Delivering solutions as a managed service is nothing new. It’s already taken over security, cloud and infrastructure.

With governance next on the list, what gains can organizations expect from this delivery model as opposed to traditional approaches?

“We help organizations manage and reduce their costs and risks,” said Travis Stanfield (pictured, right), co-founder and chief executive officer of Stacklet Inc. “We do that through our governance-as-code platform, which is delivered and made available to customers through a very easy-to-use software as a service.”

Stanfield and Gokhul Srinivasan (left), senior partner solution architect at Amazon Web Services Inc., spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how the as-a-service model translates to enterprise cloud compliance. (* Disclosure below.)

Helping teams achieve compliance goals efficiently

Cloud governance is very broad, spanning topics such as identity/access management, application security, risk assessment, compliance and data encryption, among others. With each one of these often handled separately, Stacklet’s first area of differentiation is unification along the common objectives, according to Stanfield.

“We help the organization unify several of these disparate teams towards the shared objectives around governance,” he said. “If all of the teams are streamlined to work together, they are better equipped to help the organization achieve its efficiency goals pertaining to financial governance, in addition to the security goals.”

Secondly, Stacklet’s solution enables real-time incident prevention and remediation using a combination of periodic and event-based operating modes, Stanfield added.

“We do that by making action a first-class citizen in our policy language,” he explained. “You don’t have to do anything else to construct a workflow, integrate or communicate with your team on policy findings. You simply can dial that in and it gives you a declarative experience.”

The third and final differentiator is Cloud Custodian, the de-facto industry standard for cloud governance and policies. Managed by AWS, the stateless rules engine underpins Stacklet’s governance solution within the AWS partner ecosystem, according to Srinivasan.

“Essentially, we wanted to ensure that the partner solutions that are being promoted via AWS are meeting all the security guard rails and are the best in class,” he explained. “That way, the customer gets the experience of just not the core AWS services, but also the benefits from the partner solution.”

Additionally, Stacklet has been working its way through the Cloud Native Computing Foundation pipeline for open-source projects and is currently in the incubation pipeline, according to Stanfield.

“The next step is the last step, and certainly we’re on our way to achieving that final stage,” he said. “The community is large and diverse, with more than 400 active contributors. Thousands of organizations are taking advantage of the project, in addition to our bustling online fan community.”

From an AWS perspective, putting proper governance and compliance in place is crucial for any company to manage growth and scale. Adopting a business-first approach while relegating governance to an afterthought can result in slowed growth, according to Srinivasan.

“Even internal to AWS, our recommendation is to automate and go with the APIs, cloud formation and infrastructure-as-code as the fundamental building blocks,” he said. “What we have seen is not just the success stories of our customers, but also where our customers and partners had challenges.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: Stacklet Inc. sponsored this segment of theCUBE. Neither Stacklet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE