Contact Us
Services - Cloud  Security

Controls as Data

Why Controls as Data?

Data like knowledge is power. Your organisation’s controls are no exception. 

What do we mean by controls?   The National Institute of Standards and Technology (NIST) defines a control as a measure that is modifying risk. It could be a security or a cost control. 

The lack of meaningful understanding begins with how and where your controls are stored and represented. You cannot provide the visibility and analysis your controls require, if they are stored in documents, spreadsheets or wikis. Separate the data from their representation and surface the information needed for your internal customers.

Treat your controls as data. Use the information they provide and build intuition around your organisation’s posture. Create a useful system repository that traces controls all the way to their technical implementation, giving you an end-to-end view of your real and current security posture.  

Cater to your internal customers and auditors needs, with any representation format and answer any query about the nature of your controls. 

You can incorporate everything from security to cost controls and from threat models to regulatory frameworks.

Metis by Airwalk Reply allows organisations to treat controls as data . Introducing a dynamic representation relevant to each audience, push the data to any platform, and create a collaborative environment where controls make sense to everyone.

Key takeaways

  1. Surface relevant views:  Show the relevant information to the appropriate audience. For example, you might want to surface the Infrastructure as Code or control enforcement part to an application team, but you want to show the NIST 800-53 controls mapping or threat model to an auditor.
  2. Provide downstream APIs: You can provide a downstream API to whoever needs it, be it a team that does policy as code or your cyber analytics function.
  3. Inner source and crowd source: No one has all the answers. By inner sourcing and crowd sourcing, you can leverage the collective intelligence of your organisation.
  4. Develop to a common standard: Develop controls to a common standard, with specific information or data requirements and acceptance criteria.
  5. Be flexible about tools: Use known patterns and be flexible about the tools you use. Use an approach that fits your organisation and the workflows you’re familiar with.


Transform your security posture with controls as data.  Get in touch

Our Services
Icon

Talk to us about transforming your business

Insights
and News

Read about our industry news, insight, employee stories and upcoming events.

View all

Client Case Studies

Client: An Independent Financial Regulatory Body
Migration from On-Premise to a Modern, Cloud Based Workplace

Read More

Client: National Public Utility Organisation
Migration from On-Premise to Microsoft Azure

Read More

Client: One of the UK's largest financial institutions
FinOps within a Multi-Cloud Environment 

Read More

Client: ‬A global financial institution with businesses across retail and corporate banking, global markets, insurance and wealth management
FinOps - developing a Cloud Centre of Excellence

Read More

Client: Central Government
FinOps for an essential government programme

Read More

Client: Global Bank
Modern service hosting platform

Read More

Client: Global Bank
Global Cloud Migration Programme

Read More

Client: Crown Commercial Service
A Modern Workplace in Central Government

Read More

Client: Domestic & General
Cloud Operating Model

Read More

We would love to talk about
transforming your business

Get in touch