Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

Описание: In many organizations, security exception management is a manual process, often treated as a simple compliance checkbox. While necessary, this approach can lead to unmonitored configurations that drift from their approved state, creating inconsistencies in an organization's security posture over time. How can teams evolve this process to support modern development without compromising on security?

In this episode, Ashish Rajan sits down with security expert Santosh Bompally, Cloud Security Engineering Team Lead at Humana to discuss a practical framework for automating exception management. Drawing on his journey from a young tech enthusiast to a security leader at Humana, Santosh explains how to transform this process from a manual task into a scalable, continuously monitored system that enables developer velocity.

Learn how to build a robust program from the ground up, starting with establishing a security baseline and leveraging policy-as-code, certified components, and continuous monitoring to create a consistent and secure cloud environment.

Questions asked:
00:00 Introduction
00:39 From Young Hacker to Cybersecurity Pro
02:14 The "Tick Box" Problem with Exception Management
03:17 Exposing Your Threat Landscape: The Risk of Not Automating
05:43 Where Do You Even Start? The First Steps
08:26 VMs vs Containers vs Serverless: Is It Different?
11:15 Building Your Program: Start with a Security Baseline
14:44 What Standard to Follow? (CIS, PCI, HIPAA)
17:20 The Lifecycle of a Control: When Should You Retire One?
19:42 The 3 Levels of Security Automation Maturity
23:25 Do You Need to Be a Coder for GRC Automation?
26:16 Fun Questions: Home Automation, Family & Food
--------------------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
🛜 Website: https://cloudsecuritypodcast.tv/
🧑🏾‍💻 Cloud Security Bootcamp - https://www.cloudsecuritybootcamp.com/
✉️ Cloud Security Newsletter - https://www.cloudsecuritynewsletter.com/
Twitter:   / cloudsecpod  
LinkedIn:   / cloud-security-podcast  

#cloudsecurity #cloudengineering #cloudsecuritypodcast