This document provides guidance on GDPR and BaFin compliance for organizations considering moving work management tools to Atlassian Cloud. It outlines key GDPR goals and requirements, such as data protection and user consent. It also discusses BaFin guidance for outsourcing to cloud services. The document reviews Atlassian Cloud's compliance measures, including data processing agreements and data residency controls. It notes some additional assessment areas and documents organizations should reference. Overall, the document indicates GDPR and BaFin compliance is achievable for most use cases when utilizing Atlassian Cloud's default security and privacy controls.
DevSecOps is a word that combines development, security, and operations. DevSecOps deals with software development, operations, security, and services. It emphasizes communication, collaboration, and integration between software developers, security teams, and information technology operations personnel.
In this session, you will learn how to integrate security techniques into the DevOps process.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/mi8Zo9O6OUY
TechTalkThai Conference: Enterprise Cybersecurity 2021
October 5, 2021
As engineers we spend much of our time getting stuff to production and making sure our infrastructure doesn’t burn down out right. We however spend very little time learning to understand and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
Plenty of people are jumping on the new hype, Observability, lots of them are replacing their “legacy” monitoring stack. Not all of them achieve the goals they set. But observability is not a tool — it is a property of a system. Moving from many small black boxes to a more holistic view of your system.
In this talk we ll talk about how to prepare teams to tweak their testing and monitoring setup and work instructions to quickly observe, react to and resolve problems. We look at improving your monitoring by adapting your culture and then maybe your tooling. Where we as engineers not only write, maintain and operate our software platforms but actively pursue ways to learn and predict its (non-functional) behavior.
Furthermore we ll discuss the need for and the options of not only monitoring our platforms and it's envitable outages, but also their (potential) length and impact. We ll look at tools like at using Service Level Objects for ways to prepare teams to tweak their testing and monitoring setup and runbooks to quickly observe, react to and resolve problems.
How Apache Spark and Apache Hadoop are being used to keep banking regulators ...DataWorks Summit
The global financial crisis showed that traditional IT systems at banks were ill equiped to monitor and manage the daily-changing risk landscape during the global financial crisis. The sheer amount of data that needed to be crunched meant that many of the banks were day(s) behind in calculating, understanding and reporting their risk positions. Post crisis, a review by banking regulator, led the regulators to introduce a new legislation BCBS 239: Principles for effective risk data aggregation and reporting, that requires banks to meet more stringent (timeliness) requirement, in their ability to aggregate and report on their quickly-changing risk positions or risk fines to the tune of $millions. To meet these new requirements, banks have been forced to re-think their traditional IT architectures, which are unable to cope with sheer volume of risk data, and are instead turning to Apache Hadoop and Apache Spark to build out next generation of risk systems. In this talk you will discover, how some of the leading banks in the world are leveraging Apache Hadoop and Apache Spark to meet BCBS 239 regulation.
Speaker
Kunal Taneja
DevSecOps is a word that combines development, security, and operations. DevSecOps deals with software development, operations, security, and services. It emphasizes communication, collaboration, and integration between software developers, security teams, and information technology operations personnel.
In this session, you will learn how to integrate security techniques into the DevOps process.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/mi8Zo9O6OUY
TechTalkThai Conference: Enterprise Cybersecurity 2021
October 5, 2021
As engineers we spend much of our time getting stuff to production and making sure our infrastructure doesn’t burn down out right. We however spend very little time learning to understand and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably.
Plenty of people are jumping on the new hype, Observability, lots of them are replacing their “legacy” monitoring stack. Not all of them achieve the goals they set. But observability is not a tool — it is a property of a system. Moving from many small black boxes to a more holistic view of your system.
In this talk we ll talk about how to prepare teams to tweak their testing and monitoring setup and work instructions to quickly observe, react to and resolve problems. We look at improving your monitoring by adapting your culture and then maybe your tooling. Where we as engineers not only write, maintain and operate our software platforms but actively pursue ways to learn and predict its (non-functional) behavior.
Furthermore we ll discuss the need for and the options of not only monitoring our platforms and it's envitable outages, but also their (potential) length and impact. We ll look at tools like at using Service Level Objects for ways to prepare teams to tweak their testing and monitoring setup and runbooks to quickly observe, react to and resolve problems.
