How AWS Helps with the Compliance Process
Compliance regulations are some of the most important guidelines your organization needs to meet. Whether it’s global compliance programs like SOC, PCI DSS, or an ISO standard, or U.S.-specific standards like NIST for FISMA or HIPAA regulations, there’s a great deal you’ll need to audit and report on. Fortunately, if you use Amazon Web Services (AWS), they’ve already done some of the heavy lifting for you.
AWS achieves this through a “Shared Responsibility Model” that clearly divides compliance responsibilities. We’ll dig into that a little more below.
Compliance Areas Where AWS Can Help
AWS provides support for compliance regulations around the world, including the U.S., Canada, and Asia Pacific regions. Some of the standards they adhere to include:
- SOC 1: Audit Controls Reports.
- SOC 2: Security, Availability, and Confidentiality Reports.
- SOC 3: General Controls Reports.
- FISMA: Federal Information Security Management.
- ISO: Certification and quality standards.
They are also compliant with a number of other regulatory frameworks.
The AWS Shared Responsibility Model
AWS makes use of a “Shared Responsibility Model” that clearly defines what AWS is responsible for, and what their customers are responsible for.
AWS Responsibilities
AWS is responsible for the infrastructure security of the cloud. Their security policies, processes, and technology are designed to protect all services offered through AWS. This infrastructure includes the hardware, software, networking, and facilities that run AWS services.
Customer Responsibilities
The customer is responsible for security “in” the cloud, and this can vary depending on the specific AWS services being used. For example, a customer is responsible for the security of the operating system, the data they hold, firewalls, encryption, applications and utilities, protecting access and logins, and several other areas.
You can find more information about the Shared Responsibility Model here.
AWS Artifact is a Hub for Compliance Reporting
AWS Artifact is a centralized resource for AWS compliance reporting. It provides a self-service portal where you can download on-demand compliance reports and online agreements. Reports provided by AWS Artifact include:
- Service Organization Control (SOC) reports.
- Payment Card Industry (PCI) reports.
- Certifications from accreditation bodies like ISO.
AWS Artifact also allows you to review, accept, and manage your agreements with AWS. You can then apply those agreements to all the AWS accounts in your business.
AWS Config Lets You Manage Continuous Compliance
AWS Config lets you automate many of your compliance needs. It’s available from the AWS management console and you can use the Amazon Simple Notification Service (SNS) to get an alert if something changes and it no longer complies with your rules. This can be combined with AWS Lambda to revert or make future changes to ensure you’re continually compliant.
AWS Helps to Reduce Pressure on Compliance Officers
As regulations become stricter and more widespread, compliance officers have to keep track of an increasingly complex environment. AWS removes a lot of that pressure through ensuring that their hardware, facilities, networking, and software are already in compliance with multiple frameworks. This means a compliance officer can focus more on the areas their organization controls, creating deeper, better auditing and remediation of compliance risks.
AWS makes compliance faster, easier, and more robust. A diverse range of services, combined with AWS Artifact, AWS Config, and the Shared Responsibility Model lets you stay in control. Take advantage of AWS cloud compliance to help you save time while meeting your technology regulatory needs. Learn how Media Temple can help you manage your services across the AWS cloud.
As an AWS Advanced Consulting Partner, Media Temple can help you get the most from your AWS cloud. Reach out anytime.
