modify or delete resources.

11. Respond and recover

For recovery, Glacier is an archival storage solution built on S3. Unlike standard S3, which is optimized for millisecond response time, Glacier is optimized for large volume and infrequent and slower retrieval time. There are multiple options to choose from depending on your specific use case.

12. Let's practice!

Now, let's practice using some of these compliance tools.

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.