Adherence to regulatory obligations requires organisations to undertake a measured approach when consuming public cloud services. Regulated organisations are required to distil their obligations into internal policy and eventually, into control objectives. Enabling controls and governance in the public cloud environments is paramount to the enterprise successfully consuming cloud.
Bringing the security, risk and governance teams along for the cloud adoption journey ensures consistent alignment and buy-in. The role of the risk and governance managers, in this approach, is to define the cloud control strategy, and ensure that the consumers of the enterprise public cloud are aware of the policies outlined in the strategy.
To achieve controls and governance at scale, regulated organisations must continuously revise controls and consistently apply configuration across all environments and accounts for continuous compliance. Implementation of automated detection, aggregation, notification and escalation workflows in-line with the chosen control and governance strategy allows such enterprises to accelerate their cloud journey.