Showing 3 episodes for Cloud Posture And Hygiene
#186
August 19, 2024
EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim
Guest:
- A debate between Tim and Anton, no guests
Topics covered:
- You must buy the majority of cloud security tools from a cloud provider, here is why.
- You must buy the majority of cloud security tools from a 3rd party security vendor, here is why.
#176
June 10, 2024
EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
Guest:
- Seth Vargo, Principal Software Engineer responsible for Google's use of the public cloud, Google
Topics covered:
- Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right?
- Where are we like other clients of GCP? Where are we not like other cloud users?
- Do we have any unique cloud security technology that we use that others may benefit from?
- How does our cloud usage inform our cloud security products?
- So is our cloud use profile similar to cloud natives or traditional companies?
- What are some of the most interesting cloud security practices and controls that we use that are usable by others?
- How do we make them work at scale?
#165
March 25, 2024
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security
Guest:
- Ahmad Robinson, Cloud Security Architect, Google Cloud
Topics covered:
- You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security?
- What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team?
- One term that often comes up on the show and with our customers is 'shifting left.' Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right?
- A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code and its security implications? Does PaC help or hurt security?