Multi-Cloud Governance Creation and IAM Improvements

Challenge

A top 10 US bank needed assistance implementing process improvements for the Cloud Governance Procedure team and supporting the Identify and Access Management (IAM) Audit and Compliance team to:

  • Improve compliance, cloud security, and data storage posture
  • Establish a cloud strategy for GCP, AWS, and Azure to align with the changing technological needs

Solution

Deployed a cross-functional team of GRC and cloud technologist to help the bank modify its policy and procedure documentation, which included:

  • Auditing 1000+ IAM Roles and Policies ahead of schedule and in alignment with the “principle of least privilege”
  • Designing, documenting, implementing, and validating 50 + AWS & GCP Cloud Security Controls
  • Developing an analytical dashboard to display various metrics related to Cloud Security Controls
  • Generating a cloud strategy and active cloud services

Outcome

Infinitive delivered valuable technology, strategy, and guidance to improve cloud governance procedures at the bank that resulted in:

  • Reduced cloud risk and unintended API actions which allowed the initiative to be completed ahead of schedule
  • Improved cloud infrastructure security posture and control knowledge distribution
  • Increased visibility on current risk, vulnerabilities, and control status
  • Alignment with the business goals and additional project extension
Published September 28, 2022