Cognitive compliance: Analyze, monitor and enforce compliance in the cloud

Abstract

IT compliance is an area of increasing attention and capital spend in enterprise IT environments. Enforcing compliance is a complex process, which involves following regulatory requirements coming from many, often overlapping sources, and mapping those requirements against a controls framework that implements them on the ground. In this paper, we propose a solution for streamlining the process of analyzing, monitoring and enforcing compliance in the cloud. We rely on text classification methodologies to match both regulatory requirements and controls against a common hierarchy. Finally, we explain how to use the text classification techniques to analyze the regulatory requirements, and match them to executable code that enforces these requirements in the cloud infrastructure components, such as in virtual machines and containers.