Compliance and Cloud Segmentation: Know What’s in Scope // CSA Pittsburgh Chapter Virtual Meetup

Join us for the April Virtual Meetup. We'll be discussing updates to the chapter, cover upcoming events to attend, and have a special presentation from a member of the board on emerging cloud security topics.

Compliance and Cloud Segmentation: Know What’s in Scope

Cloud environments blur traditional security boundaries, making it easy to overshoot—or miss—the true scope of your compliance obligations. This session demystifies how segmentation, tagging, and architecture choices influence where regulatory requirements “land” in the cloud. We’ll walk through real-world patterns—shared-services VPCs, micro-segmented workloads, and multi-account designs—and map them to PCI DSS, HIPAA, and SOC 2 scoping rules. Attendees will learn a repeatable method to (1) inventory data flows and control domains, (2) draw defensible scope boundaries using native cloud constructs, and (3) document segmentation evidence for auditors without drowning in diagrams. Whether you’re chasing your first attestation or tightening a mature program, you’ll leave with pragmatic tactics to keep compliance straightforward, scalable, and audit-ready.