Standardizing Multi-Cloud Security & Compliance for Financial Services

Stop mapping security controls manually. Start automating your cloud compliance.

As Canadian financial institutions accelerate their move to the cloud, the "Compliance Tax" - the time spent mapping internal risk policies to AWS, Azure, and GCP configurations - has become the biggest bottleneck to innovation.

Join the lead architects from RBC and Sonatype for a technical deep dive on automating this process using the open source Common Cloud Controls (CCC) standard.

Workshop Description

Cloud adoption across financial services continues to accelerate, but inconsistent security controls, fragmented regulatory expectations, and cloud-vendor lock-in are major obstacles to secure, compliant, multi-cloud operations. FINOS Common Cloud Controls (CCC) is an open standard developed collaboratively with financial institutions, cloud providers, and vendors that defines a unified taxonomy, threat model, and machine-verifiable control catalog for cloud services.

Deep dive on the components of CCC plus understanding of the implementations of validators and conformant implementations. These will be demoed during Maxime and Eddie's talk at OSFF Toronto, but this will be a deeper dive for people to learn how to use the software and contribute improvements.

Who Should Apply?

This session is designed for practitioners who build or secure cloud platforms. It is not a high-level overview; it is an implementation session.

• Cloud Platform Architects (CCoE): Who need to define standard patterns for AWS/Azure/GCP.
• Security Engineers: Who want to move from "Spreadsheet Compliance" to "Policy-as-Code."
• DevOps Leads: Who are tired of waiting for security reviews to deploy infrastructure.
• Risk & Audit Technical Leads: Who need to understand how to audit cloud-native environments against OSFI/NIST standards.

What You Will Walk Away With:

1. A Unified Taxonomy: How to speak the same "Security Language" across multiple cloud providers.
2. Validator Implementation: Hands-on experience running the CCC validators against real infrastructure code.
3. Contribution Path: Direct access to the maintainers to help shape the future of the standard to meet your bank's specific needs.

Prerequisites

• Laptop Required: You will be running code.
• GitHub Account: Required to access the repositories.
• Basic Knowledge: Familiarity with Public Cloud (AWS/Azure/GCP) and Infrastructure as Code concepts (Terraform/ARM) is recommended.

Logistics & Application

• Date: Monday, April 13, 2026
• Time: 1:00 PM – 5:00 PM ET
• Location: Toronto Financial District (Venue details provided upon acceptance)
• Cost: Free for approved applicants (Standard Value: $500)

Note: Due to the hands-on nature of this session, seating is strictly limited to 40 participants. Priority will be given to individuals from FINOS Member financial institutions and regulated industries.

APPLY FOR SEAT HERE