Achieving Continuous Compliance with CTP and AWS

© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Achieving Continuous

Compliance

with CTP and AWS• Peter Williams, Global Technology Lead, Amazon Web Services

• Brian Ott, VP of Managed Cloud Control Services, Cloud Technology

Partners

• Ann Neidenbach, CIO, Cowen

© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

• How compliance in the cloud is different than on-premises, particularly for

financial services organizations.

• What it means to be in continuous compliance and why it’s important.

• How Cloud Technology Partners (CTP) and Amazon Web Services (AWS) work

together to keep you in compliance.

• How to improve visibility of all compliance requirements across the business.

Learning Objectives

© 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS and Financial Services-

Governance, Risk and Compliance

(GRC)


Industry Challenges

The regulatory environment for

financial services organizations is

both complex and dynamic.

Identifying, assessing, and

complying with change across the

business is even more challenging

without a comprehensive approach.

How can organizations ensure

regulatory compliance in the

cloud?

EMA

PRA

Treasury

FDIC

FFIECBASEL

Dodd-Frank

NMS

MiFID II BCBS 239

CCAR

ESMA

RDAFR Y-9C


Key AWS Certifications and Assurance Programs

Visit http://aws.amazon.com/compliance for more details.

http://aws.amazon.com/compliance


Security by Design (SbD) is a modern,

security assurance approach that

formalizes AWS account design,

automates security controls, and

streamlines auditing.

It is a systematic approach to ensure

security; instead of relying on after-the-fact

auditing, SbD provides control insights

throughout the IT management process.

Create Invisible Guardrails: Security by Design

CloudTrail

CloudHSM

IAM

KMS

AWS

Config


AWS WAFTool designed to filter

malicious web traffic

AWS OrganizationsPolicy-based management

for multiple AWS accounts

Amazon InspectorAutomated application

security assessment service

AWS ShieldManaged Distributed Denial

of Service (DDoS) protection

service that safeguards web

applications running on AWS

AWS Identity and

Access Management

(IAM)Securely control access to

AWS services and

resources for your users

AWS Key Management

Service (AWS KMS)Managed service to create

and control encryption keys

AWS CloudHSMHardware-based keys storage

for regulatory compliance

AWS EC2 Systems

ManagerFleet management for

vulnerability scanning and

patching.

AWS Config and AWS

Config rulesAWS resource inventory,

configuration history, and

configuration change notifications

& preventive rules.

AWS Service Catalog &

AWS CloudFormationAWS tools to manage approved

services and environments

across all accounts, Lines of

Business, and user bases.

Amazon Macie Uses machine learning to

automatically discover, classify,

and protect sensitive data on

AWS.

AWS Tools & Services

Amazon VPCLogically isolated section of the

AWS Cloud where you launch

AWS resources in a virtual

network that you define


Continuous Compliance Monitoring

Compliance organizations need to:

• Monitor compliance with rules required for their organization.

• Maintain up-to-date regulations across numerous regulators.

• Consolidate monitoring across their organization in a ‘single pane of glass’.

• Prove to auditors that compliance is maintained now and historically.

© 2017 Cloud Technology Partners, Inc. / Confidential 9

Managed Cloud Controls

Continuous Compliance


We Are Enterprise Cloud Experts

CTP is a premier cloud services and

software company for enterprises

moving to cloud.

500+ Enterprise Engagements

Across Platforms

✓ AWS Premier Consulting Partner

✓ Gartner Cool Cloud Vendor

● Migration Competency

● Security Competency

● IoT Competency

● DevOps Competency

● Financial Services Competency

● Managed Services Partner


Common Questions & Concerns in Moving to

AWS

Minimize the risk and

uncertainly and to

accelerate adoption of AWS.

“Continuous

Compliance”

• “How do I gain alignment around my cloud

strategy and continuously govern everything

we’re doing in the cloud?”

• “How do I prepare for regulatory audits?”

• “How do I ensure that applications we migrate to

the cloud are following my security and

governance requirements?”

• “How do I find peace of mind and ensure our

employees are following our governance, risk

and compliance standards?”


What is Continuous Compliance?

A Service to Provide Your Single Source of

Proof for Compliance.

Continuous monitoring of over 1,000 IT compliance, corporate

governance and regulatory compliance controls.

