Enterprises use cloud-computing infrastructures to perform operations and provide enterprise services to their customers. For example, the cloud-computing infrastructures host computer-executed services, data storage, data access, and the like. Example cloud-computing infrastructures include those provided by third-party cloud providers, each of which provides what can be generally referred to as a public cloud. The term public cloud can refer to a cloud platform that is generally available to multiple users, and/or enterprises. Managing governance, risk, and compliance (GRC) can be a challenging exercise for an enterprise that has its services hosted in a public cloud. Additionally, the global footprint of public clouds significantly expands the scope of regional risk and compliance issues.
Public cloud service providers aim to comply with standards and regulations, but there is a need to provide greater transparency to be able to detect unexpected data access, and to ensure that data resides within the geographical boundaries as is required by customers. Besides transparency various controls are needed that can influence the access, movement, placement, and processing of data. Often the approach to satisfy enterprise concerns about GRC has been to use an isolated private cloud built and run either by the enterprise itself, or an independent regionally trusted third party, which monitors access, and safeguards data protection for enterprise customer data residing in public clouds. Such private clouds are considerably scaled-back and out-of-sync with respect to current public cloud service offerings.