Author: James Bettaney

AWS’s Approach to Achieving and Maintaining ISO 27001 and SOC Compliance

Two of the world’s most widely used data security standards are ISO 27001 and SOC Compliance Framework. They are two of the many global standards and frameworks Amazon has adopted as part of the Amazon Web Services (AWS) Compliance Programs.

Amazon’s processes achieve and maintain compliance with these standards to ensure AWS customers benefit from strong data security practices and regulatory adherence.

How Amazon Complies with ISO/IEC 27001 Standards
ISO/IEC 27001 is among the world’s most widely-used information security management system (ISMS) standards. Amazon Web Services (AWS) is certified for compliance with ISO/IEC 27001:2013, the 2013 version of the standard.

Amazon’s internal processes for ensuring compliance consist of three elements:

1. Regular evaluations of current information security risks, threats, and vulnerabilities
2. Designing and implementing risk management procedures and other risk controls in accordance with ISO 27001 standards
3. Application of an overall risk management process to ensure current security controls meet Amazon’s needs

Independent third-party auditors conduct AWS’s ISO/IEC 27001:2013 audits to ensure an impartial certification process.

Controls and Measures Ensuring Amazon’s SOC Compliance
System and Organisation Controls (SOC) is a data security auditing standard created by the American Institute of Certified Public Accountants (AICPA). Service providers must adhere to the five Trust Service Criteria (TSC) to be SOC compliant: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

As a cloud service provider, Amazon’s systems store large quantities of potentially sensitive data. Amazon certifies AWS is fully SOC compliant to ensure data safety, privacy, and protection for all AWS customers.

As with ISO/IEC 27001 standards, AWS receives periodic audits from independent third-party organisations to verify the firm’s adherence to SOC 2 standards. AWS customers can read SOC 1 and SOC 2 reports on AWS Artifact. SOC 3 reports are available publicly in whitepaper format.

Which AWS Regions are Covered by ISO 27001 and SOC Compliances?
AWS regions covered by ISO 27001 certification include 29 data centres worldwide and over 100 AWS Edge locations, ensuring AWS customers have access to an extensive range of ISO 27001-compliant regions.

The SOC 3 report details the list of SOC-compliant AWS regions. SOC-compliant data centres are available in over 20 countries and 140 Amazon Edge locations.

Learn More with an Experienced AWS Well-Architected Partner
Scheduling an AWS Well-Architected Review with experienced AWS partner WOLK Technology is the best solution to ensure the performance of your workflows. Contact us today to learn more.

Understanding the ISO 27001 and SOC Compliance Standards and Their Importance for AWS Customers

Organisations using Amazon Web Services (AWS) as a cloud provider must adhere to the latest data and information security standards. Two standards cover data safety and information security on AWS: ISO 27001 and the SOC Compliance Framework.

Understanding these standards is necessary for AWS customers to build a secure workplace environment.

The ISO 27001 Standard Explained
ISO/IEC 27001 is an international information security management systems (ISMS) standard. It is the world’s best-known ISMS standard and one of the most widely used. Conformity with the ISO/IEC 27001 standard is considered one of the most efficient methods to build an organisation’s resilience against cyber threats of all types.

ISO/IEC 27001 provides organisations with internationally recognised methods to build, implement, maintain, and improve an ISMS. It provides a comprehensive, systematic approach to protecting organisational data and information assets, ensuring safety, integrity, and confidentiality without compromising availability.

Amazon Web Services is certified for compliance with ISO/IEC 27001:2013, the 2013 version of the standard. Most Amazon services, including EC2, S3, Lambda, and Macie, are compliant with ISO/IEC 27001:2013.

What is the SOC Compliance Framework?
The System and Organisation Controls (SOC) Compliance Framework was developed by the American Institute of Certified Public Accountants (AICPA).

It is a data security framework designed to protect organisations’ customer data from vulnerabilities, theft, unauthorised access, and other security incidents. The framework assesses an organisation’s data management based on five criteria: security, availability, processing integrity, confidentiality, and privacy.

