Where does that leave you? You still need to protect what you put in the cloud.
Remember the unlocked front door example earlier? The builder installed a
lock on the door and gave you the key. Yet, it is still up to you to lock that door
so that bad guys don’t come in.
Protecting your systems, platforms, data, and applications in AWS is not a triv-
ial task but that doesn’t mean it has to be overwhelming or extremely compli-
cated either. Rather, it means that security should not be approached noncha-
lantly. It’s not as simple as putting a firewall in front of your servers and
declaring success. Implementing a set of comprehensive security measures
requires careful planning that starts with the vision of where you want to go.
That vision should guide your strategy on how to get there, and your approach
must cover security needs across the People, Process, and Technology
triangle.
The Approach
At CTP, we guide our clients through a prescriptive approach on their cloud
journey. We call it the Cloud Adoption Program.
This approach provides for an efficient process with predictable and measured
outcomes. We have perfected our methodology throughout the hundreds of
successful cloud engagements we have participated in. Every engagement and
every client is a little different, but every one of them shares the same need to
address applicable security and governance requirements. That is why Secu-
rity and Governance is one of the fundamental building blocks in our approach
to helping enterprise clients adopt AWS.
Our client base ranges from midsize companies and “normal” large enterprise
clients to heavily-regulated financial industry and healthcare behemoths. We
start assisting our clients at the early stages of cloud adoption. Their focus is
typically around understanding AWS security capabilities, mapping their reg-
ulatory requirements and controls to public cloud, and creating roadmaps to
ensure their operations on AWS will be safe and secure. We continue advising
them throughout their journey to AWS by reinforcing their awareness of best
practices, conducting security workshops, and implementing solutions that
address all of their security needs. Below are some of the most common areas
in which we help our clients.
Governance, Risk & Compliance
We help our clients establish appropriate IT governance models for operating
in AWS. We advise them on cloud GRC best practices, help our clients under-
stand their risk exposure, and identify and implement required processes to
ensure compliance with various control frameworks.
Perimeter & Infrastructure Protection
We work closely with our clients to design and implement required account
structures, appropriate network architectures with VPC and subnet segmen-
tations, security groups and network ACL’s. We implement native AWS and 3rd
FALL 2017 | THE DOPPLER | 13