'Our services are fully-cloud managed, allowing us to scale at pace' - Deliveroo's Danielle Sudai on the future of cloud
Sudai will talk about visibility in cloud security and take part in a panel discussion on governance within a multi & hybrid cloud system at the upcoming virtual event - Deskflix: The Future of Hybrid & Multi-Cloud event this month
Cloud use has exploded in the last two years, forcing even the most legacy businesses towards adoption. But some companies were born in the cloud, and have a great view of the direction the market is heading. One of those is food service giant Deliveroo, which made a firm decision not to invest in physical assets right from the outset.
Danielle Sudai, Security Operations Lead at Deliveroo, will be speaking at our upcoming Deskflix: The Future of Hybrid and Multi-Cloud event, taking place on the 22nd of February. As well as taking part in a panel discussion on governance, Danielle will lead her own talk on the important topic of visibility in cloud security. We caught up with her before the event to find out more.
Computing: What will you be talking about at the upcoming Deskflix event?
Danielle Sudai: I am going to host a session discussing visibility in cloud security. In this session, I'll explore several CSPM and CNAPP solutions, observe the right metadata we want to look at in a cloud environment, and allow us to scale as our cloud organisation while making sure we have the proper visibility over our cloud asset's configuration and behaviour.
I am also going to participate in the Governance Within a Multi & Hybrid Cloud System panel, which will discuss how we mandate the services leveraged by cloud providers and ensure it fits our needs as a company from several perspectives, such as selecting the best architecture and services used and securing those environments.
CTG: Which cloud trend are you most excited about?
DS: It would probably be the aspect of data security in the cloud. In the last two years, cloud service providers have added capabilities to map the classification of data stored in storage services, PaaS services and data in motion. Independent third party solutions were also enhanced - not just for data classification mapping, but also how to govern its visibility and how it can be involved with DLP capabilities.
CTG: Which cloud approach do you feel best fits your business: hybrid, multi or private?
DS: Deliveroo is fully managed on the cloud. As the company grew, the decision was made to run fully on cloud infrastructure and that seems to be the right decision so far. As we're a growing delivery application in multiple markets collecting orders and delivering food, the infrastructure model we need relies on cloud-based services. Our data stores and data lakes are built over cloud-native solutions and the SaaS products we use help us better manage different parts of our application and our own company.
CTG: Which cloud skills should IT leaders be looking to develop/recruit over the next year or so?
DS: In my opinion, as the industry moves to be hybrid or fully cloud-based, the IT leaders should focus on dedicating proper training to cloud services, learn how those are different from virtual/physical assets and make sure Security team is involved in those procedures, in order to maintain the observed threats while adopting working agile and making innovative infrastructure. For example, IAM is much more granular and being dedicated to entities, services and environment, and misconfiguration can lead to an actual security scenario.
CTG: Which existing or upcoming technology are you most excited about?
DS: I am excited to see how security is growing within cloud providers. Back in the day, it was hard to define your security posture only by a couple of cloud services. Today there's not only a wide range of services, but also guidance and best practices of how to manage your environment securely, and partnerships between security solutions and CSPs are becoming more common and improving the integrations security engineers are working on.