Challenge
A top 10 US bank needed assistance implementing process improvements for the Cloud Governance Procedure team and supporting the Identify and Access Management (IAM) Audit and Compliance team to:
- Improve compliance, cloud security, and data storage posture
- Establish a cloud strategy for GCP, AWS, and Azure to align with the changing technological needs
Solution
Deployed a cross-functional team of GRC and cloud technologist to help the bank modify its policy and procedure documentation, which included:
- Auditing 1000+ IAM Roles and Policies ahead of schedule and in alignment with the “principle of least privilege”
- Designing, documenting, implementing, and validating 50 + AWS & GCP Cloud Security Controls
- Developing an analytical dashboard to display various metrics related to Cloud Security Controls
- Generating a cloud strategy and active cloud services
Outcome
Infinitive delivered valuable technology, strategy, and guidance to improve cloud governance procedures at the bank that resulted in:
- Reduced cloud risk and unintended API actions which allowed the initiative to be completed ahead of schedule
- Improved cloud infrastructure security posture and control knowledge distribution
- Increased visibility on current risk, vulnerabilities, and control status
- Alignment with the business goals and additional project extension
Published September 28, 2022
