Achieving Continuous Compliance with CTP and AWS
-
Upload
amazon-web-services -
Category
Documents
-
view
2.265 -
download
0
Transcript of Achieving Continuous Compliance with CTP and AWS
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Achieving Continuous
Compliance
with CTP and AWS• Peter Williams, Global Technology Lead, Amazon Web Services
• Brian Ott, VP of Managed Cloud Control Services, Cloud Technology
Partners
• Ann Neidenbach, CIO, Cowen
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• How compliance in the cloud is different than on-premises, particularly for
financial services organizations.
• What it means to be in continuous compliance and why it’s important.
• How Cloud Technology Partners (CTP) and Amazon Web Services (AWS) work
together to keep you in compliance.
• How to improve visibility of all compliance requirements across the business.
Learning Objectives
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS and Financial Services-
Governance, Risk and Compliance
(GRC)
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Industry Challenges
The regulatory environment for
financial services organizations is
both complex and dynamic.
Identifying, assessing, and
complying with change across the
business is even more challenging
without a comprehensive approach.
How can organizations ensure
regulatory compliance in the
cloud?
EMA
PRA
Treasury
FDIC
FFIECBASEL
Dodd-Frank
NMS
MiFID II BCBS 239
CCAR
ESMA
RDAFR Y-9C
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key AWS Certifications and Assurance Programs
Visit http://aws.amazon.com/compliance for more details.
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security by Design (SbD) is a modern,
security assurance approach that
formalizes AWS account design,
automates security controls, and
streamlines auditing.
It is a systematic approach to ensure
security; instead of relying on after-the-fact
auditing, SbD provides control insights
throughout the IT management process.
Create Invisible Guardrails: Security by Design
CloudTrail
CloudHSM
IAM
KMS
AWS
Config
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS WAFTool designed to filter
malicious web traffic
AWS OrganizationsPolicy-based management
for multiple AWS accounts
Amazon InspectorAutomated application
security assessment service
AWS ShieldManaged Distributed Denial
of Service (DDoS) protection
service that safeguards web
applications running on AWS
AWS Identity and
Access Management
(IAM)Securely control access to
AWS services and
resources for your users
AWS Key Management
Service (AWS KMS)Managed service to create
and control encryption keys
AWS CloudHSMHardware-based keys storage
for regulatory compliance
AWS EC2 Systems
ManagerFleet management for
vulnerability scanning and
patching.
AWS Config and AWS
Config rulesAWS resource inventory,
configuration history, and
configuration change notifications
& preventive rules.
AWS Service Catalog &
AWS CloudFormationAWS tools to manage approved
services and environments
across all accounts, Lines of
Business, and user bases.
Amazon Macie Uses machine learning to
automatically discover, classify,
and protect sensitive data on
AWS.
AWS Tools & Services
Amazon VPCLogically isolated section of the
AWS Cloud where you launch
AWS resources in a virtual
network that you define
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous Compliance Monitoring
Compliance organizations need to:
• Monitor compliance with rules required for their organization.
• Maintain up-to-date regulations across numerous regulators.
• Consolidate monitoring across their organization in a ‘single pane of glass’.
• Prove to auditors that compliance is maintained now and historically.
© 2017 Cloud Technology Partners, Inc. / Confidential 9
Managed Cloud Controls
Continuous Compliance
© 2017 Cloud Technology Partners, Inc. / Confidential 10
We Are Enterprise Cloud Experts
CTP is a premier cloud services and
software company for enterprises
moving to cloud.
500+ Enterprise Engagements
Across Platforms
✓ AWS Premier Consulting Partner
✓ Gartner Cool Cloud Vendor
● Migration Competency
● Security Competency
● IoT Competency
● DevOps Competency
● Financial Services Competency
● Managed Services Partner
© 2017 Cloud Technology Partners, Inc. / Confidential 11
Common Questions & Concerns in Moving to
AWS
Minimize the risk and
uncertainly and to
accelerate adoption of AWS.
“Continuous
Compliance”
• “How do I gain alignment around my cloud
strategy and continuously govern everything
we’re doing in the cloud?”
• “How do I prepare for regulatory audits?”
• “How do I ensure that applications we migrate to
the cloud are following my security and
governance requirements?”
• “How do I find peace of mind and ensure our
employees are following our governance, risk
and compliance standards?”
© 2017 Cloud Technology Partners, Inc. / Confidential 12
What is Continuous Compliance?
A Service to Provide Your Single Source of
Proof for Compliance.
Continuous monitoring of over 1,000 IT compliance, corporate
governance and regulatory compliance controls.
