AWS CASE STUDY
Compliance is a critical element of modern business. Compliance is an organisational commitment of the modern age that spans both technologies and processes. It forms part of a governance regime that embodies good practice, and it simply makes commercial sense.
Continuous compliance — the act of not just achieving compliance, but maintaining it over a long-term period — is something that many modern businesses are already doing in some form. However, there are several barriers to it being done effectively.
In this case study we try to illustrate high-level how we, at Cloudar, manage continuous compliance using CloudCheckr.
Mazda Motor Corporation is a Japanese multinational automaker based in Fuchū, Aki District, Hiroshima Prefecture, Japan. In 2015, Mazda produced 1.5 million vehicles for global sales, the majority of which (nearly 1 million) were produced in the company’s Japanese plants, with the remainder coming from a variety of other plants worldwide. In 2015, Mazda was the fifteenth biggest automaker by production worldwide.
The customer needed a solution that allowed:
- Fast and secure iteration of development & implementation following best practices
- The ability to apply the same control set over all environments while keeping up with future industry best practices.
While AWS handles security of their data center, users are responsible for network, host, and application-level security. As we, at Cloudar, are responsible for managing Mazda’s infrastructure, we obviously need the right tool for guaranteeing the customer continuous compliance. As already mentioned, we use CloudCheckr for these kind of purposes.
CloudCheckr unifies IT, security and finance teams around the cloud and provides total visibility, deep insight, and cloud automation and governance. CloudCheckr is a comprehensive cloud management solution, helping businesses manage and automate cost as well as security for their public cloud environments. On top of that, CloudCheckr offers a Total Compliance module in its portfolio, which does three things:
- First, it automatically and continuously monitors your infrastructure for compliance with 35 different standards, such as HIPAA, PCI DSS, CIS, NIST, SOC2 and more.
- Second, if a problem is found, our software can actually fix the issue for you, thanks to Self-Healing Automation.
- Third, CloudCheckr Total Compliance provides a detailed log with historical details and remediation notes for third-party auditors.CloudCheckr is an AWS Advanced Technology Partner with proven Security and Government competencies.CloudCheckr will look and see if you are setting proper permissions, if security groups are being utilized properly, if access and permission controls are configured correctly, if proper password policies are in place, if resources are accessible by the public internet, and several other items. By using CloudCheckr Best Practices Checks on every Mazda environment and performing regular reviews, Cloudar makes sure Mazda stays on top of their security and compliance implementation through their whole pipeline.
- By using AWS APIs and services, CloudCheckr can do inspection of the environment in a holistic way.
- Regular reviews allow Cloudar to provide Mazda with fast feedback when improvement is possible. By using the same checks on every environment, Cloudar prevents the introduction of regressions.
- By using a central solution, Cloudar can evaluate and implement emerging best practice checks.