Episode 48: Nobody Gets Rid of Anything, Including Data
About the Author
Corey is the Chief Cloud Economist at The Duckbill Group, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.
Episode Summary
Companies can find working in the Cloud quite complicated. However, it’s a lot easier than it used to be, especially when trying to comply with regulations. That’s because Cloud providers have evolved and now offer more out-of-the-box services that focus on regulation requirements and compliance.
Today, we’re talking to Elliot Murphy. He’s the founder of Kindly Ops, which provides consulting advice to companies dealing with regulated workloads in the Cloud.
Some of the highlights of the show include:
Technical controls are easier, but requirements are stricter
Risk Analysis: Putting locks on things to thinking about risks to customers
Building governance and controls; making data available and removable
Secondary Losses: Scrub services to make scope and magnitude of loss smaller
Computing became ubiquitous and affordable; people started collecting data to utilize later - nobody gets rid of anything
General Data Protection Regulation (GDPR) set of regulations apply to marketing technology stacks to manage systems
Empathy building exercise and security culture diagnostic help companies understand compliance obligations
Security Culture: Beliefs and assumptions that drive decisions and actions
Evolution of understanding with public Cloud’s security and availability
Raise the bar and shift mindset from pure prevention to early detection/ mitigation; follow FAIR (factor analysis of information risk)
Links:
Kindly Ops
Amazon Web Services (AWS)
Microsoft Azure
Relational Database Service (RDS)
Google Cloud Platform (GCP)
Nist Cybersecurity Framework
GDPR Day
People-Centric Security by Lance Hayden
Stripe
Society of Information Risk Analysts (SIRA)
DigitalOcean
Episode Show Notes & Transcript
Companies can find working in the Cloud quite complicated. However, it’s a lot easier than it used to be, especially when trying to comply with regulations. That’s because Cloud providers have evolved and now offer more out-of-the-box services that focus on regulation requirements and compliance.
Today, we’re talking to Elliot Murphy. He’s the founder of Kindly Ops, which provides consulting advice to companies dealing with regulated workloads in the Cloud.
Some of the highlights of the show include:
Technical controls are easier, but requirements are stricter
Risk Analysis: Putting locks on things to thinking about risks to customers
Building governance and controls; making data available and removable
Secondary Losses: Scrub services to make scope and magnitude of loss smaller
Computing became ubiquitous and affordable; people started collecting data to utilize later - nobody gets rid of anything
General Data Protection Regulation (GDPR) set of regulations apply to marketing technology stacks to manage systems
Empathy building exercise and security culture diagnostic help companies understand compliance obligations
Security Culture: Beliefs and assumptions that drive decisions and actions
Evolution of understanding with public Cloud’s security and availability
Raise the bar and shift mindset from pure prevention to early detection/ mitigation; follow FAIR (factor analysis of information risk)