The use of cloud services is widespread, and expected to only continue
to increase—by 2020, it is estimated that 41 percent of enterprise
workloads will be hosted on public cloud platforms.1 One of
the leading platforms in this space, Amazon Web Services (AWS), has the
ability to help teams become more agile; however, without proper
knowledge of AWS configurations and potential hazards, enterprises
may also open themselves to new risks.
With this in mind, ISACA has launched a new audit program, Amazon
Web Services ® (AWS ®)
Audit Program to support IT auditors in their assessments of AWS
deployments—including the use of AWS services, access to the AWS
environment, management and interrelationships of AWS services. The
program covers AWS applications, functions and containers, and across
the domains of governance, network configuration and management, asset
configuration and management, logical access control, data encryption
controls, logging and event management, security incident response and
IT audit professionals can follow detailed testing steps outlined for
controls across these domains in this audit program spreadsheet to
assist in their auditing process, but they are encouraged to customize
the document for their unique enterprise needs. The program is free to
members, and $25 for non-members.
“ISACA’s AWS Audit Program provides IT audit professionals with the
essentials for grasping the breadth and depth of AWS deployments as well
as to provide them with a solid foundation for building their own
customized audit program around these services,” said Adam Kohnke, CISA,
CISSP, Senior IT Auditor for Total Administrative Services Corporation,
and lead developer of the AWS Audit Program.
Kohnke elaborates on the topic in his ISACA®
Journal article, “Auditing
Amazon Web Services,” published 1 May, which is available to
members. In this feature, Kohnke covers the audit elements related to
the eight domains covered in the audit program, while also providing a
helpful overview of current AWS service offerings organized by category.
To download the Amazon Web Services (AWS) Audit Program, visit http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Amazon-Web-Services-AWS-Audit-Program.aspx.
To access the ISACA Journal article, “Auditing Amazon Web
Services,” visit: www.isaca.org/archives.
For more information about ISACA’s other audit programs, visit http://www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx.
1Columbus, Louis; “83 Percent of Enterprise Workloads
Will Be In The Cloud by 2020,” Forbes, 7 January 2018, https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/#4ee9010d6261
Now in its 50th
anniversary year, ISACA® (isaca.org)
is a global association helping individuals and enterprises achieve the
positive potential of technology. Today’s world is powered by
information and technology, and ISACA equips professionals with the
knowledge, credentials, education and community to advance their careers
and transform their organizations. ISACA leverages the expertise of its
460,000 engaged professionals—including its 140,000 members—in
information and cyber security, governance, assurance, risk and
innovation, as well as its enterprise performance subsidiary, CMMI®
Institute, to help advance innovation through technology. ISACA has
a presence in more than 188 countries, including more than 220 chapters
worldwide and offices in both the United States and China.