With the General Data Protection Regulation (GDPR) set to go live this Friday, we thought we’d focus this week’s DevOps news in review on using the cloud to help ensure compliance. If you aren’t already familiar with the upcoming GDPR, you should be. While it’s an EU regulation, it serves to protect the personal data of all EU citizens. As such, if you control or process data of EU citizens, the rule applies to you, squarely setting responsibility for protection of that data on your shoulders. It's noteworthy that fines are hefty for the regulation, reaching up to 20 Million Euro or 4% of annual turnover.
This week AWS shared clarification around the AWS Shared Responsibility Model and how it is impacted by GDPR. The GDPR delineates specific regulations and responsibilities for data controllers and processors. AWS customers using its services to process personal data are typically the controller and AWS notes that in these cases, AWS is always the data processor. As the processor, “AWS is responsible for protecting the global infrastructure that runs all of our services. Controllers using AWS maintain control over data hosted on this infrastructure, including the security configuration controls for handling end-user content and personal data.”
If you are familiar with AWS’ shared responsibility model, this approach will sound familiar. Capacity Media reports that AWS became fully GDPR compliant in March. Ian Massingham, chief EMEA evangelist at AWS says in their reporting that this "underscores that it’s simpler and easier for customers to reach the right level of security and compliance in the cloud than it is with traditional models." Read AWS’ blog on additional tips on Amazon GDPR compliance.
AWS Security by Design
Relatedly, SDTimes this week highlighted the impact of GDPR to developers. That is, “apps from now on should be built with data protection by design. What this essentially means is that, while until now the decision concerning the level of security of an app or service was left in the hands of the company or the development team building it, under the GDPR, it will be mandatory for security features protecting data to be included into the design, from the first stages of the development process.”
The Flux7 DevOps team are rabid fans of Security by Design, building security features like security rules, processes and controls into the system from the beginning. With security an inherent part of the system, organizations are able to effectively balance security and agility.
Enhanced IT Productivity
In separate news, our DevOps services team liked the announcement from GitHub this week; they revealed several new features to their Slack integration, including the ability to take action on pull requests, issues, and more from within Slack channels. Your team can now turn Slack conversations into next steps on GitHub with slash commands, private previews, and more. The Flux7 DevOps team particularly likes that they can now create issues from within Slack itself, further streamlining processes and enhancing their productivity.
We’d like to invite you to two events if you are in the Dallas or Austin areas:
- Join us Thursday, May 24th in Dallas, TX for an AWS DevOps Springboard workshop in which Flux7, AWS and a leading US airline will share how to remove barriers and optimize IT processes to accelerate innovation. Specifically, we will share the story of how this carrier applied DevOps strategy and tactics for IT modernization, followed by hands-on lab activities that demonstrate these strategies in action. Learn more or RSVP here.
- Join us Wednesday, June 13th in Austin, TX as Flux7 hosts a dynamic discussion with HashiCorp Solutions Engineer Sean Carolan, who will share how to use Vault to reduce risk, gain visibility, and secure your data. Learn more or RSVP here.
DevOps Adoption Series
In case you missed it, the AWS consulting team is in the midst of a DevOps blog series on DevOps adoption,starting with a discussion of what motivates organizations to begin an IT modernization project. Last week we featured Seven Lessons for a Successful DevOps Pilot. Subscribe to our DevOps blog to make sure you get the whole series.