Most AWS services are SOC-compliant, including Amazon Redshift, GuardDuty, FSx, and WorkSpaces.

Why ISO 27001 and SOC Compliance Matter to AWS Customers
Compliance with these standards helps AWS customers build and maintain data security within their workflow and AWS ecosystems. Besides strong data security and effective risk management, adherence to these standards provides multiple additional benefits:

● Many industries impose specific data security and privacy requirements. Ensuring your AWS workflows comply with ISO 27001 and SOC can give you the peace of mind you meet these requirements and remain in line with your industry’s regulations.
● AWS customers complying with ISO 27001 and SOC standards can provide security reassurances to their partners and stakeholders. Adopting these internationally recognised standards demonstrates your dedication to data security.
● ISO 27001 and SOC compliance can give AWS customers a competitive edge. It showcases your commitment to protecting data, which can help privacy-minded customers choose your offerings or entrust their data to you.

Boost Organisational Data Security with WOLK
Security is at the forefront of all successful organisations. As an AWS Well-Architected Program Partner, WOLK has the resources to help you comply with data security standards and frameworks for your AWS environment. Contact WOLK today for a free review.

Using AWS Security Services to Enhance Workplace Security | Amazon GuardDuty and Amazon Inspector

While workplace security is critical for organisations of all sizes, the widespread adoption of remote work has introduced new security challenges. This means your business must implement security measures fully adapted to modern cybersecurity needs.

Three critical AWS security services can help protect your data and your company:
Amazon GuardDuty, Amazon Inspector and AWS Macie.

1. How Amazon GuardDuty Keeps Business Data Safe

Amazon’s GuardDuty service is an intelligent threat detection system that provides your business network with continuous security monitoring.

The primary purpose of Amazon GuardDuty is to protect your AWS accounts, workloads, and data stored on Amazon Simple Storage Service (S3) servers. It monitors and analyses activity, detects unusual or malicious behaviour, and ranks them by threat severity levels.

When Amazon GuardDuty detects an actionable threat, it mitigates it as early as possible with automated responses. The service also provides detailed reports called GuardDuty findings, allowing you to tailor GuardDuty to your needs and focus on specific threats.

2. Scan for Vulnerabilities with Amazon Inspector

Amazon Inspector is a Vulnerability Management Service (VMS). Although it may seem similar to Amazon GuardDuty due to its continuous monitoring service, Amazon Inspector primarily focuses on software and network vulnerability.

Amazon Inspector keeps your network safe by automatically and regularly scanning your Amazon EC2 instances, AWS Lambda functions, and other eligible resources. Inspector also checks for unintended network exposure and software vulnerabilities, which could put your data at risk.

Amazon Inspector will automatically re-scan your organisation’s networks when you install a new patch or software package or when a new Common Vulnerabilities and Exposures (CVE) entry is published.

3. Completing Business Data Security with Amazon Macie

Amazon Macie is an automated data security service powered using Amazon’s machine learning (ML) and pattern-matching technologies. Macie’s role in your organisation’s data security is automatically discovering, tracking, categorising, and protecting your business data.

Amazon Macie can detect and determine the sensitivity of your business data, from personally identifiable information (PII) and protected health information (PHI) to intellectual property (IP) and critical financial information.

Common examples include:

● Names and addresses
● Credit card information
● AWS secret access keys
● Passport numbers
● Medical identification numbers
● Intellectual property, patent and trademark data

Amazon Macie is an efficient workplace security tool that clarifies the status of your company’s sensitive data. Macie’s tracking and categorisation systems automatically enhance business data visibility and detect potential security risks. It can also learn from user habits, identify potentially risky behaviour, and issue alerts and findings in detailed reports.

Enhance Workplace Security with WOLK
WOLK is committed to assisting your organisation by familiarising you with the AWS security pillar and adopting the best workplace security practices. We are a leading AWS Well-Architected Framework expert with the resources to guide your business and help you make the best security decisions. Contact us today to arrange a review.

