The Doppler Quarterly Fall 2017 - Page 15

Where does that leave you? You still need to protect what you put in the cloud. Remember the unlocked front door example earlier? The builder installed a lock on the door and gave you the key. Yet, it is still up to you to lock that door so that bad guys don’t come in. Protecting your systems, platforms, data, and applications in AWS is not a triv- ial task but that doesn’t mean it has to be overwhelming or extremely compli- cated either. Rather, it means that security should not be approached noncha- lantly. It’s not as simple as putting a firewall in front of your servers and declaring success. Implementing a set of comprehensive security measures requires careful planning that starts with the vision of where you want to go. That vision should guide your strategy on how to get there, and your approach must cover security needs across the People, Process, and Technology triangle. The Approach At CTP, we guide our clients through a prescriptive approach on their cloud journey. We call it the Cloud Adoption Program. This approach provides for an efficient process with predictable and measured outcomes. We have perfected our methodology throughout the hundreds of successful cloud engagements we have participated in. Every engagement and every client is a little different, but every one of them shares the same need to address applicable security and governance requirements. That is why Secu- rity and Governance is one of the fundamental building blocks in our approach to helping enterprise clients adopt AWS. Our client base ranges from midsize companies and “normal” large enterprise clients to heavily-regulated financial industry and healthcare behemoths. We start assisting our clients at the early stages of cloud adoption. Their focus is typically around understanding AWS security capabilities, mapping their reg- ulatory requirements and controls to public cloud, and creating roadmaps to ensure their operations on AWS will be safe and secure. We continue advising them throughout their journey to AWS by reinforcing their awareness of best practices, conducting security workshops, and implementing solutions that address all of their security needs. Below are some of the most common areas in which we help our clients. Governance, Risk & Compliance We help our clients establish appropriate IT governance models for operating in AWS. We advise them on cloud GRC best practices, help our clients under- stand their risk exposure, and identify and implement required processes to ensure compliance with various control frameworks. Perimeter & Infrastructure Protection We work closely with our clients to design and implement required account structures, appropriate network architectures with VPC and subnet segmen- tations, security groups and network ACL’s. We implement native AWS and 3rd FALL 2017 | THE DOPPLER | 13