Source URL: https://cloud.google.com/blog/products/identity-security/shift-left-your-cloud-compliance-auditing-with-audit-manager/
Source: Cloud Blog
Title: Shift-left your cloud compliance auditing with Audit Manager
Feedly Summary: Cloud compliance can present significant regulatory and technical challenges for organizations. These complexities often include delineating compliance responsibilities and accountabilities between the customer and cloud provider.
At Google Cloud, we understand these challenges faced by our customers’ cloud engineering, compliance, and audit teams, and want to help make them easier to manage. That’s why we’re pleased to announce that our Audit Manager service, which can digitize and help streamline the compliance auditing process, is now generally available.
Understanding compliance across layers in Google Cloud.
aside_block
Traditional compliance methodologies, reliant on manual processes for evidence collection, are inefficient, prone to errors, and resource-intensive. According to the Gartner® Audit Survey, “When surveyed on their key priorities for 2024, 75% of chief audit executives (CAEs) cited audit’s ability to keep up with the fast-evolving cybersecurity landscape as their top priority — making it the most commonly cited priority.”
Introducing Audit Manager
Audit Manager can help organizations accelerate compliance efforts by providing:
Clear shared responsibility outlines: A matrix of shared responsibilities that delineates compliance duties between the cloud provider and customers, offering actionable recommendations tailored to your workloads.
Automated compliance assessments: Evaluation of your workloads against industry-standard technical control requirements in a simple and automated manner. Audit manager already supports popular industry and regulatory frameworks including NIST 800-53, ISO, SOC, and CSA-CCM. You can see the full list of supported frameworks here.
Audit-ready evidence: Automated generation of comprehensive verifiable evidence reports to support your compliance claims and overarching governance activity. Audit Manager provides you with a quick execution summary of compliance at a framework level and the ability to deep-dive using control level reports.
Actionable remediation guidance: Insights to swiftly address each compliance gap that is identified.
The compliance audit journey with Audit Manager
The cloud compliance audit process involves defining responsibilities, identifying and mitigating risks, collecting supporting data, and generating a final report. This process requires collaboration between Governance, Risk, and Compliance analysts, compliance managers, developers, and auditors, each with their own specific tasks. Audit Manager streamlines this process for all involved roles, which can help simplify their work and improve efficiency.
Shift left your compliance audit process with Audit Manager.
Customer case study: Deutsche Börse Group
Deutsche Börse Group, an international stock exchange organization and innovative market infrastructure provider, began their strategic partnership with Google Cloud in 2022. Their cloud transformation journey is well under way, which brings with it the challenge of achieving and documenting compliance in their environment.
Florian Rodeit, head of cloud governance for Google Cloud, Deutsche Börse Group, first heard about Audit Manager during a Las Vegas Google Cloud Next 2024 session.
“The Audit Manager product promises a level of automation and audit control that has a lot of potential. At Deutsche Börse Group, we were excited to access the preview, explore the functionality further and build out a joint solution,” he said.
Following the European preview launch of Audit Manager, Deutsche Börse Group and Google Cloud set up a collaborative project to explore automating cloud controls via Audit Manager. Deutsche Börse Group had already created a comprehensive control catalog to manage their cloud control requirements across the organization. They analyzed the Cloud Security Alliance’s Cloud Controls Matrix against their written rules framework to create inputs for Audit Manager, and set out ownership and implementation guidelines for cloud-specific controls.
Now, Deutsche Börse Group can use Audit Manager to check if there are resources configured that deviate from the control framework, such as any resources that have been set up outside of approved regions. This provides automated, auditable evidence to support their specific requirements for compliant usage of Google Cloud resources.
Benjamin Möller, expert cloud governance, vice-president, Deutsche Börse Group, has been leading the collaborative project. “Moving forward, we hope that Audit Manager will allow us to automate many of our technical controls — giving us robust assurance that we are compliant, enabling us to quickly identify and rectify non-compliance, and minimizing the manual over-head of audit evidence. We are excited to continue making progress on our joint venture,” he said.
Take the next step
To use Audit Manager, access the tool directly from your Google Cloud console. Navigate to the Compliance tab in your Google Cloud console, and select Audit Manager. For a comprehensive guide on using Audit Manager, please refer to our detailed product documentation. We encourage you to share your feedback on this service to help us improve Audit Manager’s user experience.
AI Summary and Description: Yes
Summary: The text discusses the challenges of compliance in cloud computing, particularly the roles and responsibilities between customers and cloud providers. It highlights the launch of Google Cloud’s Audit Manager, which aims to simplify and automate the compliance auditing process through features such as shared responsibility matrices, automated assessments, and comprehensive evidence generation.
Detailed Description:
The provided content centers on the complexities of cloud compliance and introduces Google Cloud’s Audit Manager as a solution to streamline the compliance auditing process. Key points include:
– **Challenges in Cloud Compliance:**
– Organizations often encounter regulatory and technical difficulties in delineating compliance responsibilities between themselves and their cloud providers.
– Traditional compliance methods are criticized for being manual, error-prone, and resource-intensive.
– **Gartner Survey Insights:**
– According to a Gartner® survey, 75% of chief audit executives regard keeping pace with the cybersecurity landscape as a top priority for their audits in 2024.
– **Introduction of Audit Manager:**
– This service aims to accelerate compliance efforts by providing:
– **Clear Shared Responsibility Outlines:** It offers a matrix that clarifies compliance duties between cloud providers and customers, enriched with actionable recommendations tailored to specific workloads.
– **Automated Compliance Assessments:** The tool evaluates workloads against established industry and regulatory frameworks, such as NIST 800-53 and ISO, automating much of the assessment process.
– **Audit-ready Evidence:** The generation of verifiable evidence reports is automated, allowing for quick summaries of compliance status at both framework and control levels.
– **Actionable Remediation Guidance:** Automated insights for addressing identified compliance gaps efficiently.
– **The Compliance Audit Process:**
– The process involves defining responsibilities and risks, gathering supporting data, and eventually producing a compliance report. Audit Manager is designed to simplify this multi-role collaboration, thereby enhancing efficiency.
– **Customer Case Study – Deutsche Börse Group:**
– This case illustrates the successful implementation of Audit Manager during Deutsche Börse Group’s cloud transformation with Google Cloud.
– The partnership has enabled the automation of cloud controls and compliance checks against established control frameworks, enhancing their ability to quickly identify and rectify non-compliance.
– **Future Aspirations:**
– The leaders of Deutsche Börse Group express optimism about progressing with Audit Manager’s automation potential, which they believe will reduce manual efforts in generating audit evidence and improve operational compliance assurance.
– **Call to Action:**
– Users are encouraged to access Audit Manager through the Google Cloud console, with references to product documentation for further support.
In summary, Google Cloud’s Audit Manager demonstrates a significant advancement in compliance automation tailored to the needs of organizations handling cloud services, providing comprehensive support for compliance and governance frameworks while addressing the challenges faced in traditional auditing processes. This tool is highly relevant for security and compliance professionals looking to enhance their cloud governance strategies.