AWS re:Invent 2022
Automating and Evidencing Key Compliance Security Controls Stp207 R

Title

AWS re:Invent 2022 - Automating and evidencing key compliance security controls (STP207-R)

Summary

  • Dani Trapp-Hagen, a senior startup solutions architect at AWS, specializing in healthcare and life sciences, discusses automating and evidencing key compliance security controls on AWS.
  • The talk covers the importance of compliance, mental models for understanding compliance in the cloud, and the use of AWS tools for automation, monitoring, and evidencing compliance.
  • Dani emphasizes the ongoing journey of compliance, comparing it to planning for a hike with necessary precautions.
  • She introduces three mental models: the shared responsibility model, the well-architected framework, and the three lines model.
  • AWS tools discussed include AWS Control Tower, AWS Config, AWS Systems Manager, AWS CloudTrail, AWS Security Hub, AWS Audit Manager, and AWS Artifact.
  • Conformance packs are highlighted as a way to automate configuration and compliance across AWS accounts.
  • Dani provides getting started guidance with quick start references and architectures for HIPAA, HITRUST, and GXP.
  • Customer examples from DNA Nexus and Bristol-Myers Squibb are shared, showcasing how they use AWS for compliance and innovation.
  • The session concludes with an invitation for Q&A outside the hall.

Insights

  • Compliance in the cloud is an ongoing process that requires careful planning and the right tools to manage risks and meet regulatory requirements.
  • AWS provides a suite of tools designed to automate, monitor, and evidence compliance, which can be overwhelming for new users but are essential for maintaining a strong compliance posture.
  • The shared responsibility model is crucial for understanding the division of compliance tasks between AWS and the customer.
  • Conformance packs are a valuable resource for customers to deploy standardized compliance rules across multiple AWS accounts, saving time and reducing errors.
  • AWS's well-architected framework and the three lines model from the Institute of Internal Auditors provide a structured approach to building secure and compliant architectures.
  • Real-world customer examples demonstrate the practical application of AWS tools in meeting compliance requirements while fostering innovation.
  • The session underscores the importance of understanding and utilizing AWS tools to automate compliance processes, which can lead to significant cost savings and operational efficiencies.
Automating Amis for Reliability Security and Cost Prt074Automotive Development Tool Chains Aut203