Simplified and Integrated IT Compliance with MetricStream and AWSIT Risk & Cyber Risk | 3 Min Read |16 November 23|by Anilkumar GK and Agnishwar Banerjee
How can I automate IT compliance management when I have a mix of manual, custom, on-premises, and cloud controls? How can I get a single view of my IT compliance status and risks? Can I create a single repository of my compliance evidence across my multiple IT infrastructures and environments?
These questions often come up in our conversations with CISOs, IT Risk/Compliance Directors, IT auditors, and compliance officers from across industries.
Organizations today use resources, services, and applications across on-premises and multi-cloud environments, which necessitate efficient assessment, monitoring, and reporting of controls across these domains to mitigate risk and ensure compliance. That, however, is easier said than done, for many reasons.
With varied controls across different environments, tracking and reporting on the status and risks arising from each are bucketed into their own respective methods/processes. As an example, cloud controls are viewed only in the cloud account dashboard, network/application controls in the respective software solution, and custom controls may be viewed in excel sheets.
As a result, control testing and assessment are often a manual exercise as many organizations rely on offline, fragmented systems and processes. More often than not, companies customize some controls to better align them to their unique requirements, which further impedes automated testing and evidence collection. The result is an inconsistent, siloed control testing and assessment process – wherein an organization has different workflows and systems for manual, automated, custom, on-premises, and cloud controls – and no single source of truth.
Collating data from all these disjointed systems and mapping them against industry standards and frameworks, such as PCI DSS, HIPAA, NIST CSF, ISO 27001, SOC2, and others, can be exceptionally challenging. Resource and budget crunch adds to the challenges of the IT risk and compliance managers.
What organizations need is a one-stop solution that automates control testing and evidence collection against compliance requirements for all enterprise-wide controls and provides consolidated reports.
With CyberGRC’s integration with Amazon Web Services (AWS) Audit Manager, we, at MetricStream, are taking a step in that direction.
The MetricStream CyberGRC and AWS Audit Manager Integration
Through MetricStream’s partnership with AWS, we now offer our customers a complete and integrated solution for managing and testing organization-wide controls through the integration of MetricStream CyberGRC and AWS Audit Manager.
AWS Audit Manager continuously audits AWS Cloud product/service usage and streamlines the assessment of risk and compliance with regulations and industry standards. It automates evidence collection to assess the operational effectiveness of an organization’s internal controls framework (policies, procedures, and controls).
Read more about how the solution works: AWS Audit Manager now supports first third-party GRC integration
One of the key benefits lies in the single source of truth the integration provides for all org-wide controls. The solution’s single repository provides comprehensive visibility into controls, test results, and evidence for all controls – custom, application-specific, and multiple infrastructure controls (multi-cloud and on-premises) – all in one place. No more switching between multiple dashboards and spending time consolidating reports.
Most important, the control testing results and evidence on pass/fail are tied to relevant standards and frameworks. At one quick glance, the solution provides insights into the number of active assessments created and executed, control testing results by area of compliance – which controls are compliant and which are non-compliant along with JSON evidence for each, the number of controls and accounts in scope for each of the assessments, the specific resources on which the controls were executed, and much more.
Prasad Sabbineni, co-CEO, MetricStream, discusses the benefits in detail in the article: CyberGRC Just Got More Powerful with AWS Audit Manager
This integration is live now and can be accessed directly by customers using CyberGRC and AWS Audit Manager. We have also worked closely with AWS to ensure the integration process is quick and simple.
The MetricStream CyberGRC and AWS Audit Manager integration enables you to:
- Accelerate decision-making by consolidating access to org-wide controls, test results, and evidence
- Save time and costs with automated control testing, evidence gathering, and reports
- Obtain a consolidated view of the entire Cyber GRC program with accurate and insightful reports
- Improve IT and cyber risk and compliance posture with timely and comprehensive insights
To learn more about the MetricStream CyberGRC and AWS Audit Manager integration, request a personalized demo today!