Mais conteúdo relacionado Semelhante a Evident io Continuous Compliance - Mar 2017 (20) Evident io Continuous Compliance - Mar 20172. Copyright © 2016
WHAT IS COMPLIANCE?
• Boiled down: It’s about assessing risk and implementing governance
• Most common are government-mandated and industry-specific compliance
certifications
• Compliance != Security
• YOU: It’s not necessarily because management says so…you are a hugely
important part of the process
3. Copyright © 20163
AWS SHARED RESPONSIBILITY MODEL
Shared responsibility
changes everything.
Enterprises must adapt
their traditional
security & compliance
processes to address
what’s different in the
cloud.
TAKE NOTE
The majority of
attacks will
happen here at
the API
control plane
4. Copyright © 2016
How Compliance is Different: Good & Bad
Traditional Data Center Public Cloud
Physical Security Controls Apply Don’t Apply – Saves Time
Changes in Environment
are Controlled by Few
Changes to Environment
Occur Continuously by Many
Tools for Compliance
Management are Established
Assessment via API
But, Few Tools Exist
5. Copyright © 2016
AUTOMATION MAKES DIFFICULT TASKS EASY
Monitoring compliance
throughoutthe entire dev
lifecycle
Generate compliance
reports without
specialized knowledge
Compile a complete,
unifiedview across all
cloud accounts
Identify,prioritize
and remediate risks
as they arise
Avoid disrupting
developmentteams with
last-minute compliance
push
11. Copyright © 2016
NIST SP 800-53r4
• THE Gold Standard for US Security and Privacy Controls and is aligned with
ISO 27001
• FedRAMP / 800-171 (Protection of Controlled Unclassified Information) /
DoD SRG / CNSSI 1253 (IC Controls) / DoJ CJIS / HIPAA are based from
800-53
• Evident Security Platform (ESP) is aligned with NIST
• AWS Infrastructure controls mapped by AWS and approved by FedRAMP /
DoD / DoJ
13. Copyright © 2016
CIS AWS FOUNDATIONS BENCHMARK
• First compliance standard specific to AWS
• The gold standard for all baseline AWS security configurations
• Evident Security Platform (ESP) is aligned with CIS
• Infrastructure controls covered in CIS AWS Foundations compliance module
• Included in all ESP plans
14. Copyright © 2016
COMING SOON: MORE COMPLIANCE VIEWS
• PCI-DSS v3.2
• SOC-2
• HIPAA
• ISO 27001
• 3rd party integrations with GRC platforms
• CJIS (DoJ Standard)
• Custom Compliance
15. Copyright © 2017
Copyright © 2017
Sebastian Taphanel, CISSP-ISSEP
Principal Solutions Architect,
sebastian@evident.io 703-303-9782
@sebtaph Sebastian Taphanel
https://www.slideshare.net/sebastiantaphanel
CONTACT INFORMATION