Continuous Compliance Automation in AWS cloud environment
Jansson, Isak (2021)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2021052631832
https://urn.fi/URN:NBN:fi-fe2021052631832
Tiivistelmä
Compliance is increasingly growing as an area of importance in the Information Technology sector to compete and deliver applications that follow regulatory requirements and standards. The scrutiny of auditors and regulators in some parts of the Information Technology sector has increased significantly during the last years due to the increasingly hostile environment. Compliance has become required by customers and needed if engaging in specific activities in the Information Technology sector, especially when working in the financial industry.
This thesis investigates compliance for Information Technology systems in the financial sector. More specifically, the thesis examines how to remain in compliance using the methodology of continuous compliance. Achieving compliance can be challenging, especially when moving Information Technology infrastructure to a public cloud service provider from a strictly on-premises solution. However, by introducing automation into the process, this thesis tries to show how compliance work can be decreased with the possibilities of automation in the cloud. Both to improve the compliance posture as well as security and minimize the involvement of human beings in the ever-changing compliance process. Automating the compliance process is done using different services provided by Amazon Web Services and introducing other tools even to remediate compliance problems wherever possible automatically. This thesis shows that it may be beneficial to introduce an automated continuous compliance process when working with strict regulation to help with reoccurring issues. The implemented solution focuses on compliance frameworks like CIS benchmark and PCI-DSS requirements in relation to Information Technology infrastructure. The proof of concept implemented focuses on the advantage and possibilities to automate compliance work in Amazon Web Services cloud environment as well as investigates the possible use of the idea in a full-scale solution.
This thesis investigates compliance for Information Technology systems in the financial sector. More specifically, the thesis examines how to remain in compliance using the methodology of continuous compliance. Achieving compliance can be challenging, especially when moving Information Technology infrastructure to a public cloud service provider from a strictly on-premises solution. However, by introducing automation into the process, this thesis tries to show how compliance work can be decreased with the possibilities of automation in the cloud. Both to improve the compliance posture as well as security and minimize the involvement of human beings in the ever-changing compliance process. Automating the compliance process is done using different services provided by Amazon Web Services and introducing other tools even to remediate compliance problems wherever possible automatically. This thesis shows that it may be beneficial to introduce an automated continuous compliance process when working with strict regulation to help with reoccurring issues. The implemented solution focuses on compliance frameworks like CIS benchmark and PCI-DSS requirements in relation to Information Technology infrastructure. The proof of concept implemented focuses on the advantage and possibilities to automate compliance work in Amazon Web Services cloud environment as well as investigates the possible use of the idea in a full-scale solution.