How Apache Spark and Apache Hadoop are being used to keep banking regulators ...DataWorks Summit
The global financial crisis showed that traditional IT systems at banks were ill equiped to monitor and manage the daily-changing risk landscape during the global financial crisis. The sheer amount of data that needed to be crunched meant that many of the banks were day(s) behind in calculating, understanding and reporting their risk positions. Post crisis, a review by banking regulator, led the regulators to introduce a new legislation BCBS 239: Principles for effective risk data aggregation and reporting, that requires banks to meet more stringent (timeliness) requirement, in their ability to aggregate and report on their quickly-changing risk positions or risk fines to the tune of $millions. To meet these new requirements, banks have been forced to re-think their traditional IT architectures, which are unable to cope with sheer volume of risk data, and are instead turning to Apache Hadoop and Apache Spark to build out next generation of risk systems. In this talk you will discover, how some of the leading banks in the world are leveraging Apache Hadoop and Apache Spark to meet BCBS 239 regulation.
Speaker
Kunal Taneja
NGINX, Istio, and the Move to Microservices and Service MeshNGINX, Inc.
On-demand recording: https://www.nginx.com/resources/webinars/istio-move-to-microservices-service-mesh/
About the webinar
NGINX is widely known, used, and trusted for a variety of purposes. NGINX works as a reliable, high-performance web server, reverse proxy server, and load balancer. NGINX is also a widely used microservices hub, an Ingress controller for Kubernetes, and a sidecar proxy in the Istio service mesh.
In this webinar, we’ll describe the move to microservices, the crucial role that NGINX has already played, and a range of architectural options that organizations have for their microservices apps, including three progressively complex models in the NGINX Microservices Reference Architecture. We’ll then introduce the emergence of Kubernetes as a container orchestration framework, the use of service mesh architectures, and the design of Istio. We’ll finish by showing how NGINX Open Source and NGINX Plus can be used as the sidecar proxy in an Istio service mesh, bringing greater reliability and capability to your service mesh application.
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
You may not think of "GitOps" and "service mesh" together – but maybe you should! These two wildly different technologies are each enormously capable independently, and combined they deliver far more than the sum of their parts: a single Git commit can control workflows customized for your exact situation by taking advantage of the service mesh's ability to measure and manipulate traffic anywhere in your application's call graph, and you can rest easy knowing that Git is preserving the complete configuration for your entire application every step of the way.
See how these technologies can work together to tackle complex problems in cloud-native applications.
What you’ll get out of this:
* Understand what GitOps and service meshes can - and can't - do for you.
* Understand basic operations with GitOps and Linkerd.
* Understand the basics of continuous deployment with Weave GitOps and Linkerd.
Combining logs, metrics, and traces for unified observabilityElasticsearch
Learn how Elasticsearch efficiently combines data in a single store and how Kibana is used to analyze it. Plus, see how recent developments help identify, troubleshoot, and resolve operational issues faster.
Do microservices dream about CQRS-ES, Kafka Stream and BPMN ? - Voxxed micros...Cedric Vidal
Like many other software vendors Quicksign has chosen to migrate its SAAS platform from an on-premise monolith to a microservices platform in the Cloud.
Using a modern tech stack including Kafka, Kubernetes, the Camunda BPMN engine and some in-house development we have built a Kappa CQRS-ES multi-tenant platform able to execute BPMN workflows that can discover and consume any microservice registered in a Kubernetes backed extended registry that allows content type and protocol negotiation.
Our platform leverages Kafka Streams to dynamically generate from a reactive stream of workflow events a bespoke REST-API (HATEOAS) representation so as to ease our customers’ integration effort and allow fast iterations.
We propose to briefly introduce the audience to BPMN and then expose the rationale that led us to build this architecture, its advantages in terms of agility and scalability.
DevOps and security. There's still no standard or even agreed-upon name, but two things are clear: DevOps is here to stay and security must be speeding up to keep pace with the speed of business, so DevSecOps.
