AI-Driven Risk Assessment And Compliance Automation In Multi-Cloud Environments

Abstract

This work explores how available AI techniques can be deployed to automatically assess risks and enforce compliance across multi-cloud environments. First, the unique nature of cloud environments suggests a revised risk taxonomy applied across all service providers, which provides the basis for an anomaly-detection architecture with cloud-specific feature engi- neering. Second, differences between provider compliance policies are analyzed for an automated on-the-fly translation that enables continuous monitoring across multi-cloud installations. The find- ings contribute to the establishment of an AI-driven foundation for governance, risk, and compliance that simultaneously satisfies needs for organization, third-party, data, and service governance. The analysis also initiates a discussion of support for business- governance and data-governance constituencies, areas where little attention has been paid to cloud risk and compliance techniques despite the sensitive nature of many of the stored resources.