Which cloud services do you use?

@aalvz Do you ever worry about opensource options not having the appropriate security parameters?

@dzaitzow depends on what I'm building but in general, my answer would be that the default security is enough to launch initial versions. I try to match security concerns with stage of the product. What are your concerns?

@aalvz My concerns are typically come from a no-code background and oftentimes Its 2 operations / sales people talking to one another and the BDRs AEs are trying to sell me on the non-free version of their product. Typically they can guarantee GDPR compliance whereas they can't (or don't claim to) do this with their open source version of the software / solution. So yea it was just a question because our product stack is really extensive and built from the ground up but there are places where we need adjacent software (payment stack / internal workflows etc)

@aalvz but we're trialing a lot of different cloud/database options right now - clickhouse MongoDB - Vercel - Rockset - the list goes on - just trying to find out what makes the most sense for our platform!

@dzaitzow This is an interesting scenario. Pretty cool. There's a LOT of information in here we could talk about. Reach out to me at alfonso@tribu.management if you'd like a talk about this. Is this for ContentBlocks? (I tried to use what you have in your domain) I'm lost on: What are you trying to solve exactly? My interpretation to what you said is that: 1. You're worried about open source not having enough security. 2. You're worried because people wants to sell you open source stuff and they can't comply with GDPR (??) Is this correct? Questions from top of mind: (More below) - Why is it important for you to comply with GDPR? Is this to comply with some client expectations? .. Because you care about storing the data? .. IDK. What's the situation behind? In general I see two things: 1. The good thing about GDPR is that you can literally follow a checklist, focus on that, and you've got the security you're looking for. 2 -> The good thing of open source is exactly that is open and you can adapt it to your needs, in this case security compliance. Yes, it increases the complexity, but with a decent architecture, it can become a very intuitive complexity. Open Source depends more on "How" you use it. So, if you set it up inside a secure architecture, you have less to worry about. Other questions: 1. What kind of data are you going to store? That's also something to consider. The more "private" information you want to store, the more complex your security layers must become, and therefore all these security certs and compliances. Same for the kinds of niche you're aiming at where the question "is it worth it?" arises. If it's a very $$ niche and validated PMF, there should be no worries, just focus on getting things done (comply as fast as possible). Questions 1.5 ->(If you're the one looking for GDPR compliance for your product) Why is the GDPR compliance important at this time for you? Is it for some specific client situation? (My guess is that you have big clients already? or the compliance is blocking closing?)There are ways to negotiate this part so both parts can move forward. (In simple words: Take care of the client security fears directly. It's an interesting but doable conversation with the benefit that you save a lot of business time). Other thoughts: 0 - Sounds to me that closer and more clear communication is needed between these roles you mention+ Tech + Legal(?) (Which, for what I've seen, it's rare for this to happen organically. You need dedicated efforts. There's science on that already, which provides a good compass) .... I got carried away ... Sounds fun.... it'd be easier in a call :) What I could help you with is to identify possibilities and action items. Cheers!