PAUL SCHWARZENBERGER Access keys in GitHub, open security group rules, misconfigured Identity and Access Management roles, private SSL certificate keys kept in code repositories and open S3 buckets. Just some of the security issues which led to a journey towards automated compliance solutions for cloud infrastructure and applications. Paul describes a framework for Continuous Cloud Compliance, and demonstrates some of the techniques and tools he has used while working on cloud migration projects and operational cloud applications for both public and private sector organisations.