When was the last time you heard someone utter the sentence, “I’m looking forward to the audit next week.” Most likely, never. Since its invention, the word “audit” has struck … well, if not terror, then certainly groans in the individuals responsible for ensuring the resources being audited are compliant with appropriate regulations. The fact is that compliance is still largely a manual set of processes, even though the regulatory landscape is continually more complex. Finding and hiring enough qualified compliance people is difficult and, ultimately, doesn’t scale well.
Complicating things further is the move to elastic infrastructure like public and private clouds. Ensuring compliance with necessary regulations like PCI, HIPAA, SOC 2, SOX, etc. in the era of on-premise, captive data centers was challenging enough. But as organizations move to cloud-based and/or virtualized infrastructure, the job becomes nearly impossible. While the cost and agility benefits of cloud computing are simply too significant to ignore, for the compliance teams, this creates special challenges, many of which have yet to be considered by the majority of enterprises.