CloudEXPO 2019

Risk Management When Migrating into a Public Cloud Provider

As more and more companies embrace the Cloud, many are restricted by pre-cloud policies and requirements; especially when dealing with sensitive data such as PCI, PHI, SPI/PII etc. This makes it hard or not cost effective to enable the migration to the Cloud. With the challenges of a dynamic competition, many are forced to adapt to the Cloud and end up spending excessive operational dollars or compromising on critical components and limiting their effectiveness in leveraging native Cloud services. In this talk we will walk through some of the patterns to consider when moving to the Cloud specifically from a compliance and regulatory requirements perspective. The agenda will cover topics such as:

• Building a Business Case
• Classifying the requirements (Business, Customer, Industry, Data Sovereignty)
• Lift and Ship vs building for the Cloud
• Baking in a Time Factor for setting expectations
• Managing Security, Usability and Cost
• Building re-usable Architecture patterns
• Lessons learnt from the constantly evolving landscape of AWS
• Thoughts on meeting Compliance requirements and passing an Audit