AWS Cloud Operations Blog

Top Picks for Governance, Risk, and Compliance Sessions at re:Inforce 2024

Join us in Philadelphia, Pennsylvania on June 10-12, 2024 for AWS re:Inforce, a cloud governance, compliance, and security conference. Attendees can expand their cloud security knowledge through hundreds of technical and non-technical sessions, engage with AWS experts and certified partners in the expo hall, and hear from AWS security leaders during keynotes. Whether you are focused on governance, compliance, identity management, privacy, or other security domains, re:Inforce offers invaluable in-person learning and networking opportunities for cloud security professionals.

You can dive deeper into best practices for the cloud at re:Inforce. We encourage you to attend sessions led by AWS experts to get hands-on experience with tools and strategies for addressing threats, implementing controls, and maintaining compliance in AWS environments. Learn how to extend GRC capabilities when integrating AWS with third-party services. We’ll dive into how to use generative AI to achieve business outcomes while helping you meet your security and compliance requirements. We’ll also cover how to manage the governance, compliance, and auditing of generative AI to ensure that you’re following responsible AI practices. Don’t miss out on these sessions to comprehensively learn about cloud GRC, including recommendations for cloud governance, risk assessment methodologies, and mapping compliance requirements. Below are some of our top picks on sessions that you should attend!

Breakout sessions

GRC201 – Cloud compliance journey: Compliance and audits
In this session, embark on a transformative journey through compliance maturity, using AWS services to redefine the landscape of audit and compliance programs. This comprehensive exploration shows you strategic ways to not only save costs but also enhance business value. Walk through a step-by-step process that reveals how AWS can elevate your audit and compliance initiatives. Learn how to navigate the compliance maturity spectrum and gain practical techniques for optimizing your use of AWS services. Explore innovative solutions to common pain points and challenges prevalent in today’s dynamic audit and compliance environment.

GRC202 – Building AI responsibly with a GRC strategy, featuring Anthropic
Are your generative AI applications aligned with new regulatory standards? Recent publications of standards such as ISO/IEC 42001, the Executive Order on artificial intelligence, and the EU AI Act have led to a paradigm shift: responsible AI philosophy is now a requirement of any corporate strategy. A concrete governance, risk, and compliance (GRC) strategy brings principles of responsible AI to action and is critical for demonstrating the safety of your AI applications. In this session, explore how to perform a responsible AI assessment of a generative AI application developed using Amazon Bedrock and gain practical guidance on how to conduct GRC reviews on AWS.

GRC301 – Automation in action: Strategies for risk mitigation
As cloud adoption grows, organizations face new risks related to security, compliance, costs, and more. Manual processes for identifying and managing these risks don’t scale effectively. In this session, explore strategies and tools like AWS Systems Manager and AWS CloudFormation for automating risk management across cloud environments. Learn how to use infrastructure as code, policy as code, and security automation to continuously assess risk, enforce policies, respond to threats, and more. Discover best practices for building cross-team processes to coordinate monitoring, analysis, and response workflows with Systems Manager, and gain tips to help you prepare to scale risk management amidst the complexity of cloud and hybrid environments.

GRC302 – Accelerating auditing and compliance for generative AI on AWS
Generative AI brings exciting new innovations, but it also presents challenges regarding responsible usage and compliance with governance requirements. This session guides you through the journey of a generative AI application and how AWS can help you ensure that your use of Amazon Bedrock and other related services, such as Amazon S3, AWS Lambda, and Amazon VPC, follows best practices for compliance and governance. Explore compliance services that AWS offers, like AWS Audit Manager and AWS CloudTrail, that can assist you in continuously auditing your generative AI infrastructure. Learn how these services automate audit evidence collection and provide audit-ready reports to meet your compliance and audit needs.

GRC303 – Accelerating innovation with controls, featuring JPMorgan Chase

For innovation to thrive, teams need the freedom to operate quickly. Yet many organizations slow development for governance with restrictive controls. In this session, learn how to implement security guardrails that empower teams to ship rapidly without compromising reliability, security, or compliance. Learn how AWS services, such as AWS Control Tower, AWS Config, and AWS CloudFormation can help put the right protections in place and allow governance to become a driver of speed, not a blocker. Hear experiences from JPMorgan Chase where they used AWS services to enable data analytics and AI/ML services across regions around the globe and thousands of accounts running some of their most innovative workloads.

Builder’s Sessions

GRC252 – Automate assurance evidence for generative AI with AWS
Are you struggling with scaling technology for your business while keeping up with compliance across regions and industries? Tracking the rapid compliance requirements for generative AI can seem daunting. In this builders’ session, AWS product teams and compliance experts guide you, step by step, through newly launched generative AI best practices and frameworks within AWS Audit Manager. Also learn how to obtain control implementation details from AWS Artifact. Leave this session knowing how to leverage the recently released capabilities of Audit Manager to help ensure that your use of Amazon Bedrock follows best practices, and how to leverage AWS Artifact to provide compliance information to auditors and regulators. You must bring your laptop to participate.

