The Doppler Quarterly Summer 2017 - Page 26

building a program to achieve and maintain compliance while moving to, and operating in, AWS. Frequent, Data-Driven Compliance Assessments. Continuous development and integration techniques afford developers the ability to make and implement changes to their applications and their AWS infrastructure frequently. This necessitates frequent testing, making sure that visibility to any changes to applications and associated data is provided on a continuous basis to compliance and risk teams, as well as application develop- ment teams, for remediation. Continuous monitoring, testing and evaluation is critical when you consider the dynamic nature of AWS. A Holistic, Program Management Approach. Achieving and maintaining a state of compliance readiness takes a village. Get- ting the data is good, but what you need is a program to make use of that data. Organizations need to consider tools and training, data and reporting, incident and event management, change management, as well as program-level gover- nance and oversight. Cross-functional representation from the stakeholders, like the CISO, the application owners, the Line of Business owners and the audit team, must be evident and accessible to senior executives who, in turn need to make compliance a priority. Achieving compliance is not easy! According to a recent McKinsey & Company report on progress towards achieving compliance within global financial services organizations, many are actually losing ground as they consider the prospect of the rapidly evolving regulatory landscape, future investments, and other factors. Failure in this arena is not an option. And while AWS does alter the playing field, the right approach and commitment, with organizational support, will ulti- mately lead you to success. Fortunately, CTP can help. Managed Cloud Controls. CTP recently introduced Managed Cloud Controls, a suite of next generation managed services which serve as the foundation for a programmatic approach to delivering a high level of governance, visibility and control for an enterprise cloud program. One of the first services available within the Managed Cloud Controls family is Continuous Compliance for AWS. Continuous Compliance for AWS delivers data-driven, real-time regulatory compliance readiness for your enterprise. We’ve developed a solution for establishing and maintaining a state of visibility and control of applications running in AWS, against one or more regulatory frameworks or compliance standards. To accomplish this, we: • Harnessed the experience gained over hundreds of enterprise security engagements 24 | THE DOPPLER | SUMMER 2017