Evaluate Resilience Posture - AWS Resilience Hub

Is this a Security control or an IT control

While resilience is often a responsibility taken by the infrastructure teams, Security is the responsible to ensure that the current critical infrastructure is prepared to withstand failures to the expectations of the business, according to the CIA triad (Confidentiality, Integrity, Availability).

Resilience Hub

Evaluating what is the resilience of your critical applications is an important quickwin as it will allow you to know if the current workloads are prepared to meet the resilience targets (Recovery Time Objective and Recovery Point Objective), to achieve a Service Level Agreement (SLA) defined by the business.

Once identified the current status, compare it with the required by the business and if there is a gap, involve the infrastucture and business teams to create a remediation plan.

Resilience hub will also help you estimate the cost of improving the architecture to improve resiliency for each of the options offered by the service, providing the business the data required to decide wether to move forward with the improvement plan or stay as it is and adjust the requirements.

Risk Mitigation

  • Systems fail over time. The decision of what to configure in multi-AZ and what in multi-Region, when to enable additional replicas, is a decision that should be done based on the requirements (on data, not perceptions).
  • On major outages of critical applications is common that the board will hold the CISO accountable for not identifying the risk and driving improvements on time, even if in the company other area is responsible for the day to day resilience activities.

Guidance for assessments

  • Have you analyzed the critical workloads with Resilience Hub ?
  • Do you have clear requirements for availability from the business ?
  • Is the current workload prepared to deliver the required SLA ?

Pricing

https://aws.amazon.com/resilience-hub/pricing
As part of the AWS Free Tier, you can try AWS Resilience Hub free for 6 months for your first 3 applications.