Under the shared responsibility model, public cloud customer have specific responsibilities to ensure security and compliance.
Many public cloud platforms can be configured to achieve cybersecurity and meet regulatory standards. Specific safeguards must be addressed for managing and monitoring security compliance in AWS and the cloud.
Compliance with regulatory standards and cybersecurity frameworks such as HIPAA /HITECH, SOC 2, GRPR, and PCI DSS are joint effort between cloud providers and your organization. It is a constant process of review, monitoring, and maintaining security standards. Public cloud providers such as Amazon Web Services (AWS) typically provide a Business Associates Agreement (BAA) that dictates specific security standards managed by the provider or required by your organization. These agreements outline cloud service configuration and layout technical and physical safeguards.
It is the responsibility of your organization to properly configure your cloud environment, create organizational policies, and develop applications that meet relevant compliance standards.
Unpacking the requirements for maintaining compliance in the public cloud
Cloud platforms are responsible for security and compliance
OF the Cloud.
Your organization is responsible for security and compliance
IN the cloud.
Dash ComplyOps enables teams to build and manage a robust security and compliance program in Amazon Web Services (AWS) and the public cloud. Dash helps your team to manage all security responsibilities your team are required to handle under the of the Shared Responsibility Model and provides baseline security programs for achieving compliance with HIPAA/HITECH, SOC 2, and HITRUST CSF.
See how teams manage cloud compliance program with the Dash ComplyOps Platform.