WingNews logo WingNews
top | item 36922601

(no title)

okso | 2 years ago

> "set up our own virtual server inside Mozilla’s existing Google Cloud Platform (GCP) account. In doing so, we effectively committed to doing MLOps ourselves. But we could also move forward with confidence that our system would be private and fully under our control."

How is setting up a server inside Google's infrastructure "private and fully under Mozilla's control" ?

discuss

order

notatoad|2 years ago

relative to offloading your ML stuff to some third-party API, using a VPS keeps things private and under your control.

explaining how to self-host on bare metal is not really within scope for an article on how to build a chatbot, and trying to pretend a VPS on google cloud is insecure is just silly.

netdur|2 years ago

GCP complies with various industry standards, regulations, and certifications that attest to its security and privacy controls. These certifications can give you added assurance that your data is being handled according to recognized standards. Here are some of the common certifications and standards you might look for:

ISO 27001: An internationally recognized standard for information security management systems (ISMS). GCP's compliance with this standard demonstrates its commitment to information security.

ISO 27017: Specific to cloud security, this certification focuses on the controls specific to cloud service providers.

ISO 27018: This standard is related to the protection of personally identifiable information (PII) in public clouds.

SOC 2: GCP's SOC 2 report can provide assurance about the controls they have in place related to security, availability, processing integrity, confidentiality, and privacy.

HIPAA: If you're dealing with healthcare information, you'll want to ensure that GCP is compliant with the Health Insurance Portability and Accountability Act (HIPAA).

GDPR: For operations in Europe or with European citizens' data, compliance with the General Data Protection Regulation (GDPR) is crucial.

FedRAMP: For U.S. government customers, GCP's Federal Risk and Authorization Management Program (FedRAMP) compliance might be essential.

PCI DSS: If you're handling credit card information, Payment Card Industry Data Security Standard (PCI DSS) compliance is crucial.

Ensure that the services you plan to use within GCP are covered by the relevant certifications for your industry or use case. These certifications are typically available on the Google Cloud website and can also be provided by Google's sales or support team if you need official documentation.