How do you get your security and compliance team to embrace the cloud? "Getting to Yes" with Vanguard’s Security, Legal, and Compliance Teams was a key factor to the organization’s journey to the cloud. Maintaining a high level of assurance is solvable when using an iterative, agile approach. Vanguard is taking existing on-premises controls, plus cloud frameworks such as NIST, CSA, etc., to develop the right set of cloud controls that provide maximum security without sacrificing business agility. In this session, we cover: Vanguard’s approach to developing appropriate controls for its cloud deployments; key considerations and best practices when implementing controls; leveraging the AWS Cloud Adoption Framework and the four security perspectives to map controls appropriately; and the various AWS services (IAM, Amazon VPC, AWS KMS, and AWS CloudTrail) that we leveraged. We also cover the iterative and agile approach we are taking by embracing DevSecOps principles.
