Summary: Companies can find working in the Cloud quite complicated. However, it’s a lot easier than it used to be, especially when trying to comply with regulations. That’s because Cloud providers have evolved and now offer more out-of-the-box services that focus on regulation requirements and compliance. Today, we’re talking to Elliot Murphy. He’s the founder of Kindly Ops, which provides consulting advice to companies dealing with regulated workloads in the Cloud. Some of the highlights of the show include: Technical controls are easier, but requirements are stricter Risk Analysis: Putting locks on things to thinking about risks to customers Building governance and controls; making data available and removable Secondary Losses: Scrub services to make scope and magnitude of loss smaller Computing became ubiquitous and affordable; people started collecting data to utilize later - nobody gets rid of anything General Data Protection Regulation (GDPR) set of regulations apply to marketing technology stacks to manage systems Empathy building exercise and security culture diagnostic help companies understand compliance obligations Security Culture: Beliefs and assumptions that drive decisions and actions Evolution of understanding with public Cloud’s security and availability Raise the bar and shift mindset from pure prevention to early detection/ mitigation; follow FAIR (factor analysis of information risk) Links: Kindly Ops Amazon Web Services (AWS) Microsoft Azure Relational Database Service (RDS) Google Cloud Platform (GCP) Nist Cybersecurity Framework GDPR Day People-Centric Security by Lance Hayden Stripe Society of Information Risk Analysts (SIRA) DigitalOcean
