The Doppler Quarterly Summer 2017 - Page 24

How to Pass Your AWS Audit Bob Krygowski Compliance and governance requirements don’t change when you move to the public cloud, you do. If you work for a company in a regulated industry, or just have internal controls that must be met, you’ve likely been accustomed to a regular cadence of data gathering, analysis, reporting and maybe even some last minute scrambling to get ready for the next audit cycle. That’s the status quo. What happens when the status quo changes? At Cloud Technology Partners, we often see our clients making a radical shift away from the status quo, as they migrate existing applications and services from well understood and controlled on-premise or data center environments, to public cloud environments like AWS. Let’s think about the potential impact to organizational stakeholders from such a transformative technology change: • The CISO. With applications running in AWS, the CISO is still account- able for the protection of data for both the company and the client, as well as ensuring and attesting that all regulatory and compliance requirements associated with those applications are met. • The Application Owners. With applications running in AWS, the appli- cation owner or owners are still accountable for understanding and implementing the requirements and controls to achieve compliance with applicable regulatory frameworks and standards. • Line of Business Owners. With applications running in AWS, the Line of Business owner is still accountable for business performance, and ensur- ing that their products and services are compliant with applicable regu- latory frameworks and standards. 22 | THE DOPPLER | SUMMER 2017