Understanding the Benefits of Migrating to a Secure Modern Workplace on AWS

Migrating to a secure modern workplace on AWS (Amazon Web Services) offers many benefits for large and small businesses. With its thorough security measures and comprehensive offerings, AWS provides organisations with the necessary tools and infrastructure to create a safe and efficient work environment.

Leveraging AWS Security Services
Effectively using AWS security services enables organisations to establish a secure modern workplace with comprehensive offerings. AWS provides Identity and Access Management (IAM) for strong identity and authentication, while Amazon Virtual Private Cloud (VPC) enables network isolation and segmentation to enhance data protection.

AWS Security Hub and Amazon GuardDuty offer continuous security monitoring and threat detection, proactively identifying and mitigating potential risks. Together, these services contribute to a secure environment for businesses.

Data Protection and Compliance
Data protection and compliance are essential aspects of a secure workplace. AWS offers in-depth data encryption and secure storage solutions, ensuring sensitive data remains protected from unauthorised access.

AWS also adheres to various compliance frameworks and certifications, including GDPR, HIPAA, and SOC2, ensuring businesses meet regulatory requirements and maintain data privacy. This enables organisations to confidently store and handle sensitive data while complying with industry regulations

Enhanced Productivity and Collaboration
Migration to AWS can boost productivity and collaboration by providing employees seamless access to business resources from any location or device. This supports remote or hybrid work and enhances workforce productivity regardless of their physical whereabouts.

Additionally, AWS offers a suite of collaboration tools and features, including Amazon Worklink and Amazon Connect, that facilitate effective communication, teamwork, and streamlined workflows.

Cost Optimisation and Scalability
Migrating to a modern workplace on AWS also brings cost optimisation and scalability benefits. By taking advantage of AWS’s infrastructure, businesses can reduce capital expenditure and optimise operational expenses.

The ability to scale resources according to demand avoids unnecessary infrastructure costs, increases operational efficiency, and enables effective resource allocation to adapt to changing business needs.

Best Practices for Migrating to a Secure Modern Workplace on AWS
Start by thoroughly assessing security requirements and meticulously planning the migration process. Consult with WOLK, experts in AWS Well-Architected Framework, to ensure a smooth transition for secure and effective cloud operations.

Execute comprehensive testing to guarantee a seamless transition and provide thorough training to employees for maximum familiarity with the new environment.

Unlock Security and Productivity with AWS
Discover the potential for enhanced security and productivity by transitioning to AWS for your workplace. Take the first step towards a secure and efficient work environment with WOLK.

Managing Change with AWS

The AWS (Amazon Web Services) Well-Architected Framework encompasses the five pillars, Operational Excellence, Reliability, Performance Efficiency, Cost Optimisation, and Security. By following each pillar’s best practices, you can implement designs that will scale your business.

The AWS Well-Architected Framework helps you mitigate risks, build and deploy architectures faster, and make informed decisions.

AWS Framework and Reliability

The second pillar within the AWS Well-Architected Framework is reliability, which refers to a workload’s ability to perform consistently and correctly. Within the reliability pillar, these are the design principles to keep in mind for best practices:

Automatic failure recovery
Monitoring KPIs (key performance indicators) allows you to be notified immediately if a threshold is crossed or a significant change occurs.

Procedures for test recovery
Testing how your workload might fail in the cloud allows you to see your recovery procedures’ effectiveness.

Scale horizontally
Distribute the workload across more small resources to decrease the impact of a single point of failure.

Stop guessing capacity
Accurately monitor demand to avoid over saturating the workload.

Manage change in automation
Change infrastructure using automation.

Change Management
Change management is a critical aspect of maintaining reliability with AWS. Effectively managing change comes down to monitoring, preparing to adapt and implementing the changes.

Monitoring Workload Resources
It’s possible to configure your workload to monitor performance metrics and provide updates if a major event or change occurs. The benefit of accurate performance monitoring is that you can respond quickly when negative changes occur, such as a low-threshold crossing or a system failure.

