Will Data Privacy Regulation Kill Serverless?
Updated: Oct 22, 2020
The term Serverless refers to a software architecture and service model where the developers don’t need to manage the infrastructure of where their code runs, or where their data resides (servers, scale, databases, etc) and instead can focus on the business logic of their application.
Today, many popular Managed Services work this way. For example, RDS is an AWS SQL Database managed service, and DynamoDB is AWS NoSQL managed service. When developers use those databases, they don’t have direct access to the specific servers that Amazon is running for them, and these servers change over time in a way that is controlled and optimized by AWS.
Organizations that implement the requirements of data privacy regulations such as CCPA or GDPR, need to map their sensitive data, across the entire organization, understand the data flow, tag the private data that needs to be protected, and put controls and audits in place in order to manage it.
This data mapping problem becomes particularly challenging in the cloud, where data is scattered across many services, servers, VMs, hidden inside different Serverless Services and Containers that are being managed by different service providers.
Data privacy regulations force organizations to deal with technical overhead, which was meant to be avoided by choosing a Serverless architecture and using Managed Services.
This collision between regulations such as CCPA and GDPR, and a popular software development trend is creating confusion and frustration among developers and adds to the already significant friction that makes data privacy compliance challenging to implement. We already see how more and more teams decide against using different managed services because of this reason.
At Purpose, we strongly believe in both Serverless and the need for regulation. We’ve been mapping the different R&D friction points that data privacy regulation creates and we’re engineering easy to use solutions that will make data privacy engineering and compliance possible without slowing down innovation.
You can try our cloud data protection discovery solution for FREE here.