Policy as Code

ONUG Working Group


The ONUG Collaborative Policy as Code Working Group will bring together Enterprise Cloud Consumers, IT suppliers and Cloud Service Providers to meet the demands of risk mitigation via automated governance in the face of increasing challenges and complexity brought on by multicloud infrastructure in today’s enterprise technology platforms.

Policy as code formalizes business intent into code, creating intent-driven software that can be evaluated across multiple cloud providers and on-prem systems. Such code allows for enforcing policies across and within the infrastructure, providing appropriate compliance guidelines and guardrails. Policy as code is foundational to the design and delivery of an automated continuous control framework. Policy as code puts control directly in the hands of the business consumer versus the IT/Cloud Service Provider supplier.

If managing risk and automation in a multicloud world with policy as code is important to you and your organization, then we welcome you to participate in this working group

Sign up to participate
Policy as Code

What We’re Working On


"This newly formed ONUG Collaborative Working Group will focus on helping cloud consumers find solutions to effective risk governance"
Mark Tierney, CTO ONUG

The Working Group’s initial goal is to develop a Policy as Code vocabulary and framework as an effective means to implement controls to manage risk with automated governance within multi-cloud environments.


Beginning in July of 2022, this new Working Group will seek to identify the issues, challenges and areas of concern that will need to be addressed going forward. These include: 

    • What would constitute an effective set of guidelines for translating high-level business requirements around risk into specific policies?  
    • How might we ensure that those higher level policy articulations ramify through to lower-level architectures? 
    • What policy languages should one employ? Indeed, what should be the criteria for language selection? Or, do we need to define a new, common language?
    • Is a common, broad-based, multi-tiered “Policy as Code reference architecture” needed? 
    • How will the integrity, confidentiality, and availability of policies and policy state be verified?
    • How will policies be managed by identity authentication systems and domain-specific toolchains responsible for policy enforcement?
    • How can policy as code be used to reduce toil and improve transparency for second line functions?
    • Does the recent work of the CNCF in this area, namely their Open Policy Agent initiative, meet the needs of industry practitioners?
    • Once expressed in software, moreover, how does one proceed to manage the policy codebase so as to maintain consistency of intent and avoid the problems of “drift”? 
    • Wouldn’t Policy as Code playbooks serve a useful purpose as enterprises pursue new policy governance strategies?
Get the LATEST working-group specific news.

Policy as Code Reference Architecture


Creating more robust approaches to developing and enforcing policy governance begins with the development of a “well-defined Policy as Code framework,”as well as a “standard approach” to operationalizing Policy as Code – one where all terms are crisply defined – and with clear guardrails articulated.

The following image shows the Policy as Code space and ONUG’s suggested area of focus

Publications & Related Content


Working Group Members


Comprised of Cloud Service Providers, Suppliers and Cloud Consumers

Join ONUG Working Groups


Amplify your corporation’s voice/influence with other large corporations to ensure you receive the tools you need to drive successful digital transformation within your organization and throughout the industry at large.

The ONUG Collaborative provides a means for both IT executives and cloud vendors to engage and work together in a problem-solving atmosphere/culture to facilitate innovative approaches that speed cloud adoption for all companies regardless of where they are on their enterprise cloud journey. 

The Collaborative is represented by the largest cloud consumers as well as cloud providers enabling each of the Collaborative Working Groups to identify gaps and facilitate hybrid/multi-cloud solutions.

Join The Community Today