Automating Zero Trust on AWS: Implementing security automation to achieve goals for Deloitte’s Zero Trust Framework

1 2 Page 2
Page 2 of 2

In this post, we explored some of the starting points to leverage automation and AWS security services to proactively manage detective, corrective, and preventative security controls across  your Users, Workloads, Data, and Networks to align with Zero Trust principles. Leveraging automation to integrate detective, corrective and preventative controls across accounts and organizations not only reduces the risk of human error, but incorporates security as an enabler to cloud governance and  improves cloud security posture and maturity.

To read about how these concepts are put into practice in the Deloitte Guardian for AWS managed security service please link to the APN blog below:

Managing Cybersecurity Risks with the Next Generation of Managed Security Services

References

https://aws.amazon.com/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/

https://aws.amazon.com/blogs/security/iam-access-analyzer-makes-it-easier-to-implement-least-privilege-permissions-by-generating-iam-policies-based-on-access-activity/

https://aws.amazon.com/blogs/security/how-to-continuously-audit-and-limit-security-groups-with-aws-firewall-manager/

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.  Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

All product names mentioned in this publication are the trademarks or registered trademarks of their respective owners and are mentioned for identification purposes only. The screen captured and data provided in this publication are for informational purposes only.  Deloitte & Touche LLP is not responsible for the functionality or technology related to the Vendor or other systems or technologies as defined in this publication. 

As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

  

Copyright © 2021 Deloitte Development LLC. All rights reserved.

Related:

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2