Monitoring comprises four phases which are generation, aggregation, real-time notification, and storage. In the generation phase, monitoring occurs for all parts of the workload, while aggregation refers to interpreting this data. Real-time processing allows you to have a timely response to changes in data.

The storage phase provides access to past logs for data analysis on a larger scale. Effective monitoring means you can adapt to changes quickly.

Designing Your Workload to Adapt
You can use AWS services to automate the scaling of your workload. A workload must be scalable because this provides flexibility to adapt to changes in function or performance by adding or removing resources.

Implementing Change
Changes that occur in the workload must be intentional. Run tests to ensure you can roll back a deployment at any time without disrupting service to your customers. This includes functional and resiliency testing performed in the pre-production pipeline to determine how changes you implement will impact the system.

Put Trusted IT Infrastructure in Place
AWS cloud-based software offers a scalable IT solution that can grow with your business. WOLK technology is a trusted AWS advanced consulting partner and can advise how best to manage your IT services.

The Top 4 Ways to Use AWS to Improve Performance Efficiency

Amazon Web Services (AWS) employs a five pillar framework to guide and assist businesses in adopting continuous best practices through cloud services. You can use these conceptual pillars to improve the performance efficiency of a business.

The Performance Efficiency pillar is most crucial in developing performance. It involves using computing resources to improve a business’s systems’ efficiency and subsequently to sustain efficiency as the market changes and technologies advance.

At WOLK, we are AWS experts. With many years of experience designing complex network architecture, our team can help you leverage AWS to improve the performance efficiency of your business.

1. Allows Your Team to Focus on Core Competencies

Through the design principles of Performance Efficiency, businesses can use technology as a service rather than assigning members of their IT team to the task of learning, hosting, and running new technological services.

Technologies such as NoSQL, a database that stores and retrieves data, can fulfill complex tasks quickly and efficiently, allowing your team members to focus on your business’s core competencies. NoSQLs are used more in big data and real-time applications as they are faster and more flexible than other types of databases.

2. Lower Costs Through Serverless Architectures

Another product of the design principles of Performance Efficiency is the use of serverless architecture. This eliminates the need to operate using physical servers, which can be a tedious and costly operation.

By managing services via the cloud, businesses can lower their costs, improving performance efficiency.

3. Optimise Architecture Through Service Selection

There are many types of AWS resources, from standard databases to artificial intelligence (AI) and data lakes. Through these systems, you can create and optimise an architecture to best suit your workload.

Organisations can use data analysis software to find the most useful programs for their specific business or industry. AWS Partner Network (APN) suggests architecture selections based on industry knowledge. For example, it may recommend that you use Amazon Elastic Block Store for low-latency block cloud storage.

4. Improve Efficiency Through Innovation

Reviewing and monitoring are two of the best practices of Performance Efficiency. AWS is constantly innovating to meet customer demands. Through new innovative AWS services, regions, edge locations, and other features, you can improve performance efficiency.

Once you have implemented a new workload, you must monitor it and analyse its performance. AWS services like Amazon CloudWatch can monitor a workload and provide information and actionable insights, helping you determine opportunities to improve efficiency.

Get an AWS Well-Architected Review

WOLK is a partner of the AWS Well-Architected Program. With certifications to carry out framework reviews, we can help your business to improve performance efficiency. Contact us today to schedule a review.

What is the Focus of the Amazon Web Services Sustainability Pillar?

Sustainability is the sixth and newest pillar of the Amazon Web Services Well-Architected Framework, introduced in 2021 to supplement the original five; Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimisation.

Learn about the role and importance of the Sustainability pillar and how to implement pillar guidelines into your business’s workload infrastructure.

Core Design Principles of Sustainability

Sustainability in the cloud is about managing the long-term impact of your business and its activities on three fronts: environmental, economic, and societal.

According to the Amazon whitepaper on AWS sustainability, a sustainable cloud business must follow six core design principles to meet the AWS guidelines for sustainable infrastructure.

