Most industries these days have specific regulatory requirements due to the amount of sensitive data that businesses store, transmit, and process on a daily basis. For example, financial and healthcare organizations have governmental compliance mandates they need to adhere to as well as industry-specific best practices to follow. As companies are making the shift to the cloud, there are some compliance concerns that many businesses have. Concerns such as:
“If I move my data offsite to the cloud, how do I know I have complete control over it?”
“I’m unsure we can move to a cloud platform as our information needs to stay behind our corporate firewall.”
Amazon Web Services (AWS) announced at their re:Invent conference this past October a new automated service that continuously monitors resources in the AWS cloud platform to ensure they are in compliance with an organization’s specific security and compliance requirements. This automated service is called Config Rules and is described by Amazon as “a new set of cloud governance capabilities that allow IT Administrators to define guidelines for provisioning and configuring AWS resources and then continuously monitor compliance with those guidelines.”
How Config Rules Works
When running applications on AWS, resources are created and managed collectively as a whole. Often when you expand, it becomes more difficult to keep track of all of the running AWS resources. AWS Config (through which you launch Config Rules) works to oversee all application resources. You can set AWS Config Rules to evaluate configuration settings and if it detects a resource that violates the conditions set by the rules you have established – it sends a notification stating the resource is noncompliant.
With Config Rules, users can select from a set of rules built into AWS based on AWS best practices, or make their own unique, custom rules. All rules can be monitored via a centralized dashboard which keeps track of compliance status.
Audit and Compliance Support
If your organization processes data that requires regular audits for compliance (i.e. financial information or personal health information), AWS makes running these audits easy to do. Historical configurations, compliance status, and the location of sensitive data are all accessible via the central AWS Config dashboard. Organizations are able to pull compliance reports from the dashboard which then can be submitted to government and regulatory agencies.
How Config Rules Helps with Security
Config Rules assists with security by keeping track of configuration changes. Often (as is the case with using multiple AWS resources) changing the configuration of one resource may impact other resources, which affects compliance status. With AWS Config, you can view how resources are related to assess how making a change will impact other components of the system. AWS Config can also analyze potential security weaknesses by reviewing historical information such as AWS Identity and Access Management permissions, or security group rules that manage who has access to system resources.
As AWS helps to improve business efficiency by providing a scalable, redundant storage and processing platform for business information and data, it now includes audit and compliance support through tools in AWS Config and Config Rules.