Compliance as Code - Minimal Viable Cloud

Moving IT infrastructure to AWS services creates a model of shared responsibility between the customer and AWS. This shared model can help relieve customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

How can you create a frictionless on-boarding environment when each of the product must implement specific requirements based on the 1) type of products is offered and 2) country in which their products are sold.

How do you create a secure cloud management layer between Application teams infrastructure as to ensure security in the cloud while balancing the developer productivity and enabling continuous integration. Take the operations team on a journey of automation and how the organization looks like after hiring engineers to develop those capabilities following SRE model.

For each layer, the control objectives are defined. For each control objective, the necessary responsibilities & process controls are defined, including company policies and procedures to be followed i.e:

  • Control Objective: IT third party can demonstrate effectiveness of their operating model and control environment.
  • Process Control: The CSP owner will annually review the effectiveness of the AWS operating model and control environment.

Why would this talk be a good fit for the DevOpsDays audience?

Compliance is a taboo topic

View full program



Sergiu Bodiu


Sergiu is passionate Software Architect within the Cloud group in Standard Chartered. Previously he was the Regional Platform Architect for APJ @Pivotal, where he was helping the region’s most