If you are running your apps in AWS, can you please advise on who in your AWS / Cloud team is accountable to documenting AWS Account Isolation Process in case of a Cyber Ransomware attack?  Is it your Information Security team, Network team or come other team?

Cloud
1k viewscircle icon2 Comments
Sort by:
Director of IT in Energy and Utilitiesa year ago

I agree with the above comment in that the cybersecurity team has policies, standards etc. that teams such as the AWS/Cloud team/COE need to ensure are part of the implemented solution.  In case of ransomware, I am guessing that such event would mean activation of the cyber incident response team and if the request comes to isolate, AWS team and any other team that is asked to isolate, needs to have a procedure on how to do that.  This procedure would be created by the AWS/Clout team/COE and kept up to date with cybersecurity team and potentially internal audit as well as cyber assessments reviewing it and providing feedback.

Mike

Lead Infrastructure Engineer in Finance (non-banking)a year ago

Your cloud security team should have a policy in place for all aspects of Cloud Security and Resiliency before moving anything to the cloud.  Policy first, standards second, and procedures next.  When developing your overall strategic plan for moving to the cloud remember that high availability does not equal recoverability. Make sure there are standards in place for all aspects of cloud security and resiliency including backing up cloud hosted data and code repositories.

Content you might like

Historically, we ran WSO2 and BizTalk, tightly integrated with most of our systems. Recently we’ve shifted to Google Cloud Platform and we already replaced WSO2 with Apigee as our API management layer. Now that BizTalk is approaching retirement, we want to replace it as well – but we’re trying to determine the best approach in a GCP-centric architecture. A few questions for the group: Can we leverage Apigee capabilities to cover most (or all) of BizTalk’s integration/orchestration responsibilities? Or would you strongly recommend adopting an iPaaS to replace BizTalk’s integration workflows? Has anyone successfully implemented an alternative approach on GCP (other than iPaaS) that worked well in practice? If you have gone through this migration, what direction and reference architecture would you recommend? I would be very interested in hearing what you have implemented and what has worked well (or not well) in the real world. Thanks in advance!

Will IT4IT help organisations to improve on IT's own business and create a right chain within IT?

Yes82%

No17%

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Digital transformation isn’t just about new tools, it’s about changing how teams work. Key lessons I’ve observed: 1. Start with process bottlenecks, not technology 2. Empower cross-functional teams 3. Measure outcomes, not outputs   What has been the most surprising lesson your teams have learned during a transformation?

Read More Comments

What’s been the best way to optimize spend?

Eliminate Redundancy29%

Re-negotiate with vendors / take advantage of incentives44%

Shut down / pause what has been inactive13%

Update legacy and leverage emerging / more financially advantageous tools13%

View Results