Security Congress Abstract
Authority to Operate on AWS, aims to accelerate customers and partners through the regulatory compliance process faster. The cloud offers a fundamentally new way to do compliance. Rather than spending months (years) manually building compliant environments, cloud automation can build audit-ready environments in hours.
When compliance is automated, it becomes easy. There is no remembering to deploy things. There is no manual checking. Controls and configurations are integrated into the code, and therefore always deployed, and always configured correctly. Moreover, monitoring and remediation can also be automated, accelerating incident response to levels well beyond the capacity of humans.
However, codifying an environment is a profound change for many organizations. Existing tools, techniques, and technologies do not directly translate to the cloud. In this presentation, we will discuss the goals and vision of the AWS ATO program, as well as demonstrate how compliance can be automated.
Topics Covered - Compliance Automation is based on three primary components:
1. Controls: endpoint security, SIEM, vulnerability scanners, etc.
2. Configurations: pushing security policies, OS hardening, etc.
3. Automation: code that deploys and configures all the controls to meet compliance requirements