The use of cloud services is widespread and expected to only continue to increase by 2020, it is estimated that 41 per cent of enterprise workloads will be hosted on public cloud platforms.
One of the leading platforms in this space, Amazon Web Services (AWS), has the ability to help teams become more agile; however, without proper knowledge of AWS configurations and potential hazards, enterprises may also open themselves to new risks.
With this in mind, ISACA has launched a new audit program, Amazon Web Services (AWS) Audit Program to support IT auditors in their assessments of AWS deployments, including the use of AWS services, access to the AWS environment, management and interrelationships of AWS services.
The program covers AWS applications, functions and containers, and across the domains of governance, network configuration and management, asset configuration and management, logical access control, data encryption controls, logging and event management, security incident response and disaster recovery.
IT audit professionals can follow detailed testing steps outlined for controls across these domains in this audit program spreadsheet to assist in their auditing process, but they are encouraged to customise the document for their unique enterprise needs. The program is free to members, and $25 for non-members.
“ISACA's AWS Audit Program provides IT audit professionals with the essentials for grasping the breadth and depth of AWS deployments as well as to provide them with a solid foundation for building their own customised audit program around these services,” said CISA lead developer AWS Audit Program Adam Kohnke.
Now in its 50th anniversary year, ISACA is a global association helping individuals and enterprises achieve the positive potential of technology. Today's world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations.
ISACA leverages the expertise of its 460,000 engaged professionals including its 140,000 members in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology.