The task for auditors in a cloud–native world: knowing where to look, in order to gather the evidence needed to prove compliance. This paper is your guide to becoming familiar with Pivotal Cloud Foundry from an auditor’s perspective.
Security and compliance staff perform an essential function within the enterprise: ensuring that the organization’s deployments are operated safely, and that they remain compliant with the applicable corporate policies and legal regulations.
The purpose of this document is to provide foundational Pivotal Cloud Foundry knowledge to help these teams. By describing how things will be different in a Pivotal Cloud Foundry setting, we can enable the security and compliance teams to be more effective.
Download this white paper and learn how to assess compliance for Pivotal Cloud Foundry, and the apps that run on the platform.
About the Author
John Field has more than 20 years experience in software development, system architectures, and information security. Currently a PM for Platform Security on Pivotal Cloud Foundry, John works on all aspects of security and compliance for the PaaS cloud. Prior to this role, John worked for 7 years as a Senior Technologist in the EMC CTO Office, mentoring a number of product development teams. Prior to joining EMC, John was a member of the RSA Security CTO team. John came to RSA via the acquisition of his startup Transindigo, where he was the co-founder and CTO. John got his start in information security back in the 1990's at Bankers Trust Company, a top-10 Wall Street bank, where he was responsible for building and deploying the bank's first global user authentication and authorization infrastructure. An excellent communicator, he has been an invited speaker at many industry events including JavaOne, EMC World, RSA Conference, & the 2nd International Workshop on RESTful Design at the W3C. John is equally comfortable doing a presentation to 200 people, or to 2 people, and he especially enjoys presenting "lightning talks" at open source un-conference forums. He holds BSEE and MSCS degrees, both awarded Cum Laude from Hofstra University. John is also registered CISSP.