Through AWS CloudTrail, users’ accounts are governed and audited to ensure compliance and safety. This compliance enhances users to understand the stout controls placed at AWS to ensure data protection in the cloud as well as maintenance of security measures. Security and compliance are enhanced through the use of: Recommended: Five Ways to Boost Your Company’s Security
AWS security audit focal points and approaches
The first audit area is Governance policies, procedures and plans applying to the AWS services purchased, and the kinds of the system as well as information integrated into the AWS services. The network management and configuration must have followed the security requirements of the organization. This deals with the audit approach to understanding the network architecture of users AWS resources. Asset configuration and change management with the audit approach of validating if operating systems security vulnerabilities are protected as well as assets integrity Controlling access to logical AWS resources, processes and users to confirm their authorization to perform specific functions. Here the audit focus is on identifying how users and permissions are designed for AWS services. Data encryption audit approach of checking and validating the methods used to protect data. Security logging and monitoring if systems conform to set policies and procedures. Monitoring security events and operational effectiveness of incident response control for AWS services. Plans to address disaster recovery scenes with the audit approach of determining the fault-tolerant plans for critical assets in case of a disaster. Demonstration of due diligence in the selection of service providers by evaluation of certifications to gain assurance of the operating effectiveness of inherited controls.
This is a guest contributor post.