Creative Branching Models for Multiple Release StreamsAtlassian
Nuance Communications is making the move from SVN to Git! Why? To take advantage of its strong branching and merging capabilities... and to keep their developers happy. With wild variations between each product's release model, they have multiple releases of one or more components in play at a given time. So they had to get creative with a branching model. This talk will discuss choosing the right Git branching model for each of your release streams, and managing multiple releases using Bitbucket (including Stash), JIRA, Bamboo, and Maven.
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Snyk Intro - Developer Security Essentials 2022Liran Tal
Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.
The Rise of Data in Motion in the Healthcare Industry - Use Cases, Architectures and Examples powered by Apache Kafka.
Use Cases for Data in Motion in the Healthcare Industry:
- Know Your Patient (= “Customer 360”)
- Operations (Healthcare 4.0 including Drug R&D, Patient Care, etc.)
- IT Perspective (Cybersecurity, Mainframe Offload, Hybrid Cloud, Streaming ETL, etc)
Real-world examples include Covid-19 Electronic Lab Reporting, Cerner, Optum, Centene, Humana, Invitae, Bayer, Celmatix, Care.com.
LINE DEVELOPER DAY 2017 A-6
"I will provide the latest information on the HBase engineering going on in the LINE messaging service.
I will also be discussing case studies such as on how we upgraded from HBase 0.90.6 to 1.2.5 without any interruption in service and how we have utilized new HBase features."
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Feature toggling is a multi-purpose technique for easily turning features on and off. I will describe the concept, different types of feature toggles, some best practices, and give some examples of how Visma currently uses feature toggling.
NGINX, Istio, and the Move to Microservices and Service MeshNGINX, Inc.
On-demand recording: https://www.nginx.com/resources/webinars/istio-move-to-microservices-service-mesh/
About the webinar
NGINX is widely known, used, and trusted for a variety of purposes. NGINX works as a reliable, high-performance web server, reverse proxy server, and load balancer. NGINX is also a widely used microservices hub, an Ingress controller for Kubernetes, and a sidecar proxy in the Istio service mesh.
In this webinar, we’ll describe the move to microservices, the crucial role that NGINX has already played, and a range of architectural options that organizations have for their microservices apps, including three progressively complex models in the NGINX Microservices Reference Architecture. We’ll then introduce the emergence of Kubernetes as a container orchestration framework, the use of service mesh architectures, and the design of Istio. We’ll finish by showing how NGINX Open Source and NGINX Plus can be used as the sidecar proxy in an Istio service mesh, bringing greater reliability and capability to your service mesh application.
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
You may not think of "GitOps" and "service mesh" together – but maybe you should! These two wildly different technologies are each enormously capable independently, and combined they deliver far more than the sum of their parts: a single Git commit can control workflows customized for your exact situation by taking advantage of the service mesh's ability to measure and manipulate traffic anywhere in your application's call graph, and you can rest easy knowing that Git is preserving the complete configuration for your entire application every step of the way.
See how these technologies can work together to tackle complex problems in cloud-native applications.
What you’ll get out of this:
* Understand what GitOps and service meshes can - and can't - do for you.
* Understand basic operations with GitOps and Linkerd.
* Understand the basics of continuous deployment with Weave GitOps and Linkerd.
Combining logs, metrics, and traces for unified observabilityElasticsearch
Learn how Elasticsearch efficiently combines data in a single store and how Kibana is used to analyze it. Plus, see how recent developments help identify, troubleshoot, and resolve operational issues faster.
Do microservices dream about CQRS-ES, Kafka Stream and BPMN ? - Voxxed micros...Cedric Vidal
Like many other software vendors Quicksign has chosen to migrate its SAAS platform from an on-premise monolith to a microservices platform in the Cloud.
Using a modern tech stack including Kafka, Kubernetes, the Camunda BPMN engine and some in-house development we have built a Kappa CQRS-ES multi-tenant platform able to execute BPMN workflows that can discover and consume any microservice registered in a Kubernetes backed extended registry that allows content type and protocol negotiation.
Our platform leverages Kafka Streams to dynamically generate from a reactive stream of workflow events a bespoke REST-API (HATEOAS) representation so as to ease our customers’ integration effort and allow fast iterations.