GRC351 – Best practices for using generative AI to manage cloud compliance
In this builders’ session, learn how to use AWS generative AI services such as Amazon Q to manage compliance control via AWS Config, perform auditing functions with services like AWS CloudTrail Lake, and conduct static security scans to evaluate for code vulnerabilities. Explore real-world examples of how to efficiently create automated controls, which can be used for managing governance, risk, and compliance at scale. You must bring your laptop to participate.

GRC352 – Build a security posture leaderboard using generative AI
Security teams are looking for new insights every day to meet their organization’s compliance and audit needs while staying aligned with business growth and AI adoption goals. This builders’ session introduces you to the possibilities of creating a comprehensive security leaderboard and generative AI–powered executive story with actionable insights using AWS Security Hub findings, Amazon QuickSight, and Amazon Q in QuickSight to improve security and compliance visibility in your organization. Learn how to combine AWS generative AI, security, and analytics services and leverage the power of generative AI to build dashboards and generate insights with NLP queries for various use cases and stakeholders. You must bring your laptop to participate.

Chalk talks

GRC233 – Leaning into AI responsibly in a regulated world
The world is inundated with emerging AI, security guidance to use this technology, and best practices. How does a business leader navigate the complexity between innovation and preventing lasting harm? In this chalk talk, join AWS security and compliance experts in an open dialogue regarding responsible AI amidst a highly regulated climate. Walk away with knowledge of upcoming requirements and guidance for building responsible AI practices that can help you feel more comfortable in this new frontier.

GRC332 – Best practices for securing access to centralized event logs
In this chalk talk, explore how the integration of AWS CloudTrail Lake and AWS Lake Formation not only simplifies the process of aggregating and analyzing AWS CloudTrail logs but also introduces a robust, security-focused approach to data sharing across organizational accounts. Achieving granular control over data access allows you to effectively address the dual challenges of data security and accessibility. Discover how event logs can be centralized for compliance while providing users and teams access to a subset of logs that are appropriate for their level of access to be used for security and operational troubleshooting.

GRC333 – Governance best practices for serverless applications
Building with AWS serverless empowers teams to focus on delivering business value with increased innovation and lower overall TCO. Serverless architectures include ephemeral, managed services that can be unfamiliar to governance and security teams. However, the tools to balance business priorities of agility and control are well known to those teams. In this chalk talk, learn how you can build serverless architectures that drive innovation for your organization by engaging in interactive discussion and learning from your peers. Hear lessons from AWS experts from their experience working with numerous enterprise customers, and learn about tools AWS has been developing to simplify common needs.

Workshops

GRC371 – Simplify continuous auditing and regulatory compliance processes
This workshop demonstrates how to use AWS services to streamline continuous auditing and compliance processes across Regions and accounts on AWS. Walk through using AWS Systems Manager Explorer to aggregate compliance status data from AWS Config rules. Then, explore how to automate the remediation of noncompliant AWS Config rules via AWS Systems Manager Automation documents. Walk away knowing how to use new natural language querying powered by generative AI, which simplifies the investigation and search of AWS resource configurations and compliance metadata. You must bring your laptop to participate.

GRC372 – Set up a secure AWS environment with AWS Control Tower
Organizations operating in the cloud want to be able to move quickly while remaining secure. In this workshop, learn how AWS Control Tower provides you with the capabilities to simplify the building, management, and governance of a multi-account AWS environment. Get hands-on experience with using AWS Control Tower, including enrolling accounts, automating account customization, and establishing security controls. You must bring your laptop to participate.

GRC373 – Shifting compliance engineering left
In this workshop, learn how to simplify the process of selecting the right tools to mitigate compliance risks. Using data protection as an example, AWS experts walk you through the data protection lifecycle and guide you through a risk assessment. Explore cloud-native capabilities and generative AI to protect sensitive data at scale with AWS best practices. Discover how to achieve your PCI, HIPAA, and GDPR compliance needs and data protection requirements using services including Amazon Macie, Amazon EventBridge, AWS Step Functions, AWS Lambda, AWS Config, and AWS Audit Manager. You must bring your laptop to participate.

Conclusion

This blog highlighted top recommended sessions in the Governance, Risk, and Compliance track at the upcoming re:Inforce 2024 conference in Philadelphia. If these sessions pique your interest, register for re:Inforce 2024 to attend them, along with the numerous other GRC sessions offered at the conference. For a comprehensive overview of sessions across all tracks, explore the AWS re:Inforce catalog preview.

Want more AWS Governance, Risk, and Compliance news? Learn more about governance here and about compliance and auditing here!

About the authors:

Tiffany Chen

Tiffany Chen is a Solutions Architect on the CSC team at AWS. She has supported AWS customers with their deployment workloads and currently works with Enterprise customers to build well-architected and cost-optimized solutions. In her spare time, she enjoys traveling, gardening, baking, and watching basketball.

Winnie Chen

Winnie Chen is a Solutions Architect at AWS supporting greenfield customers. She supports customers of all industries as well as sizes such as enterprise and small to medium businesses. She helps customers migrate and build their infrastructure on AWS. In her free time, she enjoys traveling and spending time outdoors through activities like hiking, biking, and rock climbing.