AWS re:Invent 2022
How Commonwealth Bank Simplified the Compliance Journey Cop312

Title

AWS re:Invent 2022 - How Commonwealth Bank Simplified the Compliance Journey (COP312)

Summary

  • Speakers: Eric Wessel, Principal Technologist for Security Compliance at AWS, and Rovan, Principal Technologist based in Sydney. Artem from Commonwealth Bank (via recorded video).
  • Topic: Compliance and security in the cloud, focusing on the journey of Commonwealth Bank.
  • Key Points:
    • Importance of compliance in cloud operations, especially for regulated industries.
    • AWS helps customers achieve compliance and assurance in a continuous and automated manner.
    • Commonwealth Bank's journey to compliance involved transforming governance and compliance in the cloud.
    • The bank developed a detective control framework called Curator using AWS services like Lambda and AWS Config.
    • Challenges with Curator included scalability and the effort required to create and manage custom rules.
    • AWS Config and conformance packs were introduced to address these challenges, providing automated compliance checks and remediation.
    • AWS GuardDuty and Security Hub were leveraged for threat detection and aggregation of security findings.
    • Commonwealth Bank adopted a "Trust but Verify" approach, enabling application teams to operate in a self-service manner while ensuring compliance.
    • The bank achieved deployment velocity, visibility, reporting, and reduced engineering time through AWS services.
    • AWS responded to Commonwealth Bank's feedback by enhancing services and reducing costs.

Insights

  • Compliance as Code: The shift towards codifying compliance is critical for scalability and speed, allowing for automated deployment of controls across multiple accounts.
  • AWS Config and Conformance Packs: These tools are essential for managing compliance at scale, with conformance packs providing immutable rules that ensure consistent compliance across an organization.
  • Automated Remediation: AWS services enable automated responses to non-compliant resources, reducing the need for manual intervention and streamlining the compliance process.
  • Threat Detection and Security Monitoring: AWS GuardDuty and Security Hub offer advanced threat detection and a centralized view of security findings, enhancing an organization's security posture.
  • Customer Feedback and AWS Service Improvement: AWS's responsiveness to customer feedback, such as Commonwealth Bank's, leads to service enhancements and cost reductions, demonstrating AWS's commitment to customer-centric innovation.
  • Cultural Shift in Accountability: The implementation of real-time compliance checks and visibility tools has led to a cultural shift within Commonwealth Bank, increasing accountability among application teams.
  • Cost Optimization: AWS's willingness to review pricing in response to customer needs shows a partnership approach to service provision, helping customers like Commonwealth Bank optimize costs while maintaining high security and compliance standards.
How Code to Cloud Security Encourages Innovation on Aws Prt010How Corning Built E2e Ml on a Data Lakehouse Platform with Databricks Prt321