Steve Seaney: Leveraging AWS services to streamline compliance
awschicago
35 views
18 slides
Jun 13, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
AWS Community Day Midwest 2024
Leveraging AWS services to streamline compliance
Steve Seaney
Slide Content
Leveraging AWS services to streamline
compliance
Steve Seaney
Managing Director, AWS Line of Business
Rego Consulting, Inc
Ganesh Prabhu
Solutions Architect
Amazon Web Services
compliance
Steve Seaney
Managing Director, AWS Line of Business
Rego Consulting, Inc
Ganesh Prabhu
Solutions Architect
Amazon Web Services
Agenda
•Rego Introduction
•Annual Governance Life Cycle
•Integrating WAFR within a compliance cycle
•Building a cost reduction roadmap
•Leverage AWS Services to help survive a SOC / ISO Audit
•Essential elements for building a security roadmap
•Conclusion
•Questions
2
•Rego Introduction
•Annual Governance Life Cycle
•Integrating WAFR within a compliance cycle
•Building a cost reduction roadmap
•Leverage AWS Services to help survive a SOC / ISO Audit
•Essential elements for building a security roadmap
•Conclusion
•Questions
2
Rego Introduction
Who is Rego?
Rego Consulting is one of the world’s largest Project
Portfolio Management (PPM), AWS, FinOps, Apptio, TBM
and Agile consulting firms.
We’ve guided 700+ organizations through their AWS,
PPM, FinOps, and Work Management journeys, including
60% of Fortune 100 companies.
We are the only Clarity by Broadcom SaaS provider on
AWS, as well as the #1 global reseller. We implement and
maintain over ~150 AWS Production Environments for our
clients.
With 10+ years of experience, we bring industry leading
best practices to every client.
4
Rego Consulting is one of the world’s largest Project
Portfolio Management (PPM), AWS, FinOps, Apptio, TBM
and Agile consulting firms.
We’ve guided 700+ organizations through their AWS,
PPM, FinOps, and Work Management journeys, including
60% of Fortune 100 companies.
We are the only Clarity by Broadcom SaaS provider on
AWS, as well as the #1 global reseller. We implement and
maintain over ~150 AWS Production Environments for our
clients.
With 10+ years of experience, we bring industry leading
best practices to every client.
4
AWS Governance Life Cycle
Annual Governance Life Cycle
Cost
SOCFocus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals and update stories
Q2
Support annual SOC or ISO audit efforts
Q3
Update roadmap and plan for critical focus area (security)
Q4
Cost
SOCFocus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals and update stories
Q2
Support annual SOC or ISO audit efforts
Q3
Update roadmap and plan for critical focus area (security)
Q4
Life Cycle Phase Objectives
WAFR Phase Q1 Cost Reduction PhaseQ2
SOC or ISO Audit PhaseQ3 Focus Area - SecurityQ4
•Objective is to build an annual AWS plan
•Focus on AWS related changes
•Ignore process items redundant with
SOC / ISO Audit
•Real outcome is stories (not a report)
•Objective is to create cost reduction plan
•Include past and upcoming AWS cost reductions
•Minimize process items redundant with SOC / ISO
Audit
•Real outcome is stories with cost goals
•Objective is to satisfy auditors
•Focus on process related items
•Leverage AWS dashboards and reports
•Real outcome is to be efficient
•Objective is to dig into a critical area
•Security can include WAF changes, etc.
•Great time to review guard rails
•Real outcome is stories
WAFR Phase Q1 Cost Reduction PhaseQ2
SOC or ISO Audit PhaseQ3 Focus Area - SecurityQ4
•Objective is to build an annual AWS plan
•Focus on AWS related changes
•Ignore process items redundant with
SOC / ISO Audit
•Real outcome is stories (not a report)
•Objective is to create cost reduction plan
•Include past and upcoming AWS cost reductions
•Minimize process items redundant with SOC / ISO
Audit
•Real outcome is stories with cost goals
•Objective is to satisfy auditors
•Focus on process related items
•Leverage AWS dashboards and reports
•Real outcome is to be efficient
•Objective is to dig into a critical area
•Security can include WAF changes, etc.
