Risk management is an integral part of any IT modernization conversation, especially among the C-suite. As financial services organizations embrace DevOps and Agile processes and move more and more of their infrastructure to the cloud to facilitate DevOps automation, we’ve seen an increase in conversation around GRC in the cloud.
Underscoring the need for a solid, security by design approach, cloud access security broker Bitglass announced the results of a survey in which it found a 3x increase in breaches in the financial services industry (from 2016 to 2018) and a large increase in the number of records exposed. As CSO Australia noted this week, “Risk management encompasses both the actual data security element of your cloud solution, as well as any and all considerations of regulatory compliance and governance. The financial and reputational risk of poor data security is well-established, but both are subject to breaches.”
Closely monitoring regulatory developments to help readers stay ahead of the curve, AWS issued an interesting read this week on the three common themes they’ve seen recently across the financial services regulatory landscape. They include:
- Data security and data management - implement controls and safety measures to protect the security and confidentiality of data stored in the cloud.
- Cybersecurity - maintain a strong cybersecurity posture. Note that security is a shared responsibility between the cloud provider and the financial services firm.
- Risk management - establish robust risk management processes with continuous monitoring.
For additional background reading on financial services in the cloud:
- Financial Publisher Adopts HashiCorp Vault with Flux7 SmartStart
- AWS Migration: Investment Firm’s Trades Flow at the Speed of the Market with Flux7
- Global Audit Firm Builds AWS Disaster Recovery Solution with Flux7
- Ansible announced that in the new Ansible 2.7, rebooting Linux hosts with Ansible is now easier and can be done with a single task using the newly minted reboot plugin.
- Puppet announced a strategic partnership with Splunk. According to Omri Gazitt, chief product officer, Puppet, in a pres release, “Now, customers have a unified workflow between the intelligent insights provided by Splunk and the action and automation provided by Puppet, making it easier to keep applications and infrastructure performant, secure and compliant."
- Splunk for its part announced a new version of Splunk IT Service Intelligence (ITSI). The new version is said to improve predictive analytics through a series of new capabilities, including KPI Predictions for deeper insights into a potential health degradation; Predictive Cause Analysis for drilling down into the specific services underlying a predicted issue to proactively remediate and resolve it; and Robust Integration with VictorOps, to streamline monitoring, detection, alerting, and the response process.
- Congrats to JFrog who raised $165 million in its Series D round of funding, a strong sign of ongoing confidence in the market’s move to embrace enterprise DevOps.
- AWS announced that AWS Config Multi-Account, Multi-Region data aggregation capability is now available in six additional Regions. This means that operators can now aggregate AWS Config rule compliance data into a single account and Region, which reduces the time and overhead needed to gather an enterprise-wide view of compliance status for governance.
- AWS Systems Manager announced an enhanced compliance dashboard that allows operators to now drill down into non-compliant items for more details using the same screen as you would use to monitor patching and configuration compliance. According to AWS, the updated AWS System Manager allows you to now group and filter based on user-defined resource groups, patching groups, or custom configuration, providing a more tailored experience based on your compliance needs and workflow.
- Our DevOps team was excited to see this article on using AWS CloudFormation Macros. Macros allow operators to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. Our engineers looked at the AWS examples and like that you can have template manipulations for a variety of things -- from loops to parameter conversions. For example, AWS::Serverless Transform takes an entire template written in the AWS Serverless Application Model syntax and transforms and expands it into compliant AWS CloudFormation templates.
- The AWS Consulting group also enjoyed this article Deploying a Burstable and Event-driven HPC Cluster on AWS Using SLURM, Part 1 on the AWS blog by Amr Ragab which discusses best practices in deploying HPC resources on AWS using schedulers like SLURM.
- And, this blog by Raja Mani on Using Federated Identities with AWS CodeCommit was favorited by our DevOps team as well. In it, Raja describes how federated users can access AWS CodeCommit.
- Last, we enjoyed reading about Using AWS Systems Manager Parameter Store Secure String parameters in AWS CloudFormation templates. In this article, Luis Colon shares how to apply best practices to improve the maintainability of code, specifically sharing how to use the secure string support in CloudFormation with dynamic references to better maintain infrastructure as code.
Join us as we kick off a new blog series on enterprise DevOps at scale: