Cloud Security Podcast

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

12 snips
Jun 17, 2025
Santosh Bompally, Cloud Security Engineering Team Lead at Humana, shares his journey from a tech enthusiast to a security leader. He discusses transforming security exception management from a manual checkbox approach to an automated, continuously monitored system. Santosh emphasizes the importance of a solid security baseline and policy-as-code to enhance compliance in multi-cloud environments. He also highlights the complexities organizations face in maintaining rigorous security standards and the evolving role of automation in governance, risk, and compliance.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Santosh's Cybersecurity Journey

  • Santosh was a youthful hacker keen on computers and networks, supported by his parents.
  • His passion led him to study computer science and cybersecurity, gaining diverse roles in threat hunting, GRC, and risk management.
INSIGHT

Exception Management Risks

  • Exception management often is treated as a mere compliance checkbox without ongoing monitoring.
  • This neglect expands the threat surface and risks security posture degradation over time.
ADVICE

Automate Multi-Cloud Policies

  • Use cloud-native policies and policy-as-code across multi-cloud environments for consistent security enforcement.
  • Automate exceptions with orchestration layers processing events from all platforms to scale and streamline.
Get the Snipd Podcast app to discover more snips from this episode
Get the app