We propose to briefly introduce the audience to BPMN and then expose the rationale that led us to build this architecture, its advantages in terms of agility and scalability.
DevOps and security. There's still no standard or even agreed-upon name, but two things are clear: DevOps is here to stay and security must be speeding up to keep pace with the speed of business, so DevSecOps.
Creative Branching Models for Multiple Release StreamsAtlassian
Nuance Communications is making the move from SVN to Git! Why? To take advantage of its strong branching and merging capabilities... and to keep their developers happy. With wild variations between each product's release model, they have multiple releases of one or more components in play at a given time. So they had to get creative with a branching model. This talk will discuss choosing the right Git branching model for each of your release streams, and managing multiple releases using Bitbucket (including Stash), JIRA, Bamboo, and Maven.
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Snyk Intro - Developer Security Essentials 2022Liran Tal
Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.
The Rise of Data in Motion in the Healthcare Industry - Use Cases, Architectures and Examples powered by Apache Kafka.
Use Cases for Data in Motion in the Healthcare Industry:
- Know Your Patient (= “Customer 360”)
- Operations (Healthcare 4.0 including Drug R&D, Patient Care, etc.)
- IT Perspective (Cybersecurity, Mainframe Offload, Hybrid Cloud, Streaming ETL, etc)
Real-world examples include Covid-19 Electronic Lab Reporting, Cerner, Optum, Centene, Humana, Invitae, Bayer, Celmatix, Care.com.
LINE DEVELOPER DAY 2017 A-6
"I will provide the latest information on the HBase engineering going on in the LINE messaging service.
I will also be discussing case studies such as on how we upgraded from HBase 0.90.6 to 1.2.5 without any interruption in service and how we have utilized new HBase features."
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Feature toggling is a multi-purpose technique for easily turning features on and off. I will describe the concept, different types of feature toggles, some best practices, and give some examples of how Visma currently uses feature toggling.
Digital transformations require a new hybrid cloud—one that’s open by design, and frees clients to choose and change environments, data and services as needed. This approach allows cloud apps and services to be rapidly composed using the best relevant data and insights available, while maintaining clear visibility, control and security—everywhere. How do you decide where to put data on a hybrid cloud and how to use it? What’s the best hybrid cloud strategy in terms of data and workload? How should you leverage a 50/50 rule or a 80/20 rule and user interaction to evaluate which data/workload to move to the cloud and which data/workload to keep on-premise? Hybrid cloud provides an open platform for innovation, including cognitive computing. Organizations are looking for taking shadow IT out of the shadows by providing a self-service way to the information and a hybrid cloud strategy is allowing that. Also, how to use hybrid cloud for better manage data sovereignty & compliance?
The question of whether to transition enterprise applications to the cloud is a valid question in most organizations. Determining which applications should go and how to maintain control once they are there, however, is slowing down the journey to the cloud.
These slides - based on the webinar hosted by leading IT analyst firm Enterprise Management Associates (EMA) - cover how you can avoid the common mistakes and reduce risk in the transformation to cloud.
Security & Compliance are very important for most businesses. Learn how AWS enables you to securely use the cloud for you most vital business applications and how you can ensure that you are compliant with a large set of security standards and government regulations like GDPR.
Eliminating the Multi-Cloud Noise with Razor Technology and OpsRampOpsRamp
Razor Technology's vision is "to reinvent what it means to be an IT solutions provider through best-in-class technology, industry-leading expertise, and long-term partnerships built on mutual trust with our customers." They have a broad set of solutions, from Digital Transformation to Managed Cloud Services. In this Tech Talk, Ryan Rosenkaimer, Director of Operations at Razor Technology, will join us to discuss their managed services solutions and how OpsRamp delivers a single pane of glass to their customers. OpsRamp solution architect Michael Del Castillo will also join the discussion and demonstrate the multi-cloud monitoring, alert correlation and AIOps solution.
