Jinesh just echoed some thoughts I've been incubating regarding security and risk: GRC/security boils down to risk tolerance. If you have a high tolerance to risk, then there is no problem using AWS; if you have low tolerance to risk, involve your security team early and often and make them a part of the decision making process.
Comment from the audience: "My legal wants to redline the AWS contract but I don't think Amazon would go for that." According to Jinesh, Amazon has a legal team that is available to address legal concerns. I will have to look into this given the work that the team at QMUL did on cloud based services contracts.
No comments:
Post a Comment