•Great time to review guard rails
•Real outcome is stories
Integrating WAFR within a
compliance cycle
compliance cycle
Well Architected Review Phase
ToolsObjectives
•16-month AWS services roadmap
•Roadmap includes creating stories
•Focus on technical aspects of AWS
•Deprioritize process related discussions
•What services changes since the last WAFR
•What services have upcoming changes
•What issues need addressing
•What can we cost effectively automate
•AWS WAFR Tool
•AWS WAFR Lenses
•AWS Security Hub
•AWS Organizations
•Partner Tool Criteria
•Improve Efficiency
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Enables Automated Remediation
•Rego’s preferred tool is 6-Pillars
ToolsObjectives
•16-month AWS services roadmap
•Roadmap includes creating stories
•Focus on technical aspects of AWS
•Deprioritize process related discussions
•What services changes since the last WAFR
•What services have upcoming changes
•What issues need addressing
•What can we cost effectively automate
•AWS WAFR Tool
•AWS WAFR Lenses
•AWS Security Hub
•AWS Organizations
•Partner Tool Criteria
•Improve Efficiency
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Enables Automated Remediation
•Rego’s preferred tool is 6-Pillars
Building a cost reduction roadmap
Cost Reduction Roadmap
ToolsObjectives
•16-month AWS net cost reduction roadmap
•Roadmap includes creating stories
•Plan should include high level cost targes
•Update AWS Budget Settings
•Update AWS Cost Categories
•SaaS Customer focus on cost per usage
•Detailed dive into key cost criteria
•Cost for network services
•Cost for storage
•Cost for compute
•Cost for security and support
•AWS Cost Explorer
•AWS Budget Tool with alerting
•AWS Cost Categories
•Partner Tool Criteria
•Forecasting and trending views
•Detail drill down
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Alerts and remediation
•Rego’s preferred tool are Apptio and nOps
ToolsObjectives
•16-month AWS net cost reduction roadmap
•Roadmap includes creating stories
•Plan should include high level cost targes
•Update AWS Budget Settings
•Update AWS Cost Categories
•SaaS Customer focus on cost per usage
•Detailed dive into key cost criteria
•Cost for network services
•Cost for storage
•Cost for compute
•Cost for security and support
•AWS Cost Explorer
•AWS Budget Tool with alerting
•AWS Cost Categories
•Partner Tool Criteria
•Forecasting and trending views
•Detail drill down
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Alerts and remediation
•Rego’s preferred tool are Apptio and nOps
SOC or ISO Audit Phase
Surviving the ISO/SOC phase
ToolsObjectives
•Improve efficiency with each audit
•Create stories for required changes
•Create stories for periodic requirements
•Minimize the impact on the DevOps and
SecOps teams
•Ideally, 80% of the discussion will be on
process topics
•AWS Quicksight for reusable reporting
•Users, Groups, and Permissions
•Patch Compliance over time
•License Compliance over time
•Control tower is amazing!
•Security Hub, ASR, and Config are critical
•AWS License Manager for evidence
•AWS SSM including patch manager
•AWS Audit Manager is not listed
•Partner tools - Drata looks compelling
ToolsObjectives
•Improve efficiency with each audit
•Create stories for required changes
•Create stories for periodic requirements
•Minimize the impact on the DevOps and
SecOps teams
•Ideally, 80% of the discussion will be on
process topics
•AWS Quicksight for reusable reporting
•Users, Groups, and Permissions
•Patch Compliance over time
•License Compliance over time
•Control tower is amazing!
•Security Hub, ASR, and Config are critical
•AWS License Manager for evidence
•AWS SSM including patch manager
•AWS Audit Manager is not listed
•Partner tools - Drata looks compelling
Essential elements for building a
security roadmap
security roadmap
Security is Job Zero
ToolsObjectives
•Create and address security related stories
•Adopt latest Security Hub Standards
•Identify ASR opportunities and gaps
•Adopt changes to Organizations
•Audit and adjust Control Tower Guard Rails
•Audit Patch Manager
•Audit Inspector settings and compliance
•Audit Guard Duty settings
•Security Hub, ASR, and Config
•AWS Control Tower and Config
•AWS Organizations
•AWS SSM and Patch Manager
•Partner Tool Criteria
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Alerts and automated remediation
•Rego’s preferred is 6Pillars
ToolsObjectives
•Create and address security related stories
•Adopt latest Security Hub Standards
•Identify ASR opportunities and gaps
•Adopt changes to Organizations
•Audit and adjust Control Tower Guard Rails
•Audit Patch Manager
•Audit Inspector settings and compliance
•Audit Guard Duty settings
•Security Hub, ASR, and Config
•AWS Control Tower and Config
•AWS Organizations
•AWS SSM and Patch Manager
•Partner Tool Criteria
•Maintains Data Sovereignty
•Magnifies AWS Tools
•Alerts and automated remediation
•Rego’s preferred is 6Pillars
Conclusions & Questions
Annual Governance Life Cycle
Cost
SOCFocus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals and update stories
Q2
Support annual SOC or ISO audit efforts
Q3
Update roadmap and plan for critical focus area (security)
Q4
Cost
SOCFocus
WAFR
Leverage WAFR to update AWS
roadmap and stories
Q1
Set annual cost reduction goals and update stories
Q2
Support annual SOC or ISO audit efforts
Q3
Update roadmap and plan for critical focus area (security)
Q4
Thank you
[email protected]
[email protected]
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 35
- Slides 18
- Age 536 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views