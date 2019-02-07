|By Liz McMillan
Risk Management When Migrating into a Public Cloud Provider
As more and more companies embrace the Cloud, many are restricted by pre-cloud policies and requirements; especially when dealing with sensitive data such as PCI, PHI, SPI/PII etc. This makes it hard or not cost effective to enable the migration to the Cloud. With the challenges of a dynamic competition, many are forced to adapt to the Cloud and end up spending excessive operational dollars or compromising on critical components and limiting their effectiveness in leveraging native Cloud services. In this talk we will walk through some of the patterns to consider when moving to the Cloud specifically from a compliance and regulatory requirements perspective. The agenda will cover topics such as:
- Building a Business Case
- Classifying the requirements (Business, Customer, Industry, Data Sovereignty)
- Lift and Ship vs building for the Cloud
- Baking in a Time Factor for setting expectations
- Managing Security, Usability and Cost
- Building re-usable Architecture patterns
- Lessons learnt from the constantly evolving landscape of AWS
- Thoughts on meeting Compliance requirements and passing an Audit
Speaker Bio:
As a Cloud Security Architect working in the Enterprise Architecture team at Asurion, Jabez is passionate about cloud computing. He thrives on solving problems when leveraging native cloud services for building secure and supportable solutions. At Asurion, he helps in defining the strategies, roadmaps and solutions to embrace the value of the public cloud as well as ensure the protection of Asurion infrastructure, applications and data for Cloud Native, Hybrid and inter-cloud deployments. He has spent extensive amount of time working through the various aspects of adoption while embracing a #Cloudbydefault approach. Jabez also leads organizational transformation in Cloud and Security Domains specifically in AWS.
Serverless Architecture Security Patterns
Serveless Architectures brings the ability to independently scale, deploy and heal based on workloads and move away from monolithic designs. From the front-end, middle-ware and back-end layers, serverless workloads potentially have a larger security risk surface due to the many moving pieces. This talk will focus on key areas to consider for securing end to end, from dev to prod. We will discuss patterns for end to end TLS, session management, scaling to absorb attacks and mitigation techniques.
