Governance and Compliance
Ensuring governance and compliance in cloud environments is a primary concern for highly regulated and security-conscious organisations on their cloud adoption journey. However, governance is more than just the legal obligations and regulatory bodies. True organisational governance includes people, processes, and tooling which are then reinforced by cloud policies and controls to ensure that consistent compliance standards are used throughout the cloud environments.
Based on a decade of experience deploying Cloud at Scale™ securely within financial services institutions, Sourced applies the principle that there is no single methodology for the implementation of controls. Instead, Sourced consults with its clients to understand their risk posture and fashions strategies for specific risk vectors and their respective control in a layered arrangement consisting of:
All three control approaches to cloud compliance require the same process of analysis, definition of policy and control objectives, engineering, and maintenance of the controls in an operational environment. Cloud providers’ commercial advantage centres around a very high rate of innovation and access to new services. Unique to cloud providers, these features are generally released as enhancements into existing running environments as opposed to a traditional opt-in update or licensing process.
The control systems must therefore be able to interpret these new features, assess their risks, understand changes to the risk posture, and distribute controls continuously, and with a high frequency. The rate of innovation now exceeds hundreds of features per provider every quarter, and therefore the control system must be capable of distributing changes at a high velocity.