Getting Cloud Compliance
Under Control
Bob Krygowski
To gain control over compliance,
organizations must first understand
their scope and their ability to han-
dle that scope.
When companies kept their applications in a data
center, compliance was a more straightforward pro-
cess. It still required energy and diligence, but the
tasks were predictable. Servers and software were in
the back room, paid for, running on set schedules,
year after year. Workers maintained specific legacy
systems that they were well trained on, configura-
tions followed established patterns, and workloads
were more easily tracked alongside company initia-
tives. Compliance could be handled as a quarterly or
even annual ritual.
Cloud has flipped the compliance process upside
down. It’s introduced a whole new set of variables –
new tools, new configuration and approval processes,
new job roles and new rules for companies to follow.
The changing environment has turned compliance
into a moving target that’s harder to control. Compli-
ance can no longer be managed once or twice a year.
In the cloud, compliance needs to be managed
continuously.
To get cloud compliance under control, organizations
must first understand their scopes and their ability to
6 | THE DOPPLER | WINTER 2018
handle those scopes. The scope will vary for each
organization, and even within an organization, based
on issues such as: the regulations controls them-
selves; the complexities of requirements demanded
by the industry; the geography; the impact to the
business if it’s out of compliance; and the level of
cloud maturity and readiness to take on the job and
do it well.
Let’s look at these issues in more depth to evaluate
how to get your cloud compliance under control.
The Impact of Cloud and Automation
on Compliance
Looking more closely at cloud’s impact, it’s easy to see
how challenged organizations are when it comes to
maintaining control and, just as importantly, to
demonstrating that they’re maintaining control.
Above all else, cloud helps organizations improve
their agility. They’re not hidebound by server policies
and schedules, so they make rapid and frequent
changes to their environments. Cloud allows them to
dial services up and down according to needs and
desires, and to create and deploy software rapidly
using continuous integration and continuous delivery
pipelines. Configurations that wouldn’t change for
months, perhaps years, in the data center now change
in minutes.