Cloud adoption in enterprises, and regulated industries like financial services, brings about stringent requirements around security and compliance. Most regulated applications must demonstrate compliance against multiple standards, and across all the technologies they are spread over hybrid cloud- public cloud, private cloud and on-premise. This talk we will discuss an effective framework and approach based on NIST 800-53 controls, and technical implementations. It outlines a standardized and practical approach  to achieve continuous compliance for hybrid cloud - where controls can be mapped to prescriptive implementations across the technology stack across hybrid cloud deployments, consistently verify and ensure that the right configurations and control implementations are in place, and continuously monitoring them in the dynamic cloud environment.