Watch the recording: https://www.brighttalk.com/webcast/17791/425246
Learn more at https://www.opsramp.com
Also, follow us on social media channels to learn about product highlights, news, announcements, events, conferences and more:
Twitter - https://www.twitter.com/OpsRamp
LinkedIn - https://www.linkedin.com/company/opsramp
Facebook - https://www.facebook.com/OpsRampHQ/
Digital Transformation: Empowering People to Adapt to the CloudAmazon Web Services
A successful cloud-transformation journey incorporates three pillars: people, process, and technology. Too often, organizations focus on process improvements and technology implementation, but ignore the human aspect. Many leaders acknowledge that the first two are easy to modify, while influencing culture is more difficult. This session covers best-practice methods for empowering customers to address this challenge. Learn about roles and responsibilities germane to the transition and post-cloud adoption phase. Assess your organization’s gaps among the requisite skills and competencies. Build effective training models, and encourage an adaptive culture.
Ray Hession, Federal Government, Amazon Web Services
Giovanni Pizzoferrato, Director, Cloud & Big Data Technology, Canada Pension Plan Investment Board
*This session will be delivered in English and French
*Cette session sera livré en anglais et en français
Tableau reseller partner in Albania Bilytica Best business Intelligence compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Bahrain Bilytica Best business Intelligence Compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Algeria Bilytica Best business Intelligence compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Afghanistan Bilytica Best business Intelligence c...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Australia Bilytica Best business Intelligence com...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Bhutan Bilytica Best business Intelligence Compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Belarus Bilytica Best business Intelligence Compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Belgium Bilytica Best business Intelligence Comp...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Armenia Bilytica Best business Intelligence comp...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Tableau reseller partner in Andorra Bilytica Best business Intelligence compa...Carie John
Email: info@bilytica.com
Bilytica provides best in class services in Business Intelligence, Data-warehousing, Data Governance, Big Data management, Enterprise Applications, Enterprise Performance Management, Mobile Applications & Gaming and Business Consulting Services. Being a Tableau preferred reseller and consulting partner for Middle East, Europe, Turkey, Asia & Russia. Bilytica has helped 500+ small to large enterprises in Tableau implementation and training. We provide End to end Tableau consulting and training services including Tableau Proof of Concepts, Tableau Software license sales ,Tableau dashboard design Services , Onsite and remote Tableau consulting ,Customized onsite Tableau training , Tableau Server hosting ,Tableau integration services, Tableau advanced analytic & Tableau managed services.
Similar to 2022-09-13 kreuzwerker Atlassian - Navigating GDPR and BaFin in the Cloud.pdf (20)
Das Webinar widmete sich den Anforderungen an Cybersicherheit, IKT-Risiken und digitale operationale Resilienz welche sich aus der Verordnung 2022/2554 (https://eur-lex.europa.eu/eli/reg/2022/2554/oj) DORA - Digital Operational Resilience Act - ergeben.
Gemeinsam mit unseren Experten Dr. Hans Markus Wulf (Rechtsanwalt bei Heuking) und Hagen Lindner (Cybersecurity Consultant & Trainer bei Port Zero) geben wir einen rechtlichen Überblick mit Fokus auf die notwendigen Umsetzungsmaßnahmen und betrachten im Anschluss, was betroffenen Unternehmen und Institutionen jetzt konkret unternehmen müssen.
+++Agenda+++
- Willkommen und Einführung in das Thema, Daniel Meisen, kreuzwerker
- Rechtlicher Überblick zur neuen EU-Verordnung über die digitale operationale Resilienz im Finanzsektor (DORA) mit Fokus auf notwendige Umsetzungsmaßnahmen für Unternehmen, Dr. Hans Markus Wulf, Heuking
- DORA - jetzt wird die IT endlich sicher! Welche technischen Maßnahmen sind erforderlich und warum gelten diese als “Best Practises” seit Jahrzehnten?, Hagen Lindner, Port Zero
Möchte man Verordnungen wie DORA zynisch betrachten, dann finden sich darin lediglich verbindliche Regelungen von Security Best Practises, welche seit Jahren von Cybersecurity Experten gepredigt werden. Und von Entscheidungsträgern in Unternehmen ignoriert oder zumindest übersehen werden:
”Security ist Chefsache”, “Notfallpläne gehören zur Grundausstattung”, “Kein Backup, kein Mitleid” wird dank DORA jetzt quasi zur Verpflichtung.
