Operational resilience is a shared responsibility - Amazon Web Services' Approach to Operational Resilience in the Financial Sector & Beyond

Operational resilience is a shared responsibility

AWS is responsible for ensuring that the services used by our customers—the building blocks for their applications—are continuously available, as well as ensuring that we are prepared to handle a wide range of events that could affect our infrastructure.

In this paper, we also explore customers’ responsibility for operational resilience—how customers can design, deploy, and test their applications on AWS to achieve the availability and resiliency they need, including for mission-critical applications that require almost no downtime. Those kinds of applications require that AWS infrastructure and services are available when customers need them even upon the occurrence of a disruption. As discussed below, customers are able to use AWS’s services to design applications that meet this standard and provide a level of security and resilience that we consider is greater than what existing on-premises IT environments can offer.

Finally, given the importance of operational resilience to our customers, this paper explores the variety of mechanisms AWS offers to customers to demonstrate assurance. This paper reflects only an overview of our ongoing efforts to ensure our customers can use AWS services safely. To complement our concept of shared responsibility, we are also dedicated to exceeding customer and regulatory expectations. To that end, AWS technical teams, security architects, and compliance experts assist financial institutions customers in meeting regulatory and internal requirements, including by actively demonstrating their security and resiliency through continuous monitoring, remediation, and testing. AWS continuously engages with financial regulators around the world to explain how AWS’s infrastructure and services enable all sizes and types of financial institutions—from fintech start-ups to stock exchanges—to improve their security and resiliency compared to on-premises environments. We always want to receive feedback from customers and their regulators about AWS’s approach and their experience.