Auditing in AWS
The cloud computing era has been a godsend for non-techies. However, it has also introduced many security and cost issues.
Data breaches can destroy business reputation, revenue and customer trust. Therefore, it’s important for businesses to audit their infrastructure. This is where AWS Audit Manager comes in. It helps to automate evidence gathering for the assessment process.
1. Pre-built frameworks
AWS has several tools to monitor your cloud environment. These tools can alert you to performance issues before they escalate into a major outage and help you optimize your applications.
These tools can also detect unauthorized access to your cloud systems and data. They can even report on a potential security breach in your cloud platform. These tools can save you valuable time and money by helping you prevent security incidents.
You can use the Amazon Web Services (AWS) CloudTrail service to collect logs of management and non-API actions performed in your AWS account. Management events include any operation that impacts the control plane of a resource, such as modifying an instance or creating a database. AWS CloudTrail automatically records all management event activity. Non-API activities that are logged with CloudTrail include console logins (event type AwsConsoleSignIn) and automated service actions like cryptographic key rotations. You can control what is logged by using a trust policy on the assumed role.
2. Custom frameworks
The solution supports the continuous auditing of your AWS infrastructure to simplify risk and compliance assessment. It uses an event driven architecture to support automated controls management using Amazon S3 and GitHub integrations. It also encrypts data at rest with a customer managed or AWS managed key, and provides secure and private endpoints for API queries to the service.
Each framework has a group of audit-related rules called control sets. Users can design an evaluation based on a prebuilt framework or create their own to meet business needs. Each control set is assigned to a particular domain that helps organize and group related rules together.
Users can extend the out-of-the-box audit capabilities of the solution by transforming AWS Config conformance packs into custom frameworks. A custom framework is a structure that defines the scope of an assessment, and the controls in the framework map to AWS resources. When an assessment runs, AWS Audit Manager collects evidence from the resources specified in the evaluation scope at automated time intervals.
3. Automated evidence
Gathering evidence manually for an audit can take a lot of time and requires a lot of expertise. AWS Audit Manager eliminates some of that work by collecting data automatically.
When you complete an assessment, it generates a report that summarizes all the important evidence gathered for that assessment. It also directs you to the folders containing that evidence. These reports and evidence are saved to the Amazon S3 bucket assigned as the ‘assessment report destination’ when you create an assessment.
Each assessment has a defined scope that specifies the AWS services and accounts you want to collect evidence for. You can use a pre-built framework to support a standard compliance regulation (such as PCI or HIPAA) or create your own custom framework. AWS Audit Manager collects evidence from the resources in your assessment scope at automated intervals. This evidence is used to generate your assessment reports and is known as automated evidence. You can also manually upload evidence.
4. Reporting
Detecting anomalous behavior in your AWS environment and taking remedial actions requires a comprehensive set of tools. Amazon CloudTrail is a service that enables governance, compliance, and operational auditing by capturing events and activities across your entire environment. With this service, you can monitor a wide range of AWS resources like Amazon EC2, RDS, S3, and Elastic Load Balancer, among others. It also helps you retain API calls and user activity logs for auditing purposes.
Monitoring is critical to ensure that no AWS resource is overlooked, and that anomalies are detected quickly. However, production deployments are often too dynamic to monitor manually. This is why we recommend implementing a framework that prioritizes metrics and logs to capture everything you need for your auditing and security needs. Cygna provides visibility into AWS changes and alerts you when key risks are discovered, such as changes to your AWS IAM roles, federation, or MFA policies. Getting alerts for these changes enables you to take quick action and mitigate risks.