Der häufig zitierte “Mehraufwand” ist dabei auch die “dornige Chance” IT-Sicherheit endlich den Stellenwert einzuräumen, den sie verdient, wenn einem das eigene Business und die Kundendaten etwas bedeuten. Zumindest im Finanzsektor.
Und was müssen Sie jetzt tun?
Q&A
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023kreuzwerker GmbH
At this event we learned how to navigate the startup ecosystem with AWS programs and engaged in enlightening discussions with VC experts. Additionally, we dove deep into the capabilities of Generative AI on AWS and mastered cost optimization strategies.
The event consisted of five main sessions featuring a startup. Our experts shared information that revolutionized your knowledge about the cloud. During this event, we told you about: Building Generative AI Applications on AWS, Architecting for Success and Optimizing for Longer Runways. Additionally, participants also had the opportunity to take part in a VC and Startup Expert Panel Discussion, as well as a Startup Bootcamp.
It was a unique opportunity for professionals, entrepreneurs, and cloud enthusiasts to learn about the latest trends and practical tips related to these areas.
Level Up Your Amazon OpenSearch Cluster in a Weekkreuzwerker GmbH
This webinar, will showcase the main activities and benefits of our Amazon OpenSearch Service Assessment offering. We'll take you through a real-life project where we partnered with a big MarTech player to enhance their Amazon OpenSearch solution for big data analytics while cutting over 60% of monthly costs.
---
Get in touch: opensearch@kreuzwerker.de
---
Making Serverless a Game-Changer for You - The What, Why, and How
------
+++About the Webinar+++
Nowadays, Serverless has become THE buzzword that you just can’t ignore. But what’s all the hype about? This introductory webinar helps you navigate your way through AWS Serverless Services and its ecosystem and shows you the benefits and considerations when using Serverless technologies.
Serverless abstracts the underlying servers and removes their maintenance and setup. It is a pay-as-you-go service, which simply means you pay for what you consume. AWS offers many services that you just execute and consume without provisioning any servers. This is attractive to businesses as they can focus on their business logic without thinking about maintaining servers or virtual machines. Thus they can accelerate faster.
Agenda:
🚀 Definition of Serverless and (Dis-)Advantages
🚀 Introduction to AWS Serverless Services
🚀 Showing common Serverless patterns and possibilities
🚀 Live Demo
Dates: 22.11.2022, 11:00 am
Skill Level: for everybody
Costs: free
Instructor: John Nguyen, Cloud Engineer
AWS Immersion Day Zurich, kreuzwerker & AWS, 30. Mai 2022kreuzwerker GmbH
The Slides from AWS Immersion Day, 30.Mai 2022 at the AWS Office in Zurich.
Page 1-58: Manuel Vogel, kreuzwerker about Landing Zone with superwerker.
Page 59-113: Ermin Dzinic, AWS about Data Lake Set Up.
Page 114-153: Oliver Gehrmann, kreuzwerker about FinOps and Cost Optimization.
Page 154-170: Maria Nunzes, AWS about AWS-Programs for Startups.
Business Team Collaboration- Jira Work Management Webinar by kreuzwerker.pdfkreuzwerker GmbH
Business Team Collaboration in a New Era: Jira Work Management
This webinar shows how to manage your work in a well-structured way and how it is now easier and more intuitive than ever with Jira Work Management, especially for business teams. At last, planning and tracking are now hassle-free in the new remote working era. Ready to kick off your next project with Jira Work Management?
Questions? Get in touch with us abls@kreuzwerker.de
------------
Mentioned Links:
→Learn more about Business Team Collaboration in a New Era: Jira Work Management https://atlassian.kreuzwerker.de/en/jira-work-management/
→Contact our Atlassian Business Line Sales team via abls@kreuzwerker.de
→Follow us on LinkedIn: https://www.linkedin.com/company/kreuzwerker/about/
→Set up your own free Jira Work Management: https://www.atlassian.com/software/jira/work-management/free
Best friends forever! - Atlassian Cloud and the GDPRkreuzwerker GmbH
In this presentation we'll cover the recent developments around Atlassian Cloud, the various plans, pricing and features and most importantly security and compliance - especially in regards to GDPR (DSGVO) and the Privacy Shield invalidation.
