Cloud Compliance | Pulsant | Javid Khan

Javid is an outstanding IT expert with a passion for innovation excellence. He has a deep understanding of IT & Business with extensive enterprise architecture experience which spans a vast range of technologies and industries including Health, Finance, Energy, Cloud and E-gaming.

He has a proven track record of successfully delivering projects both hands on and as primary technical design authority.

As Co-Founder of LayerV, he is able to impart his knowledge, experience, leadership, professionalism and passion across the whole organisation.

Transcription

Today I’d like to talk about compliance in the cloud, and more specifically the challenges of compliance in the cloud. In this example; if we take an on-premise cloud (or your private cloud) and if you look at your public cloud – there are four technology layers broadly speaking.

You have your data, you have your application, you have your virtual infrastructure,  and you have your physical Hardware.

Now for a responsibility perspective, and this is highly reference-able online, you’re responsible for pretty much everything up to OS. Everything below OS – you don’t have to worry too much about – that’s tackled and handled by the cloud vendor. But if you are thinking and talking about private cloud or on-premise facilities, you have to worry about pretty much the entire stack.

Some of the things that you might have already in place to monitor and manage; your security, your controls, maybe some of your compliance or tooling around your physical elements, especially on your on-premise around your virtual infrastructure, your network, your CPU, your instances.

Maybe a number of tools were application and data. And very similar in public Cloud you might have the same tool or a different tool to manage your data, applications, and your host more specifically.

The burden and the challenge then comes with the regulations the requirements and some of the Frameworks you have to align as an organisation.

So if we take ISO 27001 as an example, you might also have GDPR requirements for your infrastructure and you might want to align with some industry standard benchmarks like CIS.

You might also have some more specific industry related requirements such as FCA or PCI or GXP for in pharmaceuticals and so forth.

How do you ensure those controls are implemented across your on-premise, and your public cloud? And how do you ensure those controls stay conformant for the duration of which you have that infrastructure in situ?

We’ve made that a little bit easier. We’ve brought the ability to take all those tools that you really have to be in able to extract that data consolidate it and provide it in a near real-time dashboard.

So you’re able to understand whether your infrastructure is conformant or not conformant to any of these Frameworks as I described.

So, how do we do that?  We have created the ability of extracting data from a number of sources. So in this example, we will use AWS as our public Cloud. We might even want to take some Azure, some VMware and some application data specifically around antivirus or maybe some bespoke applications.

We have something called adapters.  And those adapters are able to extract data. Using  an adapter Fleet, so we have a specific adapter for each of these data sources. We can extract that data normalize it and centralize it.

What we then do and what we were then able to do is query against our compliance engine. Our Compliance engine has the ability to analyse and query the rules that we’ve created and predefined across these Frameworks.

So we already have a predefined list of rules, technology rules, specifically for public cloud and for on-premise private cloud. We’re then able to present that information and that data into a dashboard and provide a near real-time capability of whether your Cloud infrastructure or infrastructure on-premise is conformant on not conformant to the Frameworks as described earlier.

As an optional what we then able to do is present that information, an integrator into a sock. So you can use your own sock or leverage our sock. Ultimately what we want to do is take the alerting that’s been triggered and actually do something about it and remedy it. So once we remedy that alert.  It will then form that continuous loop and ensure that that infrastructure is then conformant across the next Pole.

And what we then create is a continuous cycle or continuous compliance for your infrastructure.

Now, the benefits of this are highly bespoke. We can take data sources pretty much from anywhere, whether it be on-premise data, whether the cloud data, whether it be application data.

What were able to do is create your own rules and your own policies based on the Frameworks you need to align to or if you have any specific Frameworks or policies that need to be aligned so we’re able to create bespoke rules for that.

So what does that mean for you? We’re able to provide you with the confidence that your Cloud infrastructure is conformant to those Frameworks – that you have to align as I described in my example. You’re able to ensure that you have a deep understanding of your compliance posture and provide you with that near-real-time exposure at any given point.

And more to the point it’s compliance Made Easy and it’s simple.