Real-time monitoring and alerting of control failures and
recommendations for remediation
The most up-to-date policies from regulatory organizations
that ensure compliance frameworks are updated upon
release
Continuous synchronization of new cloud services and
capabilities with regulatory compliance frameworks
Reduced time, cost and complexity of audit preparation
CTP’s expertise to provide ongoing recommendations for
remediation and cloud compliance
© 2017 Cloud Technology Partners, Inc. / Confidential 13
Continuous Compliance - Approach
Compliance
Risk
Security
Control Frameworks
Technical Rules
Process Rules
** CTP BP: CTP Best Practices for AWS
© 2017 Cloud Technology Partners, Inc. / Confidential 14
How Does Continuous Compliance Work?
Source of Data Key Stakeholders
Compliance
Risk
Security
Cloud
Applications
Infrastructure
Regulatory
Framework
Technical Rules
Process Rules
SaaSContinuous Compliance
Policy Hub
We scan AWS
© 2017 Cloud Technology Partners, Inc. / Confidential 15
CTP’s Continuous Compliance Bridges the Customer
& AWS Areas of Responsibility as a Single Source for
Compliance
Continuous
Compliance
© 2017 Cloud Technology Partners, Inc. / Confidential 16
CTP Worked with Cowen to Enable & Accelerate the
Move to AWS Including Continuous Compliance
PHASE 5:
OPERATE & OPTIMIZE
PHASE 2:
ASSESS & PLAN
TCO / ROI Assessment
Application Portfolio Assessment
Security Assessment
Infrastructure Assessment
DevOps Assessment
ESTABLISH BASELINE TRANSITION
PHASE 1:
WORKSHOP
DISCOVERY
PHASE 4:
MIGRATE
PHASE 3:
BUILD
LAY FOUNDATION
Minimum Viable Cloud (MVC)
DevOps Enablement
Tooling & Automation
CloudOps
InfoSec
Client Solutions
Financial Management
Application Optimization
>> >> >>
MANAGED
CLOUD
CONTROLS
Continuous Compliance
Continuous Cost Control
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Case Study
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cowen Challenges
• Legacy/Aging infrastructure and datacenters: High costs to maintain
(comp and non-comp) – significant capital expenditure required to
upgrade/refresh.
• Shift in business model: Moved many critical business systems to
Software as a Service (SaaS) providers resulting in over-engineered
infrastructure for what remained.
• Evolving business strategy: Required agile infrastructure that could
easily remove cost.
• Reliable compliance controls in regulated industry: Alignment to the
National Institute of Standards and Technology (NIST) compliance
framework.
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why Choose CTP and AWS?
Proven APN PartnerExperience with a number
of financial services firms
on cloud migrations
Scaling
Engagements Assess capabilities before
committing to a longer
term engagement
Monitor and Leverage
C2Continuously monitor our
applications against the NIST
compliance framework
Experience/Knowledge Grow overall cloud strategy
and migration
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Did CTP Address Cowen’s Challenges?
Cowen IT experienced a significant cultural shift in a manner of
months,
having a fully functional DevOps Team in 13 weeks.
•Validated our assumptions on Cloud economics
•Developed a roadmap to ensure our time horizons were realistic
Provided the necessary training and frameworks:
● Agile Development Methodology
● Minimally Viable Cloud (MVC) model
● Cloud Migration Factory
Guided the development of tools/process to maintain security/compliance
1 2
3 4
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cowen AWS Migration
Cowen’s migration to AWS followed an agile development methodology, allowing for
iterative learning.
Cowen’s ‘Migration Factory’ ran in 3 week
Sprints with successively more complex apps
in each Sprint. Initial Sprints developed the
automated building blocks used in the later
stages.
The MVC workstream built upon itself
starting with Foundational, Fundamental,
and Extended components as the staff
experience and cloud usage expanded.
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Specific Benefits to Cowen
The migration to AWS has yielded significant improvements to Cowen’s
overall IT environment.• Consistent, repeatable, and fully automated build process through infrastructure and
application deployment.
• On-demand lab/development and QA environments only run during hours of usage with
automated start/stop.
• Enhanced cost and Total Cost of Ownership (TCO) details by application.
• Automated patching process of base images across cloud infrastructure.
• Hybrid operational model across both cloud and on-premises environments:
Centralized cloud-based monitoring – ‘single pane of glass’
Central Support Staff for cloud and on-premises
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CTP Continuous Compliance on AWS
• Achieve and maintain a continuous state of compliance for a cloud
enabled business
• Build a data-driven approach to compliance
• Get real-time notification analysis and remediation strategy
• Accelerate the pace of innovation
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Q&A
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Learn More About CTP
https://www.cloudtp.com/
Learn More About Continuous Compliance
https://hubs.ly/H08FlB70
Try AWS for Free
https://aws.amazon.com/
Next Steps and Further Information
© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank You!