The traditional audit methodology of manually sampling, interviewing, and observing provides limited insight into the adherence of a customer’s cloud environment to common regulatory frameworks. The auditor and customer’s challenge is to generate and evaluate evidence of an entire system’s compliance with specific controls, which becomes increasingly difficult with larger code bases. The AWS Provable Security initiative applies automated reasoning technology to automatically prove that a customer’s cloud environment meets certain regulatory standards. In this session, Chad Woolf, AWS VP of Security Assurance, and Byron Cook, director of the AWS Automated Reasoning Group, sit down with a representative from Coalfire, assessor of AWS, to discuss how the Provable Security initiative is creating new, higher-assurance models for auditors and customers.
Complete Title: AWS re:Inforce 2019: New Ways to Automate Compliance Verification on AWS Using Provable Security (GRC301)
– Tom McAndrew, Coalfire
Publisher: Amazon Web Services
You can watch this video also at the source.