Leveraging AWS Trusted Advisor for Security and Compliance
March 28, 2019, AJ Yawn, Principal, SOC Practice, Coalfire
The benefits of undergoing mandatory or voluntary cybersecurity compliance assessments are well known throughout the cybersecurity industry. These benefits include improving the security posture of the organization, enabling sales to move faster through the sales lifecycle, addressing regulatory compliance requirements, and many more. Despite the benefits, compliance assessments can be labor intensive and painful. This pain is often due to the complexities associated with understanding the security posture of the environment being assessed as well as collecting this information in a timely and efficient manner. Amazon Web Services (AWS) offers a number of services that provide flexibility, scalability, and reliability in the cloud. AWS also offers services to assist cybersecurity professionals with understanding their security environment and demonstrating compliance to auditors to ease the pain of cybersecurity assessments. One of those services is AWS Trusted Advisor, which provides real-time best practice guidance to help provision, monitor, and maintain AWS resources. These best practice recommendations span five categories: cost optimization, performance, security, fault tolerance, and service limits.
Automating Incident Prevention and Response in AWS
October 22, 2018, AJ Yawn, Principal, SOC Practice, Coalfire
Information security incidents can result in reputational damage, financial losses, or a loss of system functionality for organizations at any time. Because threats and attack vectors are growing rapidly, organizations must prepare to respond to incidents in real time. The incident response (IR) process must be able to detect common attack vectors and common misconfigurations that could potentially lead to an incident. Effective IR is vital to the security of any organization and is also a critical process that is evaluated when undergoing the following compliance assessments: FedRAMP, SOC & SSAE 18, ISO, HITRUST, PCI-DSS, among others.
She Powers Tech
December 01, 2017, Jennifer Tonisson, Partner Marketing Manager, Technology & Cloud, Coalfire
November 28th at the Venetian in Las Vegas, AWS re:INVENT held an important session that could shape the future of technology. The sold-out session, SHE POWERS TECH: Women Supporting Women in Tech, filled a ballroom with 500 women in technology and a few men who were interested in the topic. The impressive line-up of speakers included women in a wide variety of technological fields spanning automotive engineering to technology in fashion.
Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services
October 18, 2017, Jennifer Tonisson, Partner Marketing Manager, Technology & Cloud, Coalfire
Coalfire conducted a webinar, FedRAMP on AWS: What you need to know. The discussion covered what cloud service providers need to know when pursuing FedRAMP authorization leveraging AWS U.S East/West or GovCloud. Below you’ll find the Top 10 things that cloud service providers should know.