Cloud Compliance at AWS Public Sector Summit 2016

Steve Horvath
Stephen Horvath
June 14, 2016 • 3 min read

In 2006, I joined Telos Corporation as a senior information security engineer and program manager with the task of building and implementing a risk management system within the U.S. Intelligence Community.  I had been working in the information security industry for over eight years prior to this new endeavor, and was well aware that most folks dislike the “security guys.”  What I learned soon after starting at Telos: most folks also HATE compliance.

It takes a certain type of individual to get excited about compliance – Type A personalities come to mind.  Compliance is often viewed as a check-the-box exercise, disregarded as busy work.  But, this view couldn’t be more inaccurate.  Compliance ensures at least a minimum standard, in this case of cyber security, a standard that is clearly defined and achieved.

The value of compliance is even more opaque when it is surrounding something extremely difficult to understand: cyber security, particularly in the cloud.

Make no mistake, compliance can be difficult.  There is, however, tremendous value in achieving compliance and ensuring true and valid risk management practices have been followed – from architecture and development through testing and production.  Compliance frameworks like the NIST RMF, NIST CSF, NIST 800-171, ISO 27000 Series, PCI DSS, and HIPAA/HITECH, when followed diligently, allow for trust in systems that maintain critical information necessary for our way of life.

AWS Enterprise Accelerator for Compliance

Telos has been working on solutions surrounding risk management and compliance for the last 20 years, and  just last week announced one of the most important initiatives in the history of the Xacta IT GRC suite: the enhancement of Xacta with AWS Enterprise Accelerator for Compliance.

Amazon Web Services (AWS) has developed a powerful new tool in cloud security, the Enterprise Accelerator for Compliance.  Working with AWS security engineers, the Telos engineers have taken these documented controls and implemented them within the Xacta product suite – allowing customers to inherit controls from the AWS infrastructure, and only concern themselves with the leftover “Shared Responsibility” and outstanding controls for compliance.

Let me put it another way: Telos and AWS can help streamline the compliance process in any organization looking to move to the cloud by reducing controls documentation and validation by anywhere from 20 to 50%.  That means 20 to 50% faster to mission, production, and value.

Cloud Compliance: A New Generation of True Automation

I’d like to invite you to join us at the free AWS Public Sector Summit, June 20- 21 in Washington, D.C., where we will be presenting a 10:00 AM breakout session on Tuesday June 21st, called: Cloud Compliance: A New Generation of True Automation.

At the breakout session, my colleague Hugh Barrett and I will be joined by Russ Marsh, CISO for Department of Energy – IN, and Brett Miller of AWS to demonstrate the incorporation of the AWS Enterprise Accelerator for Compliance into the Xacta product suite, and we will provide a demo of a fully automated risk management and compliance lifecycle. Utilizing our advanced inheritance capability, the demo will provide an overview of project creation, definition, inheritance, and testing of both the technical and non-technical controls associated with a given set of regulatory guidance, publishing of a body of evidence, and ongoing or continuous monitoring for full spectrum IT risk.

I hope you will attend. It just might be the presentation that saves your organization time and money, and reduces your risk in the process.

Steve Horvath
Stephen Horvath
Vice President, Strategy and Cloud
Stephen Horvath is the vice president of strategy and cloud at Telos Corporation.
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.