Episode 48: Nobody Gets Rid of Anything, Including Data

Episode Summary

Companies can find working in the Cloud quite complicated. However, it’s a lot easier than it used to be, especially when trying to comply with regulations. That’s because Cloud providers have evolved and now offer more out-of-the-box services that focus on regulation requirements and compliance. Today, we’re talking to Elliot Murphy. He’s the founder of Kindly Ops, which provides consulting advice to companies dealing with regulated workloads in the Cloud. Some of the highlights of the show include: Technical controls are easier, but requirements are stricter Risk Analysis: Putting locks on things to thinking about risks to customers Building governance and controls; making data available and removable Secondary Losses: Scrub services to make scope and magnitude of loss smaller Computing became ubiquitous and affordable; people started collecting data to utilize later - nobody gets rid of anything General Data Protection Regulation (GDPR) set of regulations apply to marketing technology stacks to manage systems Empathy building exercise and security culture diagnostic help companies understand compliance obligations Security Culture: Beliefs and assumptions that drive decisions and actions Evolution of understanding with public Cloud’s security and availability Raise the bar and shift mindset from pure prevention to early detection/ mitigation; follow FAIR (factor analysis of information risk) Links: Kindly Ops Amazon Web Services (AWS) Microsoft Azure Relational Database Service (RDS) Google Cloud Platform (GCP) Nist Cybersecurity Framework GDPR Day People-Centric Security by Lance Hayden Stripe Society of Information Risk Analysts (SIRA) DigitalOcean

Episode Show Notes & Transcript

Companies can find working in the Cloud quite complicated. However, it’s a lot easier than it used to be, especially when trying to comply with regulations. That’s because Cloud providers have evolved and now offer more out-of-the-box services that focus on regulation requirements and compliance.

Today, we’re talking to Elliot Murphy. He’s the founder of Kindly Ops, which provides consulting advice to companies dealing with regulated workloads in the Cloud.

Some of the highlights of the show include:

  • Technical controls are easier, but requirements are stricter
  • Risk Analysis: Putting locks on things to thinking about risks to customers
  • Building governance and controls; making data available and removable
  • Secondary Losses: Scrub services to make scope and magnitude of loss smaller
  • Computing became ubiquitous and affordable; people started collecting data to utilize later - nobody gets rid of anything
  • General Data Protection Regulation (GDPR) set of regulations apply to marketing technology stacks to manage systems
  • Empathy building exercise and security culture diagnostic help companies understand compliance obligations
  • Security Culture: Beliefs and assumptions that drive decisions and actions
  • Evolution of understanding with public Cloud’s security and availability
  • Raise the bar and shift mindset from pure prevention to early detection/ mitigation; follow FAIR (factor analysis of information risk)

Links:

.
Newsletter Footer

Get the Newsletter

Reach over 30,000 discerning engineers, managers, enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor an Episode

Get your message in front of people who care enough to keep current about the cloud phenomenon and its business impacts.