Prof Wool: Best Practices for Amazon Web Services Security

Change Management, Auditing and Compliance in an AWS Hybrid Environment

Best Practices for Amazon Web Services (AWS) Security: Lesson 3

Once you start using AWS for production applications, auditing and compliance considerations come into play, especially if these applications are processing data that is subject to regulations such as PCI, HIPAA, SOX etc. In this lesson, Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.

Learn more about AlgoSec at and read Professor Wool's blog posts at