Cloudwick’s Amorphic Data Platform has long supported public sector and sensitive-data organizations with secure, cloud-native analytics. With the launch of Amorphic 3.1, we’re proud to introduce TRACE (Trusted Regulatory Audit and Compliance Engine), a powerful new application designed to elevate cloud governance, compliance visibility, and security posture management for organizations using Amorphic.
Introducing TRACE for Real-Time Compliance and Observability
TRACE is purpose-built to give organizations that manage regulated data a single pane of glass to monitor their security and compliance posture in Cloudwick’s Amorphic Data Platform.
Fig. 1: TRACE Compliance Overview with overall compliance score, security standard breakdown, and findings categorized by severity (Critical, High, Medium, Low)
TRACE is built on top of AWS Security Hub, leveraging it as the core framework to aggregate, prioritize, and present findings from a wide range of AWS-native security services, including:
- Amazon GuardDuty – for threat detection
- AWS Config – for configuration compliance
- Firewall Manager – for centralized firewall policy management
- IAM Access Analyzer – for access insight and anomaly detection
This native foundation ensures TRACE inherits the scalability, accuracy, and automation capabilities of AWS Security Hub while extending its visibility to include Amorphic’s platform services, giving users a complete picture of compliance postures across infrastructure and data pipelines.
As part of this model, we track and manage all platform administrative data comprehensively, capturing logs, configurations, policies, and governance activities across environments. This information is then correlated and enriched through AWS Security Hub and Amorphic’s analytics engines to produce consolidated compliance findings and unified views, enabling stakeholders to monitor security, governance, and operational health with clarity and confidence.
Usage Observability: A New Dimension of Visibility
TRACE introduces a powerful new capability within Amorphic: Usage Observability. Through backend data pipelines and scheduled workflows, TRACE tracks and surfaces key platform KPIs - helping teams understand how the system is being used and where governance can be improved.
What TRACE Tracks:
- Number of queries executed by each user (successful vs. failed)
- Types and counts of ETL jobs (e.g., Spark, Python)
- Dataset lifecycle events including creation, deletion, and access
- Vertical/domain/resource-level activities
- User session insights, including browser, device, and IP metadata
Fig. 2: Usage Observability Dashboard showing active users, job breakdowns by type, Athena query success rate, and Data Lab status overview.
Initial Launch Capabilities: Built on Proven Security Standards
TRACE’s first release focuses on delivering core compliance visibility using standards natively supported by AWS Security Hub, including:
- AWS Foundational Security Best Practices (FSBP): A widely adopted best practices framework developed by the Center for Internet Security (CIS), tailored for securing AWS environments.
- CIS AWS Foundations Benchmark: A set of curated best practices created by AWS that help maintain a secure cloud environment.
- PCI DSS: Security controls relevant to environments that store, process, or transmit cardholder data.
- NIST 800-53 Revision 5: Provides mappings of AWS findings to NIST control families (e.g., Access Control, Audit and Accountability).
These standards form the baseline of TRACE’s posture evaluation engine - offering immediate, standards-aligned security monitoring from day one.
What TRACE Brings to the Table
TRACE centralizes and streamlines monitoring of both platform usage and cloud compliance.
Key features include:
- Security and Compliance Dashboards: Real-time views of your organization’s posture across foundational AWS and industry standards.
- Governance Insights: Trend tracking for critical platform operations like job execution volume, query success rates, and dataset access.
- Audit-Ready Reporting: Exportable reports structured around specific standards and mapped to findings across AWS and Amorphic.
- Real-Time Activity Timeline: Action-level audit trails with timestamped records of user and system activity.
Fig. 3: Security Findings Table listing misconfigurations by severity, resource type, and compliance status with action icons for resolution or documentation.
Built for the Public Sector and Sensitive Data
Whether managing HIPAA-regulated health data, CJIS-protected criminal justice records, or others, TRACE provides a trusted governance layer that:
- Enables visibility into platform operations and user behavior.
- Aligns configurations with regulated security frameworks.
- Supports proactive compliance and incident response.
- Builds confidence across both technical and non-technical stakeholders.
What’s Coming Next
While the initial release focuses on FSBP, CIS, and NIST Moderate, TRACE is built to expand. Upcoming releases will include:
- Full support for HIPAA, CJIS and IRS 1075
- Custom framework mapping for state, agency, or sector-specific compliance programs
- AI-powered anomaly detection based on user behavior and system events
- Governance scoring and benchmarking to quantify posture over time
- Enhanced multi-tenant and cross-account monitoring
Final Thoughts
With TRACE, Cloudwick is redefining how compliance and governance are operationalized in the cloud. TRACE isn't just a tool - it’s an assurance layer that builds trust in your data operations.
By combining the strengths of AWS-native security insights with deep Amorphic observability, TRACE delivers an unmatched level of transparency, accountability, and peace of mind.