Comprehensive software reviews to make better IT decisions
Capital One’s Cloud Custodian: A Surprising Answer to Governance Questions
Capital One’s Cloud Custodian is an open source governance, security, and compliance engine for cloud services that will give users the tools necessary to enforce cloud governance – a necessity in highly regulated industries like finance.
Cloud Custodian offers declarative, “governance as code” capabilities through a “YAML DSL rules engine,” and steps beyond traditional management platforms in that it can be used for enforcement of policies. More specifically, Capital One highlights several important features:
- Real-time compliance (that is, actual governance).
- Cloud cost management more generally by shuttering unused or under-used instances.
- Multi-cloud and serverless support.
- The ability to build millions of policies – ranging from simple to complex – using DSL.
Check out SoftwareReview’s Cloud Systems Management category, Date Accessed August 13, 2019.
Our Take
Capital One might not be the last place you expect to see this kind of technology innovation, but it’s certainly not the first. Cloud Custodian’s roots make sense, however: as an American financial institution Capital One is keen on compliance. Governance as a matter of policy is one thing: ensuring real time compliance using a declarative automated system is a different thing entirely.
Most cloud management platforms out there offer similar services, but they usually focus on cost management. For those organizations that play in highly-regulated spaces, Capital One’s governance/compliance-first approach may be just what cloud skeptics need.