Cloud Governance

Who this is for

IT admins, cloud operations teams, and security leads responsible for maintaining the security and compliance posture of cloud infrastructure and SaaS environments.

Before you start

At least one cloud connector (Azure, AWS, GCP, or a SaaS integration) must be active and have completed its first sync. SeeConnectorsandIntegrations.

What cloud governance covers

Cloud governance in Nuxari evaluates your connected cloud environments against your defined policy baseline and control mappings. When a resource, account, or configuration deviates from the expected state, an exposed storage bucket, an over-privileged service account, or an untagged resource, Nuxari surfaces a finding with severity context and a recommended action. All remediation routes through the same approval and audit pipeline as the rest of the platform.

What Nuxari evaluates

• ·Public exposure: Storage buckets, blobs, or object storage configured with public read or write access.
• ·Over-privileged identities: Service accounts, managed identities, or cloud IAM roles with permissions significantly broader than required for their function.
• ·Inactive cloud identities: Cloud accounts or service principals that have not been used within your defined inactivity threshold.
• ·Untagged or unattributed resources: Resources missing department, owner, or environment tags required by your tagging policy.
• ·Unencrypted resources: Databases, storage, or compute resources where encryption at rest or in transit is not enforced.
• ·Missing MFA on cloud accounts: Cloud management accounts or privileged identities without multi-factor authentication enabled.
• ·Drift from approved state: Resources whose configuration has changed since the last approved snapshot was recorded.

How to review cloud findings

1. 1In Nuxari, go to Governance > Findings and filter by source: Cloud.
2. 2Each finding shows the resource type, the cloud environment, the misconfiguration or deviation, and the severity level.
3. 3Click a finding to see the observed state, the expected state, and the relevant control it maps to.
4. 4Review the recommended action: remediate, accept as exception, or update the approved baseline.

How to remediate a cloud finding

1. 1From the finding detail, click Create Remediation Plan.
2. 2Nuxari proposes a corrective action based on the finding type, for example, removing public access from a storage account or deactivating an unused service principal.
3. 3Assign an approver. Cloud remediations require explicit authorization before execution.
4. 4After approval, Nuxari executes the corrective action through the connected cloud system's API.
5. 5An audit event is recorded capturing the finding, the approval, and the execution result.
6. 6The finding is re-evaluated in the next cycle to confirm the change was effective.

Importing cloud findings from external tools

If your team already uses an external security posture tool (such as Defender for Cloud, AWS Security Hub, or a CSPM platform), you can import findings in CSV or JSON format. Imported findings are enriched with your control mappings and flow through the same remediation and audit pipeline as natively detected findings. SeeIntegrations for the import format specification.