Evident io Continuous Compliance - Mar 2017
-
Upload
sebastian-taphanel-cissp-issep -
Category
Technology
-
view
103 -
download
0
Transcript of Evident io Continuous Compliance - Mar 2017
Copyright © 2016
WHAT IS COMPLIANCE?
• Boiled down: It’s about assessing risk and implementing governance
• Most common are government-mandated and industry-specific compliance certifications
• Compliance != Security
• YOU: It’s not necessarily because management says so…you are a hugely important part of the process
Copyright © 20163
AWS SHARED RESPONSIBILITY MODEL
Shared responsibility changes everything. Enterprises must adapt their traditional security & complianceprocesses to address what’s different in the cloud.
TAKE NOTEThe majority of
attacks will happen here at
the API control plane
Copyright © 2016
How Compliance is Different: Good & Bad
Traditional Data Center Public Cloud
Physical Security Controls Apply Don’t Apply – Saves Time
Changes in Environment are Controlled by Few
Changes to Environment Occur Continuously by Many
Tools for Compliance Management are Established
Assessment via APIBut, Few Tools Exist
Copyright © 2016
AUTOMATION MAKES DIFFICULT TASKS EASY
Monitoring compliance throughout the entire dev
lifecycle
Generate compliance reports without
specialized knowledge
Compile a complete, unified view across all
cloud accounts
Identify, prioritize and remediate risks
as they arise
Avoid disrupting development teams with last-minute compliance
push
Copyright © 2016
CONTINUOUS (NIST 800-53) COMPLIANCEESP Dashboard
Compliance Report
User Attribution
ESP Alert
Copyright © 2016
NIST SP 800-53r4 • THE Gold Standard for US Security and Privacy Controls and is aligned with
ISO 27001
• FedRAMP / 800-171 (Protection of Controlled Unclassified Information) / DoD SRG / CNSSI 1253 (IC Controls) / DoJ CJIS / HIPAA are based from 800-53
• Evident Security Platform (ESP) is aligned with NIST
• AWS Infrastructure controls mapped by AWS and approved by FedRAMP / DoD / DoJ
Copyright © 2016
CIS AWS FOUNDATIONS BENCHMARK• First compliance standard specific to AWS
• The gold standard for all baseline AWS security configurations
• Evident Security Platform (ESP) is aligned with CIS
• Infrastructure controls covered in CIS AWS Foundations compliance module
• Included in all ESP plans
Copyright © 2016
COMING SOON: MORE COMPLIANCE VIEWS• PCI-DSS v3.2
• SOC-2
• HIPAA
• ISO 27001
• 3rd party integrations with GRC platforms
• CJIS (DoJ Standard)
• Custom Compliance
Copyright © 2017Copyright © 2017
Sebastian Taphanel, CISSP-ISSEPPrincipal Solutions Architect, [email protected] 703-303-9782
@sebtaph Sebastian Taphanel
https://www.slideshare.net/sebastiantaphanel
CONTACT INFORMATION