Organizations are adopting cloud services at a rapid pace, sometimes outside the scope of existing IT/security policies and workflows. But it is possible to adapt existing IT/security policies and workflows to support the best features of cloud services (speed, elasticity and innovation) while still retaining the required controls, especially access control and audit. Come learn how one organization successfully embraced IaaS cloud services and met IT security requirements. Cloud services can increase an organization’s agility and innovation because of the elastic, rapid deployment and self-service features of cloud services. Employees responsible for developing products and software can increase productivity by leveraging the capabilities of cloud services. However, for the teams responsible for managing risk and implementing information security controls, the use of cloud services often circumvents existing processes and workflows, giving rise what is often called “shadow IT.” However, most cloud service providers today provide capabilities that can be leveraged by IT and security teams to meet the organization’s IT and security policy requirements without sacrificing the principal advantages of using cloud services. Here, we will discuss how we implemented a program to manage IaaS resources, including the following areas: · Billing account management · Identity and access management (IAM), including roles and privileges · Log management · Network security logging · Audit/compliance