Only 43% of companies evaluate new products' data security and privacy before launch. And security is just one chapter of the story: how do companies optimize for security, reliability, performance, and costs all at the same time? FTR can help AWS Partners (those part of the AWS Partner Network) to review processes and tools to improve their solutions' quality. Plus, they get a shiny “AWS - Qualified Software” badge at the end.
While AWS Foundational Technical Review is free price-wise, it doesn’t come for free. You must follow a long list of criteria to earn the certification, which involves thoroughly auditing your systems. This article explores how to approach FTR and some steps to get FTR-ready.
The AWS Foundational Technical Review (FTR) is a structured self-assessment process that evaluates the architecture of your software solutions. There are several versions of the FTR, one for solutions hosted in AWS and one for those hosted outside. The FTR process will take you through self-evaluation, a review process, and a remediation timeframe of up to six months at its conclusion. However, it doesn’t end there - you must file for a renewed review every two years and adhere to any updated requirements.
The FTR has some overlap with the popular AWS Well-Architected Framework, which consists of six key pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. While the AWS Well-Architected Framework is recommended for every business, FTR is a smaller version, targeting AWS Partners. These guiding principles help ensure the quality and security of your software applications and reduce cloud costs.
The process for getting FTR approved is straightforward:
You can (and should) take advantage of AWS’s well-architectured tools, which will ask you questions and offer insights into potential issues you may encounter. Naturally, the tools will give you an overview of the Well-Architected Framework, but it can also provide insights into what needs improvement or fixing. You may also create custom lenses for your specific needs.
While the process may seem straightforward, things get more cumbersome once you reach step 3. Reviewing the official FTR checklist requires you to review each item individually to review compliance. You must check off every item to pass your assessment and provide notes describing how you pass the requirements, so detail is of the essence here. Optionally, AWS recommends you to enable the CIS benchmark in SecurityHub and upload a CSV with the results of the automated checks as evidence. Lastly, you have to upload your architecture diagram.
As you can tell, this task is highly manual and can take weeks, months or up to a year, depending on how secure your system is and the resources you have available. Jit can make this process more seamless and help you pass your FTR assessment without headaches. The AWS FTR security plan on your Jit account automatically maps the gaps related to the security requirements, thanks to various tools which scan your AWS environment and code and provide you with remediation as code and detailed guidelines. After following the recommendations or applying the remediation as code, your environment will be scanned again to ensure all the gaps have been covered.
A reliable system is a system that has safeguards and recovery plans in place in case of disruptions, as well as the ability to adjust computing resources based on demand.
Cyber attacks are an ever-present threat to connected resources, particularly cloud-based applications.
A well-architectured solution is the way to go, and the FTR is an excellent way of ensuring your application meets those guidelines. Following this checklist of critical points you must address will prepare you to undergo the official FTR process and get your well-deserved badge (with the added perk of having a fully secure and stable system). However, this process is still highly detailed, manual, and time-consuming.
Jit’s AWS FTR Security Plan lets you automate the process of meeting FTR security requirements. It offers better visibility into your architecture’s security gaps directly related to the AWS FTR application process, making it easier for you to remediate these and pass your FTR assessment. Get started for free.
One ticket to AWS first class, please! That’s not actually the official designation, but an Amazon Foundational Technical Review (FTR) certification can fast-track you into many currently locked perks and allow your organization to boost stakeholder and customer trust, thanks to the Amazon Partner Network (APN).