CyberGRC Just Got More Powerful with AWS Audit Manager

3 min read


As businesses migrate to the cloud or expand their cloud adoption, security risks and compliance are always among the chief concerns, and critical challenges that must be addressed, especially in today’s volatile risk climate. 

AWS Cloud users have access to AWS Audit Manager, which continuously audits AWS Cloud service usage, and streamlines the assessment of risk and compliance with regulations and industry standards. Audit Manager automates evidence collection to assess operational effectiveness of internal controls frameworks and provides audit-ready reports. It’s a powerful tool. And it just got more powerful, by integrating MetricStream’s CyberGRC solution

In addition to cloud infrastructure controls, almost every organization has application-specific controls and organization-specific policy and procedure controls with which they also need to demonstrate compliance. Even AWS Cloud customers often have requirements for infrastructure controls for other cloud providers and on-prem solutions. Often these controls are maintained and assessed manually, in Excel sheets, with point solutions, or using GRC tools that are not integrated with AWS Audit Manager. These manual processes are resource-intensive and themselves fraught with risk. 

Now, with the integration of CyberGRC, AWS Audit Manager customers can automatically solve their IT and compliance challenges and lower their cyber risk exposure. And for existing CyberGRC users already on AWS, the integration with Audit Manager brings automated evidence collection, to afford a complete view.

Finally, a Centralized View

AWS Audit Manager users will now be able to demonstrate compliance not just with AWS Cloud infrastructure controls, but also with custom controls, application-specific controls, and controls for multiple cloud providers, as well as benefit from MetricStream’s complete suite of cyber risk, policy, and compliance and functions. 

So, instead of trying to manage reporting from multiple systems, users will finally have a centralized repository and view of control results – from AWS Audit Manager and across other controls – in one place, including automated evidence gathered from AWS, as well as control data and evidence stored in CyberGRC.

The benefits of this integration are clear: 

  • The ability, finally, to access and maintain all required controls, test results, evidence for all cloud environments and on-prem in one place, breaking down silos to accelerate decision-making; 
  • The ability to automate testing and evidence gathering of AWS infrastructure controls, reducing the manual effort required in testing and gathering evidence; 
  • The reassurance that all control test results and evidence from AWS Audit Manager will get automatically updated in MetricStream; 
  • Easily demonstrable compliance across AWS, on-prem and other cloud environments.

In short, the co-innovation between MetricStream’s CyberGRC solution and AWS Audit Manager will not only reduce risk and maintain compliance across all systems in real time, it will also create organizational efficiencies by reducing manual processes and breaking down internal silos. It is a major step forward in IT Risk and Compliance for cloud-based businesses. 

The above blog was originally published as an article by the author on LinkedIn. Read the original version here. 

Learn more about the MetricStream CyberGRC and AWS Audit Manager Integration. 

Download the Tech Brief: Automate Control Testing and Evidence Collection with AWS Audit Manager and MetricStream CyberGRC

Prasad MetricStream

Prasad Sabbineni Co-Chief Executive Officer

Prasad Sabbineni serves as the Co-Chief Executive Officer at MetricStream. As the head of products and engineering, Prasad leads our product vision and execution of our market leading GRC products.

Prior to joining MetricStream, Prasad was a Managing Director at Citigroup. He oversaw technology for enterprise functions of Risk Management, Finance, HR, Data, Information Security, Compliance Risk, Internal Audit, Enterprise Supply Chain and Third-Party Management. He was the senior technology executive responsible for implementing regulatory initiatives, such as Basel, CCAR, CLAR, BCBS 239, Volcker, Recovery and Resolution Planning at Citigroup. Prior, Prasad led technology for Market Risk, Credit Risk, Prime Services Risk, Portfolio Risk Margin, and Operational Risk functions at Lehman Brothers. Preceding Lehman, Prasad rolled out derivative trading systems globally and as a Risk Manager, he was also responsible for managing market risk of fixed income and equity derivatives at Bear Stearns.