> Yes, but honestly what percentage of businesses need regulatory conformance or anything like signed logs?
Uh, as soon as you're processing PII, be it health information, social security numbers like in payroll, or credit card information, you're required by law (or the CC industry) to have these. And no, cutting corners is not an option, at least if you want to avoid some serious jail time.
Media processing (in the sense of professional movie studios) requires MPAA certification, which in turn requires that all systems handling "customer data/assets" even be airgapped to the Internet (source: MPAA best practices guidelines).
And if you're ever dealing with car manufacturers, goodbye to cloud - they're similarly sensitive when it comes to anything near unreleased products. No Dropbox/Slack/... allowed, and for good reason.
> Uh, as soon as you're processing PII, be it health information, social security numbers like in payroll, or credit card information, you're required by law (or the CC industry) to have these. And no, cutting corners is not an option
True, but you can still organise out less sensitive components to serverless, and there are plenty of payment and payroll gateways to outsource the compliance problems.
> True, but you can still organise out less sensitive components to serverless, and there are plenty of payment and payroll gateways to outsource the compliance problems.
Good luck building all the firewalling and other logic required for a sane system.
And everytime I see "outsource" in reference to the core parts of a company (which payments and payroll definitely are), I cringe. That's a desaster waiting to happen.
Uh, as soon as you're processing PII, be it health information, social security numbers like in payroll, or credit card information, you're required by law (or the CC industry) to have these. And no, cutting corners is not an option, at least if you want to avoid some serious jail time.
Media processing (in the sense of professional movie studios) requires MPAA certification, which in turn requires that all systems handling "customer data/assets" even be airgapped to the Internet (source: MPAA best practices guidelines).
And if you're ever dealing with car manufacturers, goodbye to cloud - they're similarly sensitive when it comes to anything near unreleased products. No Dropbox/Slack/... allowed, and for good reason.