Automate Evidence Collection: Amazon Web Services
You need to document your AWS security and compliance positions for auditors and customers. Getting all of this data out of your AWS services manually -- from access controls to security policies -- can take days or weeks. When you use Hyperproof’s Hypersync feature, you can automatically collect compliance artefacts from multiple AWS services.
In Hyperproof, you can configure a Hypersync for a select set of AWS services. After a one-time set up, you’ll be able to automatically extract proof of compliance from AWS -- either on a schedule or on-demand. All proof comes with auto-generated meta-data (e.g., when it was generated, the exact location it comes from, etc.) -- so your auditor knows that the proof is valid.
AWS Services Available For Automated Evidence Collection
Below is a list of AWS services that Hyperproof has built integrations with. We’ve listed the types of proof available from each service. We plan to add additional integrations based on customer needs.
Elastic Compute Cloud
- List of running instances
- List of images for owner
- List of snapshots for Owner
- List of Security Groups
- Details for Security Group
Identity and Access Management
- List of Groups
- List of Users
- List of Roles
Relationship Database Service (RDS)
- Including Amazon Aurora, MySQL, MariaDB, PostgresQL
- Backup Retention Period
- Storage Encrypted
Simple Storage Service (S3)
Virtual Private Cloud (VPC)
- VPCs with CIDRs
- Network ACLs
- Client VPN Endpoints
Example proof: List of users gathered from an AWS IAM instance
What are the benefits of using Hypersync?
By using Hypersync, organizations can expect to reap benefits such as:
- Saving time: Hypersyc eliminates the need for an individual to manually gather and file away evidence
- Trustworthy evidence: For auditors to consider evidence valid, they’ll expect to see a paper-trail that showcases when it was gathered and where it comes from. Each piece of evidence gathered with Hypersyc comes with meta-data that includes the date it was collected, the name of the person who set up the connection, and a link to the original source. By using Hypersync, you can prove to your auditor the evidence hasn’t been doctored or tampered with.
- Automated testing of controls: Getting evidence automatically into Hyperproof is the basis for automated testing and automated monitoring of controls. While Hyperproof does not enable automated controls testing at this time, we are working on this capability and hope to have it available sometime in the second half of 2021.
I’m using an AWS service that’s not listed here that I’d like to automate evidence gathering from. Do you have plans to add additional integrations for AWS?
We recognize that AWS offers a large array of services. If you have a service you use frequently and need to document how you’re leveraging this service for compliance purposes, we’d love to hear from you. We plan to add additional Hypersyncs for AWS services over time based on customer feedback.
Is Hypersync included with the core Hyperproof compliance operations platform?
Hyperproof’s pricing is tiered based on the number of compliance frameworks you implement in the platform. All pricing plans include a certain limited number of Hypersyncs that users can set up. You can purchase additional Hypersyncs at any time.