> Compliance isn't that hard once you stop looking for shortcuts and start spending time doing it correctly.
replyTrying to understand how someone can have this perspective when it’s usually someone’s full time salaried job in a lot of companies.
A lot of that comes down to the costs associated with not being compliant and/or the requirements of existing contracts/insurance policies, where having dedicated FTEs to compliance is a requirement. Compliance might not be hard for the person/people managing the program, however it might seem difficult or complex to the FTEs that have to build to those standards if they do not have a security or governance background.
replyI assume they mean "getting a SOC2 report", which is the part that Delve attempts to automate. The maintenance of controls, adoption of new policy as the company evolves, etc, is what someone will do in the full time role and that Delve et al would do nothing to assist with.
replyMaybe they meant "Not hard != quickly done". I don't think many people think bureaucracy is especially difficult. It's just time consuming.
replyBut frankly if they meant that, the statement doesn't really say anything at all. Because what in this world is hard if you stop taking shortcuts and spend time doing it correctly?
I think that goes for any major cloud provider, not only AWS. But nothing is free, you pay a hefty premium to get this (compared to plain infra providers like Hetzner for example).
reply