1. Understand your impact
Measure the performance and impact of your business’ cloud workload and the resources needed and emissions produced to achieve this performance.

Most businesses use the data to establish and monitor the business’ Key Performance Indicators (KPIs) and build a data dashboard listing the most important KPIs in an easily readable format.

2. Establish sustainability goals
Based on your KPIs and business performance measurements, make long-term plans to improve sustainability. The two primary approaches are:

● Reducing the resources and emissions needed to achieve the same workload
● Improving the workload and capabilities with the same available resources

3. Maximise utilisation
Identify resources and equipment idling or running at less than optimal load. For example, consolidating two hosts, each running at less than 50% utilisation, into a single host running close to 100% helps reduce power consumption without diminishing your capabilities.

4. Anticipate and adopt
If new more efficient hardware and software become available, implement them as soon as possible. Continually research and review technological developments and model your business around frequent hardware upgrades, minimising downtime and maximising cost-efficiency with up-to-date technologies.

5. Use managed services
AWS Managed Services are sets of tools automating various infrastructure management tasks. Although the primary advantage of leveraging AWS Managed Services is to improve your operational capabilities, they are also critical for sustainability.

AWS Managed Services can help you automatically manage your equipment utilisation rate and ensure your hardware is used as efficiently as possible.

6. Reduce the downstream impact
The downstream impact is the resources and energy needed to access and use your services. Minimising your downstream impact means your customers can use your services with the least computational power possible, reducing or eliminating the need to upgrade their hardware or devices.

Trust an Experienced AWS Partner

The best way to ensure your business’s compliance with the core principles of sustainability and the other pillars of the AWS Well-Architected Framework is to work with an experienced AWS Partner such as the WOLK Team.

Contact us today for a Well-Architected Review of your business.

The AWS Well-Architected Framework’s first pillar, Operational Excellence, ensures your company runs optimally. To accomplish operational excellence, you can follow the four designated best practice areas of this pillar, organisation, prepare, operate, and evolve.

The first best practice area, organisation, is critical for Operational Excellence because having an organised system makes it easier to identify and solve problems and allows your team to work together seamlessly.

Organisation Helps Your Team Work Better
Knowing exactly what they should be doing at all times helps your team remain consistent and excel at their jobs. Without an organised structure, your team may not know what to do without asking a supervisor, slowing down their pace.

You can also benefit from organised goals. If your team knows your daily, weekly, monthly, and yearly goals, they can alert someone if they notice your output falling behind. Additionally, knowing the goals can empower your team to work harder.

Having an organised plan for emergencies can help reduce the damage since you won’t need to spend time devising a way to deal with the problem. If you follow the organisation best practice, your team should know the process for dealing with most contingencies. Ensure you create contingency plans for various problems, including physical ones, like a fire in the building or loss of electricity, and virtual ones, like a hacking attempt or a virus in your system.

Ensures You Meet All Regulations
Another significant benefit of following organisational best practices is that you minimise your chances of missing an important deadline or failing to fulfil an industry regulation. Some industries have extensive regulations, from reporting requirements to maintaining certain standards.

Particularly if you operate across national borders, remembering and following all the necessary regulations is challenging. Having an organised structure that tracks deadlines and requirements is essential to keeping your company’s practice aligned with legal requirements. Additionally, you can organise a structure that continues to check for any changes in regulations that could affect your operations.

Work With WOLK to Ensure Your Organisation is Top-Notch
WOLK is an AWS Well-Architected Program Partner and can offer you an AWS Well-Architected Program Review. Starting with an initial, free consultation, we review all your business practices and ensure that you comply with the AWS Well-Architected Program.

We can identify any problem areas and offer solutions, whether you need help organising your structure or improving your cloud security protocols.

Call us today on 03 8669 1414 to learn more about how we can help your company excel with AWS.