The agile movement is going on for quite a while now and a lot of companies acknowledged the values agile methodologies can generate. Hence agile is getting kind of an old hat and new movements emerge trying to proclaim new best practices for developing modern software. DevOps is one of these movements discussed in the recent days, but both share basic concepts. One of the aims of agile development is to bring development closer to QA. So the logical consequence of connecting both ideas is to also combine testing and operations.‘Why should we test our infrastructure?’ For me the answer to this question is quite simple: ‘Because infrastructure is code !’ Furthermore infrastructure is a crucial part of an application. It is basically the fundament of our app. Everyone just expects infrastructure to work, but the reality is quite different. Often the knowledge about infrastructure and its current status is isolated and if something goes wrong it triggers indescribable panic.Testing the infrastructure not only ensures that it works but also helps spreading knowledge about this black magic and making the current status more transparent to the team.Since the distribution of automated deployments and continuous delivery progresses quite extensively, experience in testing infrastructure will certainly become a skill many companies clamor for. This workshop reveals why this is an important part of the continuous delivery pipeline and includes a hands-on how to automate it.
Docker offshore - packaging applications for hard to reach datacenterkreuzwerker GmbH
What if your cooperate network infrastructure consists out of topological islands which aren’t connected permanently to the internet? How do you handle data synchronization among data centers if bandwidth is changing all the time? How do you deploy your applications in such an environment and how do you manage application monitoring? Is it possible to use cloud services, SaaS, IaaS and so on in such a setup and how to manage it? What is necessary to handle video data, images and other documents and keep everything in sync.
Join us to learn how we use Docker, Chef, AWS and friends in such an unusual business case.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
7. TIME TO VALUE
Move fast, accelerate time
to value and
speed to market
ROI
Refocus resources and
investments to maximize
your business ROI
INNOVATION
Future-proof your
strategy & tools with
continuous innovation
REVENUE PROFIT GROWTH
Why Atlassian Cloud?
15. Security features for everyone
SAML Single Sign-on (SSO)
User lifecycle management with SCIM
Organization Audit Logs
Shadow IT insights
Nested groups flattening
Selective user claim
External User Security
COMING SOON
COMING SOON
Encryption at rest & in transit
Data Residency
Mobile Device Management (MDM)
Secure Application Tunneling 🆕
Improved backup and restore
Data Residency for apps COMING SOON
COMING SOON
💡Included with Enterprise
16. Atlassian Enterprise Plan adds
Governance
Multiple Identity Providers in Atlassian Access
User activity audit log
🆕
18. Atlassian Enterprise Plan adds
Security
Bring your own Key
Data Leakage Protection
COMING SOON
FUTURE
19. Atlassian Enterprise Plan adds
Analytics & Data Lake
Atlassian
Data Lake
Atlassian Analytics
Data Warehouse
BI tools
(eg. Tableau and
Power BI)
COMING SOON
COMING SOON
24. Scale globally with unlimited sites
Cloud Enterprise
Centralized user licensing - pay for user once and grant access to multiple instances
Acquisitions Business Units Security
Corporate Regions
Centralized Admin Console - Manage users, products, security policies, insights and billing
Customize instances with marketplace apps based on team needs
25. MINIMUM REQUIREMENTS FOR ENTERPRISE
OR
801+ users 201+ agents
501+ users 51+ agents
👀 Financial Services Special
28. Migration
Assistant App
Helps assessing apps
and migrating core
content from Server to
Cloud
Migration
Manager
Dedicated team
to help you assess and
plan your migration
Solution Partners
Help you with the
hand-on-keyboard
work before, during
and after the migration
Migration Center
Resources, best
practices & migration
tools for every stage of
the migration journey.
