Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 21 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 17 Centralized Security Management Many organizations have challenges related to visibility and centralized management of their environments. As your operational footprint grows, this challenge can be compounded unless you carefully consider your security designs. Lack of knowledge, with decentralized and uneven management of governance and security processes can make your environment vulnerable. AWS provides tools that help you to address some of the most challenging requirements for IT management and governance, and tools for supporting a data protection by design approach. AWS Control Tower provides an easy method to set up and govern a new, secure, multi-account AWS environment. It automates the setup of a landing zone6 which is a multi-account environment that is based on best-practices blueprints, and enables governance using guardrails that you can choose from a pre-packaged list. Guardrails implement governance rules for security, compliance, and operations. AWS Control Tower provides identity management using AWS Single Sign-On (SSO) default directory and enables cross-account audit using AWS SSO and AWS IAM. It also centralizes logs coming from Amazon CloudTrail and AWS Config logs, which are stored in Amazon S3. AWS Security Hub is another service that supports centralization and can improve visibility into an organization. Security Hub centralizes and prioritizes security and compliance findings from across AWS accounts and services, and can be integrated with security software from third-party partners to help you analyze security trends and identify the highest priority security issues. Amazon CloudWatch Events enables you to set up your AWS account to send events to other AWS accounts, or become a receiver for events from other accounts or organizations. This mechanism can be very useful for implementing cross-account incident response scenarios, by taking timely corrective actions (for example, by calling a Lambda function, or running a command on EC2 instance) as necessary any time a security incident event occurs.

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS