Back
#143
October 16, 2023

EP143 Cloud Security Remediation: The Biggest Headache?

Guest:

29:29

Subscribe at Google Podcasts.

Subscribe at Spotify.

Subscribe at Apple Podcasts.

Subscribe at YouTube

Topics covered:

  • It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?
  • As far as remediation scope, do we need to cover  traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?
  • One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?
  • Why is cloud security remediation such a headache for so many organizations?
  • Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?
  • Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?

Do you have something cool to share? Some questions? Let us know:

View more episodes