Post

Governance & Compliance - Regular Audits

Posted
By Sakharam Shinde
3 min read

Introduction

  • Conducting regular audits after policy enforcement in CSP’s involves several stages that are generally similar across all three cloud service providers.
  1. Define Audit Scope and Objectives
    • General: Identify what needs to be audited, the policies in place, and the goals of the audit.
    • Azure: Define the scope using Azure Policy and Azure Security Center.
    • AWS: Define the scope using AWS Config Rules and AWS Security Hub.
    • GCP: Define the scope using Google Cloud Asset Inventory and Cloud Security Command Center (Cloud SCC).
  2. Collect Data and Logs
    • General: Gather relevant data and logs from cloud resources and services.
    • Azure: Collect data using Azure Monitor, Azure Log Analytics, and Activity Logs.
    • AWS: Collect data using AWS CloudTrail, AWS CloudWatch, and AWS Config.
    • GCP: Collect data using Stackdriver Logging, Cloud Audit Logs, and Cloud Asset Inventory.
  3. Analyze Compliance with Policies
    • General: Analyze the collected data to check compliance with the defined policies.
    • Azure: Use Azure Policy compliance reports and Azure Security Center recommendations.
    • AWS: Use AWS Config compliance reports and AWS Security Hub findings.
    • GCP: Use Cloud Security Command Center (Cloud SCC) insights and Cloud Asset Inventory reports.
  4. Identify and Assess Violations
    • General: Identify any violations of policies and assess their impact.
    • Azure: Identify violations using Azure Policy compliance results and Azure Security Center alerts.
    • AWS: Identify violations using AWS Config non-compliant resources and AWS Security Hub alerts.
    • GCP: Identify violations using Cloud Security Command Center (Cloud SCC) findings and IAM Policy Analyzer.
  5. Generate Audit Reports
    • General: Create detailed reports of the audit findings, including compliance status and violations.
    • Azure: Generate reports using Azure Policy compliance dashboard and Azure Security Center reports.
    • AWS: Generate reports using AWS Config compliance dashboard and AWS Security Hub reports.
    • GCP: Generate reports using Cloud Security Command Center (Cloud SCC) dashboards and Cloud Asset Inventory reports.
  6. Remediate Issues
    • General: Address and remediate identified issues to ensure compliance.
    • Azure: Remediate issues using Azure Automation, Azure Logic Apps, and Azure Resource Manager templates.
    • AWS: Remediate issues using AWS Systems Manager, AWS Lambda, and AWS CloudFormation.
    • GCP: Remediate issues using Google Cloud Deployment Manager, Cloud Functions, and Policy Controller.
  7. Monitor Continuous Compliance
    • General: Implement continuous monitoring to ensure ongoing compliance with policies.
    • Azure: Use Azure Policy for continuous compliance assessment and Azure Sentinel for security monitoring.
    • AWS: Use AWS Config for continuous compliance assessment and AWS GuardDuty for security monitoring.
    • GCP: Use Cloud Security Command Center (Cloud SCC) for continuous compliance assessment and Security Health Analytics.
  8. Review and Update Policies
    • General: Regularly review and update policies to adapt to new requirements and threats.
    • Azure: Update policies using Azure Policy and review security recommendations in Azure Security Center.
    • AWS: Update policies using AWS Config Rules and review security findings in AWS Security Hub.
    • GCP: Update policies using Google Cloud Organization Policy and review insights in Cloud Security Command Center (Cloud SCC).
StageAzureAWSGCP
Policy and Security ToolsAzure Policy, Azure Security CenterAWS Config Rules, AWS Security HubGoogle Cloud Asset Inventory, Cloud Security Command Center (Cloud SCC)
Data CollectionAzure Monitor, Azure Log Analytics, Activity LogsAWS CloudTrail, AWS CloudWatch, AWS ConfigStackdriver Logging, Cloud Audit Logs, Cloud Asset Inventory
Compliance AnalysisAzure Policy compliance reports, Azure Security Center recommendationsAWS Config compliance reports, AWS Security Hub findingsCloud Security Command Center (Cloud SCC) insights, Cloud Asset Inventory reports
Violation IdentificationAzure Policy compliance results, Azure Security Center alertsAWS Config non-compliant resources, AWS Security Hub alertsCloud Security Command Center (Cloud SCC) findings, IAM Policy Analyzer
ReportingAzure Policy compliance dashboard, Azure Security Center reportsAWS Config compliance dashboard, AWS Security Hub reportsCloud Security Command Center (Cloud SCC) dashboards, Cloud Asset Inventory reports
RemediationAzure Automation, Azure Logic Apps, Azure Resource Manager templatesAWS Systems Manager, AWS Lambda, AWS CloudFormationGoogle Cloud Deployment Manager, Cloud Functions, Policy Controller
Continuous MonitoringAzure Policy, Azure SentinelAWS Config, AWS GuardDutyCloud Security Command Center (Cloud SCC), Security Health Analytics
Review and Update PoliciesAzure Policy, Azure Security CenterAWS Config Rules, AWS Security HubGoogle Cloud Organization Policy, Cloud Security Command Center (Cloud SCC)
architect, cloud, network
Cloud Cloud Architect Security Architect Cloud Security
This post is licensed under CC BY 4.0 by the author.