Networking and AWS: What You Need to Know to Improve Overall Performance

The AWS Well-Architected Program centres around five pillars comprising operational excellence, security, reliability, performance efficiency, and cost optimisation. Where reliability is concerned, managing your network is essential to the continued performance standard of your business.

For architecting systems using IP address-based networks, it’s necessary to build your network system to anticipate possible issues down the line. The Amazon Virtual Private Cloud (VPC) makes it possible to launch your AWS services in a private virtual network for added security.

Direct Connect
AWS Direct Connect is a cloud-based service that allows a secure connection from your physical system to AWS via a network. By utilising the AWS Virtual Private Cloud, you can connect your on-site data to different AWS regions.

A few questions to ask yourself when preparing your network for maximum efficiency are:

● How are you going to protect yourself against failures of network elements?
● What happens if there are configuration or connectivity issues?
● Can your network handle fluctuations in traffic?
● Can you combat a Distributed Denial of Service (DDoS) attack if it occurs?

A secure network is key to improving overall performance with AWS.

Network and Workloads
Your network is the bridge between all workloads, guiding traffic, which can significantly impact your efficiency and client experience. Understanding your workload needs regarding bandwidth, latency, and other technical communications is critical to increasing performance.

AWS delivers virtual networking, making it flexible and accessible in a way that can meet your specific needs. By targeting your network to your system’s performance demands, you will maximise your reliability and performance efficiency.

A cloud-based network’s benefit is that it is easy to change over time as your organisation’s needs evolve. Where you choose to deploy your resources can also impact the efficiency of performance. Ideally, if you know where the resources will be in use, the majority of the time, you can choose to set them up in a way that reduces the distance, eliminating a host of issues with the delay. Take advantage of your resources with deliberate decisions to design an improved performance model.

Improve Performance With a Review
To maximise your overall performance, schedule an AWS Well-Architected Review. WOLK is certified to perform this action and provide information on your risk areas. By identifying these areas, measures can be carried out to ensure they do not jeopardise your network’s efficiency.

How AWS Can Assist in Managing Demand and Supply Cost Effectively

Cost optimisation, the fifth and final pillar of the AWS Well-Architected Framework, contains guidelines that allow you to deliver your products at the lowest price point. You can lower your costs and increase your productivity by working in the cloud.

The cloud also allows you to pay only for what you need, when you need it, giving you the flexibility to pare down or amp up. To ensure that your workload is balanced, follow these best practices.

Analyse the Workload Demands
First, you need to know what your current workload demands are. Do a complete analysis of your workload. Use current and past data, and look at your customer logs to see how customers usually interact with your workload.

Be sure to include a complete cycle’s worth of data. If you have a busy or slow season, you’ll need to change your supply accordingly.

AWS suggests that you use the actual demand in requests per second, when the rate of demand changes, and the rate of change of the demand as your metrics.

You should also forecast outside influences by meeting with the marketing, sales or business development team. They can tell you about upcoming events that might increase or lower demands.

Manage Demand with a Buffer or Throttle
If there are sudden jumps in demand, a buffer or throttle can help to smooth them out, enabling your workload to function normally. If a client retries, you’ll want to use a throttle. Buffering allows you to store the request and process it later.

Ensure that you always process your buffered requests within the expected time scale. You can use Amazon Simple Queue Service to implement buffering and Amazon API Gateway for throttling.

Dynamically Supply Resources
You can supply resources using either a time-scale or an auto-scale. For some businesses, a combination of both approaches works best.

Use time-based scheduling when you have a steady, even demand. If you know that the demand will rise or fall on a specific date, you can schedule your supply to increase at that time.

Auto-scaling scheduling works better with more unpredictable levels of demands. You can configure your systems to automatically detect a change in demand and an increase or decrease in supply.

Use AWS Auto-Scaling to configure both types of scheduling.

Work with an AWS Partner
If you aren’t confident about your workload analysis or want to confirm that you are operating within the guidelines of the Well-Architected Framework, consult with an AWS Partner like WOLK to learn more and highlight areas of non-compliance.