The Doppler Quarterly Special Edition 2019 | Page 91
A number of banks are embracing this continuous, real-time
monitoring trend. According to a May 2017 report by McK-
insey & Co., as the scope of regulation widens some finan-
cial institutions have “chosen to be ‘constantly materially
compliant,’ a status just shy of full compliance, because of
ongoing long-term remediation programs.” rity and better visibility into risks before they become criti-
cal issues.
The ability to review stats daily instead of, for example, four
weeks before an audit, allows teams to spend more time
moving their businesses forward rather than reacting to
urgent issues. And real-time analysis pays significant divi-
dends when it leads to early detection of trends. You gain
the ability to take proactive steps to remediate and prevent
minor issues from becoming critical issues. Gaining Control
Ultimately, real-time analysis of compliance readiness is the
catalyst for creating a data-driven, fact-based approach to
an organization’s compliance in the cloud program.
Continuous Compliance
CTP’s Continuous Compliance delivers a holistic, pro-
gram-based approach to both technical and process-ori-
ented compliance. With continuous assessments of cloud
environments run against key regulatory frameworks like
PCI, NIST and others, Continuous Compliance delivers real-
time data to your business and to CTP to drive remediation
programs forward.
As regulations and standards evolve, CTP identifies those
changes rapidly and adapts client policies to remain in com-
pliance. Clients benefit from reduced risk of gaps in compli-
ance, less time and fewer resources required to constantly
research and implement controls, and faster and less
labor-intensive audit preparation.
Instead of continually addressing urgent issues, your devel-
opment teams have more time to focus on the work at hand.
With the right tools (and the right insights), they can be
more productive and execute more compliant software
builds. You experience fewer drills, tighter operational secu-
Continuous Compliance also enables more focused and
informed program-level oversight and governance to help
you successfully steer your business forward.
How do you get your cloud compliance under control? Here
is a list of the priorities everyone should consider:
• Continuously assess and monitor activities to identify
risks and potential sources of compliance exposure
• Have a well understood process for remediation of
control failures and identified risks
• Take proactive steps to review cloud application
architectures and corresponding controls to ensure
compliance readiness
• Ensure that those responsible and accountable for
compliance and remediation within the organization
have access to real-time data about control failures
• Regularly update your implementation of regulatory
or IT control frameworks; the rules can and do
change
• Ensure compliance readiness is a key priority of the
CIO, CISO and business unit leaders, in addition to
audit staff
These are the key ingredients to a solution that puts you in
control of compliance in the cloud.
Written by Bob Krygowski, former Director of Product
Management, CTP, and currently Product Lead, Managed
Cloud ,at 2nd Watch
Learn more about Continuous
Compliance solutions at
cloudtp.com/continuous-compliance.
SPECIAL EDITION 2019 | THE DOPPLER | 89