Cloud Blog – Compliance engineering automation
Google Cloud

Compliance engineering automation

Keeping an eye on privacy in the on-premises environment is just as important as keeping an eye on privacy in the cloud. Google Cloud offers new automated capabilities to meet regulatory requirements in a variety of work environments. 


Compliance with banking requirements 

Speaking of different areas of work, let’s take a look at banking requirements. Since banking institutions are directly dependent on information sources, the entire banking system as a whole is connected to IT information sources. 

In the case of banking, the IT application must not only meet risk calculation needs and comply with regulations, but also be quickly deployed. Before a new application can be deployed to a production environment, IT application owners typically look at a historical duration of several months, which no longer falls within the concept of “agility.” At the same time, developers are bypassing cloud synchronization, which makes workflows much more difficult. For example, the current IT models at many banks are built to only require a few updates per month, while the cloud is capable of implementing hundreds of changes every day.

In the following sections, we’ll tell you which features will help you get through the IT transformation and still meet regulatory requirements. 


Grouping control elements

Cloud services enable employees to focus more on the elements of management, while the main workloads will already be optimally distributed.

Grouping works as follows: Engineers can group several mechanisms into one control at once. So they spend their attention on just one grouping, instead of dispersing it to all the tools or elements at once. This approach can significantly reduce the user’s control over the workflow. 

The Enterprise Controls group is part of the cloud provider and cloud services risk assessment. A group of enterprise-wide controls is automatically applied to every workload running on top of this target area. Practical examples are Audit Log (at the Org and Folder level) and (PUAM).  

A group of workload controls is validated at the application level and focuses on the user’s application architecture. In large landscapes, an additional group of workload classes will allow application-specific controls to be clustered around commonalities, such as the privacy of the data being processed or Internet-centric networks.

Workload class controls should find their automation as part of the Continuous Integration/Continuous Deployment (CICD) pipeline.

Working with the cloud

Using the cloud to run your company can significantly increase the security of your data. However, most companies still see using the cloud as a way to reduce risk. So going back to the previous question, it’s worth reconsidering the use of controls to increase efficiency.

For example, production access management for engineers, i.e., the approval process, the management of lists with access, will be significantly changed when access to the production infrastructure is by exception only. 

In short, the control questions should be rated as:

  • Effective – Controls accurately validate the cloud environment;
  • Needs adjustment – Control is relevant, but needs to be adapted to reflect cloud technology;
  • Obsolete – Controls are not effective in evaluating the cloud environment and may be outdated.


Put more projects in development 

Make control owners confident in the technology, allow time for training, make them part of the design and engineering process from the beginning and turn them into cloud transformation advocates in their respective organizations. 

The advantage is that control owners can be confident in the technology and confident that their controls are properly evaluated. As controls stem from different organizations, they will in turn advocate for a change in controls in their respective organization.

Establish clear traceability of controls

Clear traceability of controls, policies, and regulations helps to clear interpretations and enable large-scale automation. 

In order for you to move applications into production as quickly as possible, it is inevitable to automate controls. That’s why the production implementation process has grown by leaps and bounds over the past couple of years, and now controls can be filtered and potentially missing controls can be identified.

At this point, our goal is to make controls more efficient and thereby increase overall productivity. For more information on this type of engineering, please contact Cloudfresh — a unique center of expertise for Google Cloud, Zendesk, and Asana. For these products, we can provide you with the following services: 

  • Customization;
  • Development;
  • Integration;
  • Training;
  • License;
  • Support.

Our specialists will help you optimize your IT infrastructure, develop integrations for better system interoperability, and help create completely new structures and processes for your teams, while our support center will provide you with the best customer experience!


Get in touch with Сloudfresh