Set rules to restrict, enforce, or estabilish behaviours in your cloud environment, helping to achieve security and compliance objectives


The Governance component of Cloudmarque is concerned with establishing, deploying, and managing rules to constrain the use of cloud resources. These rules can be used to prevent accidental or malicious attempts to manipluate cloud resources to nefarious ends.

The role of Governance is to deliver:

  • The ability to create and deploy rules which regulate cloud environment activity
  • Reporting on rule deployment and compliance
  • Optionally, to provide pre-built rule packs to support specific compliance objectives

Non-cloud resources may be deployed to support these objectives, including Cloud Access Security Brokers (CASB).


Rules can be defined to secure resources from a range of security perspectives:

  • Economic - Prevent creation of resources at expensive service tiers
  • Access - Prevent creation of insecure or publicly available blob storage, or public IP endpoints
  • Features - Ensure that cloud resources are properly encrypted
  • Geography - Ensure that all resources are in defined regions, to comply with data residency requirements

Security layers

Cloudmarque advocates a “defense in depth” approach to security. In the Governance space, this relates specifically to the “access control” layer. Using rules enforced natively in the cloud and/or via a CASB, sophisticated resource access controls can be deployed to report or prevent unauthorised activity by users and administrators.

Proactive monitoring

Access Controls

  • Restrict the types of compute resource which can be deployed, including by type, geography, location, or service level
  • Ensure that security features are enabled when an authorised cloud resource is deployed
  • Enforce tagging conventions to simplify cloud resource management
Edit this page on GitHub

The content on this page is published under Open Source licenses via GitHub. To submit issues or provide feedback please visit the repository.