Learn about how compliance fits into cloud governance.
- [Teacher] So we're all compliant out there, we monitor our driving around speed limits, we monitor our transactions, we monitor the way in which we pay taxes and we have to deal with legal organizations that may come after us if we don't do those things properly. And that's really what compliance is all about. So, if we're govern what's in the cloud, it's important that we're able to place policies around the governance of those systems that allows us to limit access based on certain restrictions, either policy restrictions that we build within the enterprise, in other words, our own restrictions that we're trying to live up to or more often than not, it's going to be legal restrictions, basically through outside forces.
And we may be audited and we may be found that we need to prove our compliance especially if you're in the finance or healthcare verticals. So it's perhaps the most important role that governance plays, it's basically the automation of legal restrictions. And so the ability to kind of automate without second guessing everybody or having some human run around and trying to make everybody compliant, which is very difficult to do. We're able to automate the restrictions and the policies that are placed on use of the resources that we have in the cloud and therefore we remain compliant through this automation.
So compliance and governance in this breakdown here, we have abstraction, policies, you know, basically legal issues, so in other words, policies enforce the law and we have to keep process information around Sarbanes-Oxley. We have to keep legal identity information, we have to use certain encryption keys that are validated for HIPAA and healthcare. Abstraction of these systems basically removes us from the complexity, so instead of having to deal with the legal issues and updating those things all the time, somebody else is responsible for that, who can basically make it his or her full-time job to monitor what's going on in the legal world and update these policies, so it's going to enforce them on a particular cloud and then through this abstraction layer, we're able to access these policies without really kind of understanding them, really.
I mean, we should have a basic understanding of what they are because the industry you're in, but there's no reason why we need to understand what encryption levels we need to do or whether or not information can be transferred across state lines in certain instances around privacy regulations. And so it takes the burden out of our hands and puts it in the hands of the governance compliance system. Identities need to be understood, you need to understand how processes are involved in services and resources are kind of down to those things. So again, we can't enforce policies without having understanding the identities of the devices and the people and the systems that we're interacting with and making sure that they're not able to do something that's going to violate some law or some policy that's going to get us in trouble.
And we do that by putting the guard rails up, in this case the guard rails of compliance and governance.
- Cloud governance basics
- Cloud resource governance
- How cloud security and governance are linked
- Defining governance policies
- Cloud management platform basics
- Reviewing service governance tools
- Cloud governance costs
- Understanding your requirements
- Finding the right tools
- Testing cloud governance
- How operations deals with governance