building a program to achieve and maintain compliance while moving to, and
operating in, AWS.
Frequent, Data-Driven Compliance Assessments.
Continuous development and integration techniques afford developers the
ability to make and implement changes to their applications and their AWS
infrastructure frequently. This necessitates frequent testing, making sure that
visibility to any changes to applications and associated data is provided on a
continuous basis to compliance and risk teams, as well as application develop-
ment teams, for remediation. Continuous monitoring, testing and evaluation is
critical when you consider the dynamic nature of AWS.
A Holistic, Program Management Approach.
Achieving and maintaining a state of compliance readiness takes a village. Get-
ting the data is good, but what you need is a program to make use of that data.
Organizations need to consider tools and training, data and reporting, incident
and event management, change management, as well as program-level gover-
nance and oversight. Cross-functional representation from the stakeholders,
like the CISO, the application owners, the Line of Business owners and the
audit team, must be evident and accessible to senior executives who, in turn
need to make compliance a priority.
Achieving compliance is not easy! According to a recent McKinsey & Company
report on progress towards achieving compliance within global financial services
organizations, many are actually losing ground as they consider the prospect of
the rapidly evolving regulatory landscape, future investments, and other factors.
Failure in this arena is not an option. And while AWS does alter the playing field,
the right approach and commitment, with organizational support, will ulti-
mately lead you to success. Fortunately, CTP can help.
Managed Cloud Controls.
CTP recently introduced Managed Cloud Controls, a suite of next generation
managed services which serve as the foundation for a programmatic approach
to delivering a high level of governance, visibility and control for an enterprise
cloud program.
One of the first services available within the Managed Cloud Controls family is
Continuous Compliance for AWS.
Continuous Compliance for AWS delivers data-driven, real-time regulatory
compliance readiness for your enterprise. We’ve developed a solution for
establishing and maintaining a state of visibility and control of applications
running in AWS, against one or more regulatory frameworks or compliance
standards. To accomplish this, we:
• Harnessed the experience gained over hundreds of enterprise security
engagements
24 | THE DOPPLER | SUMMER 2017