| ▲ | belorn 2 hours ago | ||||||||||||||||
Listened to a story about a fairly large company that switched to cloud and then back to on-premise. When they went cloud they quickly found out that they needed employees to manage the cloud infrastructure. The employee costs were similar for both setup. Compliance and security testing does not go away just because you use cloud. The steps and questions will be different, but regulations like NIS and GDPR have extensive requirements regardless if you implement it yourself or buy it from an external supplier. I would also not recommend to go with a single cloud solution with no backup solution and overall redundancy, unless a $5 voucher is good enough compensation for the service being down a whole day. The general recommendation after the latest waves of outages was for cloud users to use multiple cloud providers and multiple backup solution. It is just like how on-premise solutions need off-premise backups. | |||||||||||||||||
| ▲ | 9dev 44 minutes ago | parent [-] | ||||||||||||||||
> Compliance and security testing does not go away just because you use cloud. The steps and questions will be different, but regulations like NIS and GDPR have extensive requirements regardless if you implement it yourself or buy it from an external supplier. That’s a bit disingenuous. If I don’t operate a physical server rack, I also do not need to take care of physical access control, fire suppression policies, camera monitoring, key handling, and a wide range of other measures I would be otherwise obliged to take care of under GDPR. You can absolutely outsource classes of problems. What’s true is that that doesn’t lift the responsibility from you to check your cloud provider fulfils these obligations, but that’s very different from having to fulfil them yourself. | |||||||||||||||||
| |||||||||||||||||