Real-time monitoring and alerting of control failures and

recommendations for remediation

The most up-to-date policies from regulatory organizations

that ensure compliance frameworks are updated upon

release

Continuous synchronization of new cloud services and

capabilities with regulatory compliance frameworks

Reduced time, cost and complexity of audit preparation

CTP’s expertise to provide ongoing recommendations for

remediation and cloud compliance


Continuous Compliance - Approach

Compliance

Risk

Security

Control Frameworks

Technical Rules

Process Rules

** CTP BP: CTP Best Practices for AWS


How Does Continuous Compliance Work?

Source of Data Key Stakeholders

Compliance

Risk

Security

Cloud

Applications

Infrastructure

Regulatory

Framework

Technical Rules

Process Rules

SaaSContinuous Compliance

Policy Hub

We scan AWS


CTP’s Continuous Compliance Bridges the Customer

& AWS Areas of Responsibility as a Single Source for

Compliance

Continuous

Compliance


CTP Worked with Cowen to Enable & Accelerate the

Move to AWS Including Continuous Compliance

PHASE 5:

OPERATE & OPTIMIZE

PHASE 2:

ASSESS & PLAN

TCO / ROI Assessment

Application Portfolio Assessment

Security Assessment

Infrastructure Assessment

DevOps Assessment

ESTABLISH BASELINE TRANSITION

PHASE 1:

WORKSHOP

DISCOVERY

PHASE 4:

MIGRATE

PHASE 3:

BUILD

LAY FOUNDATION

Minimum Viable Cloud (MVC)

DevOps Enablement

Tooling & Automation

CloudOps

InfoSec

Client Solutions

Financial Management

Application Optimization

>> >> >>

MANAGED

CLOUD

CONTROLS

Continuous Compliance

Continuous Cost Control



Case Study


Cowen Challenges

• Legacy/Aging infrastructure and datacenters: High costs to maintain

(comp and non-comp) – significant capital expenditure required to

upgrade/refresh.

• Shift in business model: Moved many critical business systems to

Software as a Service (SaaS) providers resulting in over-engineered

infrastructure for what remained.

• Evolving business strategy: Required agile infrastructure that could

easily remove cost.

• Reliable compliance controls in regulated industry: Alignment to the

National Institute of Standards and Technology (NIST) compliance

framework.


Why Choose CTP and AWS?

Proven APN PartnerExperience with a number

of financial services firms

on cloud migrations

Scaling

Engagements Assess capabilities before

committing to a longer

term engagement

Monitor and Leverage

C2Continuously monitor our

applications against the NIST

compliance framework

Experience/Knowledge Grow overall cloud strategy

and migration


How Did CTP Address Cowen’s Challenges?

Cowen IT experienced a significant cultural shift in a manner of

months,

having a fully functional DevOps Team in 13 weeks.

•Validated our assumptions on Cloud economics

•Developed a roadmap to ensure our time horizons were realistic

Provided the necessary training and frameworks:

● Agile Development Methodology

● Minimally Viable Cloud (MVC) model

● Cloud Migration Factory

Guided the development of tools/process to maintain security/compliance

1 2

3 4


Cowen AWS Migration

Cowen’s migration to AWS followed an agile development methodology, allowing for

iterative learning.

Cowen’s ‘Migration Factory’ ran in 3 week

Sprints with successively more complex apps

in each Sprint. Initial Sprints developed the

automated building blocks used in the later

stages.

The MVC workstream built upon itself

starting with Foundational, Fundamental,

and Extended components as the staff

experience and cloud usage expanded.


Specific Benefits to Cowen

The migration to AWS has yielded significant improvements to Cowen’s

overall IT environment.• Consistent, repeatable, and fully automated build process through infrastructure and

application deployment.

• On-demand lab/development and QA environments only run during hours of usage with

automated start/stop.

• Enhanced cost and Total Cost of Ownership (TCO) details by application.

• Automated patching process of base images across cloud infrastructure.

• Hybrid operational model across both cloud and on-premises environments:

Centralized cloud-based monitoring – ‘single pane of glass’

Central Support Staff for cloud and on-premises


CTP Continuous Compliance on AWS

• Achieve and maintain a continuous state of compliance for a cloud

enabled business

• Build a data-driven approach to compliance

• Get real-time notification analysis and remediation strategy

• Accelerate the pace of innovation



Q&A


Learn More About CTP

https://www.cloudtp.com/

Learn More About Continuous Compliance

https://hubs.ly/H08FlB70

Try AWS for Free

https://aws.amazon.com/

Next Steps and Further Information

https://www.cloudtp.com/

https://hubs.ly/H08FlB70

https://aws.amazon.com/


Thank You!

Achieving Continuous Compliance with CTP and AWS

Documents

Transcript of Achieving Continuous Compliance with CTP and AWS