View Blog Post

Continuous Compliance on AWS with CodePipeline and CloudFormation

Whether it’s in or out of the cloud, most IT compliance usually comes in the form of a multitude of checklists – like the one you see below. It might be a spreadsheet, website, or other “digital” tool but, in the end, it’s still checklists that software teams must comply with by filling out forms Read more…

View Blog Post

Continuous Compliance on AWS Workflow

It’s 7:37 AM on a Sunday. You’re in the Security Operations Center (SOC) and alarms and emails are seemingly being triggered everywhere. You and a colleague are combing through dashboards and logs to determine what is causing these alerts. After running around with your “hair on fire” for around 30 minutes, you finally determine that Read more…

View Blog Post

Continuous Compliance on AWS using AWS Config Rules

How does compliance work in many organizations? From what I’ve seen, it might look something like this: ‘Internal compliance is conducting an audit in three weeks, we need to make sure we’re compliant with all of our internal policies’. What ensues is a heroic effort of people discovering or creating documents and other artifacts indicating what Read more…

View Blog Post

Segregation of Duties on AWS

In the book, Accelerate, by Forsgren, et al., it states the following about Segregation of Duties:   What About Segregation of Duties?…First, when any kind of change is committed, somebody who wasn’t involved in authoring the change should review it either before or immediately following commit to version control. Second, changes should only be applied Read more…