Even though the out of town presenters Austen Debord and Rob Navarro were late – once there they gave a good overview of cloud possibilities: Azure, Google and AWS are competing for businesses which have a wide variety of cloud needs. Part of the problem is that businesses need an assessment of what should actually be placed in the cloud, who should have access to the cloud, the shared responsibilities of the cloud. there is more to this but they only had a few minutes.
Once the overview was done a more detailed look at AWS was discussed (since the presenters were AWS experts). The AWS pieces are the following:
EC2 Elastic Cloud Compute – here is where apps get installed
S3 Buckets are the storage pieces
Security controls should check if S3 buckets are properly walled off.
Security practices need to be communicated with AWS managers. even as things change the security practices must keep up.
Austen and Rob both said that there is help for you if setup or security needs it.
One of the difficulties for some audits is that firewall rules are “required” by state or other auditors, but there are no firewall rules in the cloud, since in AWS they would be SOC rules. Shared responsibilities of AWS and user – business.
Because the 2 AWS experts were a bit late there was time for Robert Hof and Gene Litvin to discuss future event possibilities – including an Azure all day event (which would be easier to co-ordinate since Microsoft should have experts in town). Rob is always looking for ideas – if someone has any please contact him.
Gene also discussed his experience with the Cloud academy and that ISACA does have AWS cloud auditing training available of which one document is here https://next.isaca.org/bookstore/audit-control-and-security-essentials/waaws Amazon Web Services (AWS) audit program which is part of your ISACA membership.
There is also a training event in March 19/20 https://next.isaca.org/training-and-events/in-person-training/training-weeks/cloud-computing-for-auditors by ISACA.
The rest of the training was done by Mike DeNovellis online on the projector.