Learn about compliance and governance tools.
- [Instructor] So let's talk about compliance and governance and this is probably the most important role that governance plays because it can pay for itself by avoiding one violation. Basically it's automation of the legal restrictions that we have in the particular industry that we're in or the particular country that we live in, all kinds of things really come into play and for multi-national companies this is absolute nightmare, understanding, for instance, that in the EU, in many countries that financial information is not allowed to flow outside the country so if we have a localized instance in a particular EU-based country, then the data has to stay in there and we have to write policies in terms of security and governance in assuring that the information is going to remain local else we could be fined millions of dollars and of course bad press and all that kind of stuff that could actually devalue the company.
So this is, as I say to people that are setting this up, the things that are going to keep you out of jail. So cloud computing governance and the ability to leverage it in terms of compliance is probably the most valuable thing that you'll run into. So compliance and governance deals with abstractions as we found is common amongst the various tools that are out there and we do that through policies and policies are basically laws that are written in terms of compliance. For instance, we mentioned that sometimes monetary data can't leave the country, but in the case of the healthcare world we have privacy issues and certain encryption levels have to be used and the data has to be anonymized and if it's not anonymized, it shouldn't be externalized to a human being, all these sorts of things are very tough to track and especially as you deal with multiple countries that have multiple legal restrictions that have to be adhered to.
So you have to write the policies that not only exist within the particular country that you're doing business in but all the countries that you're doing business in and you have to understand the laws and you have to find out how those laws translate into policies that you can write. So again, this is identity based because we have to know who we're dealing with and what devices we're dealing with in order to understand how they can interact and policies, rules and regulations that control how they interact. So I know the groups, I know physically where they are, I know what laws they're under, including folks that could be on multiple law-based systems under different countries and then I'm able to create a process around that so I can define how those things are going to occur and what restrictions need to occur, when logging needs to occur, all these sorts of things and then lo and behold, govern the two things we're worried most about, be the services that exist as cloud services or application services, web services or APIs, very low-level granular things or resources, the ability to deal with resources in the organization and resources in the cloud such as storage, compute, databases, all these sorts of things are vitally important.
So compliance, if you take anything away from this, can keep you out of jail.
- Cloud governance basics
- Cloud resource governance
- How cloud security and governance are linked
- Defining governance policies
- Cloud management platform basics
- Reviewing service governance tools
- Cloud governance costs
- Understanding your requirements
- Finding the right tools
- Testing cloud governance
- How operations deals with governance