Migration Helpers
34. Non-operation
(Business can not work)
Maintenance windows
Outages/Disruptions
Holistic view on Cost Advantages
Risk
Attacks
Data breaches
Security vulnerabilities
Operation
Hardware
Software
Support
Licenses
Maintenance
Covered, maintenance-free and included in Atlassian Cloud
37. Audit rights
On-site audits and
flow-down audit
rights over material
sub-outsourcers (i.e.,
AWS)
Cooperation
Commitment to
cooperate with
regulators
Oversight rights
Enhanced
record-keeping
and notifications
in case of a breach
Continuity of
service
In the event of
bankruptcy and after
termination
Included with the Financial Services
Addendum
38. Eligibility requirements
Cloud Enterprise Plan
> 500 users minimum
No other editions qualify for
this addendum or compliance
Operate in the EU
From regional to
multinational banks with
presence within EEA
Product Scope
Only the above products
apply
40. Shareholder & Co-CEO
Atlassian Expert by Heart
Atlassian Certified Instructor
Atlassian Certified Professional
User since Jira 2.0 EAP & Confluence 1.0
2
Daniel Meisen
41. Moving to a cloud
future, together…
3
- Guidance on GDPR
- Guidance on BaFin
- Atlassian Cloud compliance
- Guidance on your compliance
Journey to Cloud
47. Protection
Protect personal data
& strengthen privacy
rights of EU individuals
Control
Give users control
over their data
Goals of EU’s General Data Protection Regulation
GOALS
https://time.com/6146178/meta-facebook-eu-withdraw-data/
48. Protection
Protect personal data
& strengthen privacy
rights of EU individuals
Control
Give users control
over their data
Goals of EU’s General Data Protection Regulation
GOALS
https://about.fb.com/news/2022/02/meta-is-absolutely-not-threatening-to-leave-europe/
52. GDPR Non-Compliance - Penalties & Fines
If your data is breached:
GDPR
FINES
You must
report it within
72
hours
OR
Face a fine up to
20M € or 4%
global turnover
https://www.enforcementtracker.com/
54. Primer on GDPR SaaS assessments
- Assess data flows - is there any data exported outside the EU –
lawfulness, purpose limitation and ensure data minimization.
- Adequacy decisions exist for certain countries (i.e. Switzerland,
Canada, United Kingdom, …) but not for all (USA: Schrems II)
- Decide if a data protections impact assessment (DPIA) is required
required - depends on your specific use case (Art. 35 Abs. 4 DS-
GVO)
- Perform a Transfer Impact Assessment (TIA) – Guidance provided
by Atlassian1
- Ensure up-to date DPA including “new” SCCs – grace period
expires on Dec 27th, 20222
16
1 h"ps://www.atlassian.com/legal/data-transfer-impact-assessment
2 h"ps://www.atlassian.com/legal/data-processing-addendum
56. BaFin – Guidance on Outsourcing to Cloud Services
- Additional requirements for all non-differentiated outsourcing
according to the KAGB (Scope, Audit-Rights supervised company /
supervised authorities, right to issue instructions, data security /
protection, … - Chapter V)
- Quick Tip: Guidance1 of the BaFin (together with Deutsche
Bundesbank) in cooperation EIOPA, EBA, SSM and other national
supervisory authorities
- Covers outsourcing of materials and items to the Public Cloud (and
private/community/hybrid) as IaaS, PaaS or SaaS.
- Supervised company (you?!) are requested to have a documented
process covering all relevant steps to outsource to a cloud provider.
18
1 https:/
/www.bafin.de/SharedDocs/Downloads/EN/Merkblatt/BA/dl_181108_orientierungshilfe_zu_auslagerungen_an_cloud_anbieter_ba_en.html?nn=9866146
57. BaFin – Guidance on Outsourcing to Cloud Services
- Review your use-case in regards to supervisory law if a case of
outsourcing exists and whether its to be qualified as material -
when in doubt assume outsourcing
- Perform a risk analysis covering all relevant aspects of
outsourcing (type, scope, complexity, risk)
- Review and map all Chapter V (Contractual terms in the case
of (material) outsourcing) requirements to the Atlassian
contractual vehicles1
19
1 https://www.atlassian.com/trust/compliance/resources/bafin/bafin-guidance