Continuous compliance: Experiences, challenges, and opportunities

Abstract

IT compliance is an area of increasing attention and capital spend in enterprise IT environments. We present 'Continuous Compliance', a framework that allows a managed IT services provider to automate the overall process of keeping IT assets conformant with enterprise policies, regulatory frameworks, and other best practices. Our framework applies to all cloud layers and service models: Infrastructure-, Platform-, and Software-as-a-Service. We describe our framework design, its operation, and the post-process analytics and reporting. We also examine remediation reports gathered from over 2,000 servers for a seven month period, graph the incidence of repeated remediations, and explore some reasons for gradually subsiding remediations.