Explicit
Episode #97 Head in the Clouds
Jul 11, 2022 ·
1h 35m 4s
Download and listen anywhere
Download your favorite episodes and enjoy them, wherever you are! Sign up or log in now to access offline listening.
Description
"Why going to the cloud means more work for security not less, shared responsiblity is 100% your problem - Am I going to treat this like a green field, or...
show more
"Why going to the cloud means more work for security not less, shared responsiblity is 100% your problem
- Am I going to treat this like a green field, or the next dumpster to throw the data, systems, and stuff we can’t deal with in real life?
- What are my expectations? (planning, timing, longevity, migration, business, etc.)
- Will we use it as an enclave to simply separate developers from anything else, or vice-versa, OR will we take a stance and work with ALL the teams to build it out successfully?
- DOES my cloud governance align with the rest of my business and technology policies and goals?
- AM I willing to implement the recommendations that most cloud providers offer TO make things safer and more secure?
- Can I manage the audit and compliance of a new world, and HOW will I integrate it?
- Speaking of integration, WILL my business and technology actually function IN/WITH the cloud?
- The cloud is MUCH more than someone else’s computers OR a spare data centre, but it still has to live somewhere, so WHERE does it live, and HOW do you get to it?
- Where’s YOUR staff, how do they talk with the cloud, what controls, management, etc.
- How much control will I have over my data in YOUR cloud?
- Who’s got access TO my little slice of the cloud, hardware, system, bare metal, data, etc.
- How do I (OR who’s going to) monitor YOUR cloud infrastructure, and MY systems for access, etc.
- And if it’s on your side, do I get to see the logs
- What’s the charges FOR monitoring
- SLA’s etc?
- Who’s managing the encryption for my data, if it’s YOU then where’s my key’s if it’s me what help etc.
- I don’t want to catch cooties from YOUR other clients, how to you maintain separation/segmentation?
- What options exist to backup my data, my configs, and what happens if YOUR systems go down?
- What areas of the technology, services, systems, and environments fall into shared responsibilities?
- Who has to deal with what when it goes wrong
- Who get’s to point fingers, and who has to fix things (AND what timeframe, etc.)
- ALL my data belongs to YOU… what happens about uptime, distribution, redundancy, AND company stability.
- Technology roadmap in here too
- What dependencies, partnerships, and vendors do THEY rely upon?
- Let’s talk security, compliance, regulatory stance, etc. What do you have, AND how do you maintain it?
- When we fall OUT of love, what happens, how do I migrate, what options are out there (and costs, etc.)"
show less
- Am I going to treat this like a green field, or the next dumpster to throw the data, systems, and stuff we can’t deal with in real life?
- What are my expectations? (planning, timing, longevity, migration, business, etc.)
- Will we use it as an enclave to simply separate developers from anything else, or vice-versa, OR will we take a stance and work with ALL the teams to build it out successfully?
- DOES my cloud governance align with the rest of my business and technology policies and goals?
- AM I willing to implement the recommendations that most cloud providers offer TO make things safer and more secure?
- Can I manage the audit and compliance of a new world, and HOW will I integrate it?
- Speaking of integration, WILL my business and technology actually function IN/WITH the cloud?
- The cloud is MUCH more than someone else’s computers OR a spare data centre, but it still has to live somewhere, so WHERE does it live, and HOW do you get to it?
- Where’s YOUR staff, how do they talk with the cloud, what controls, management, etc.
- How much control will I have over my data in YOUR cloud?
- Who’s got access TO my little slice of the cloud, hardware, system, bare metal, data, etc.
- How do I (OR who’s going to) monitor YOUR cloud infrastructure, and MY systems for access, etc.
- And if it’s on your side, do I get to see the logs
- What’s the charges FOR monitoring
- SLA’s etc?
- Who’s managing the encryption for my data, if it’s YOU then where’s my key’s if it’s me what help etc.
- I don’t want to catch cooties from YOUR other clients, how to you maintain separation/segmentation?
- What options exist to backup my data, my configs, and what happens if YOUR systems go down?
- What areas of the technology, services, systems, and environments fall into shared responsibilities?
- Who has to deal with what when it goes wrong
- Who get’s to point fingers, and who has to fix things (AND what timeframe, etc.)
- ALL my data belongs to YOU… what happens about uptime, distribution, redundancy, AND company stability.
- Technology roadmap in here too
- What dependencies, partnerships, and vendors do THEY rely upon?
- Let’s talk security, compliance, regulatory stance, etc. What do you have, AND how do you maintain it?
- When we fall OUT of love, what happens, how do I migrate, what options are out there (and costs, etc.)"
Information
| Author | The InfoSec Mission |
| Organization | InfoSec Missionaries |
| Website | - |
| Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
