Back

Showing 5 episodes for Cloud Security Practices

#186
August 19, 2024

EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim

Guest:

  • A debate between Tim and Anton, no guests
29:29

Topics covered:

  • You must buy the majority of cloud security tools from a cloud provider, here is why.
  • You must buy the majority of cloud security tools from a 3rd party security vendor, here is why.
#176
June 10, 2024

EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use

Guest:

  • Seth Vargo, Principal Software Engineer responsible for Google's use of the public cloud, Google
23:29

Topics covered:

  • Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right?
  • Where are we like other clients of GCP?  Where are we not like other cloud users?
  • Do we have any unique cloud security technology that we use that others may benefit from?
  • How does our cloud usage inform our cloud security products?
  • So is our cloud use profile similar to cloud natives or traditional companies?
  • What are some of the most interesting cloud security practices and controls that we use that are usable by others?
  • How do we make them work at scale? 
#172
May 13, 2024

EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines?

Guest:

none

27:23

Topics covered:

  • What have we seen at RSA 2024?
  • Which buzzwords are rising (AI! AI! AI!) and which ones are falling (hi XDR)?
  • Is this really all about AI? Is this all marketing?
  • Security platforms or focused tools, who is winning at RSA?
  • Anything fun going on with SecOps?
  • Is cloud security still largely about CSPM?
  • Any interesting presentations spotted?
#169
April 22, 2024

EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps

Guest:

29:29

Topics covered:

  • What are some of the fun security-related launches from Next 2024 (sorry for our brief “marketing hat” moment!)?
  • Any fun security vendors we spotted “in the clouds”?
  • OK, what are our favorite sessions? Our own, right? Anything else we had time to go to?
  • What are the new security ideas inspired by the event (you really want to listen to this part! Because “freatures”...)
  • Any tricky questions at the end?
#151
December 4, 2023

EP151 Cyber Insurance in the Cloud Era: Balancing Protection, Data and Risks

Guest:

  • Monica Shokrai, Head of Business Risk and Insurance for Google Cloud 
29:29

Topics covered:

  • Could you give us the 30 second run down of what cyber insurance is and isn't?
  • Can you tie that to clouds? How does the cloud change it? Is it the case that now I don't need insurance for some of the "old school" cyber risks?
  • What challenges are insurers facing with assessing cloud risks? On this show I struggle to find CISOs who "get" cloud, are there insurers and underwriters who get it?
  • We recently heard about an insurer reducing coverage for incidents caused by old CVEs! What's your take on this? Effective incentive structure to push orgs towards patching operational excellence or someone finding yet another way not to pay out? Is insurance the magic tool for improving security?
  • Doesn't cyber insurance have a difficult reputation with clients? “Will they even pay?” “Will it be enough?” “Is this a cyberwar exception?” type stuff?
  • How do we balance our motives between selling more cloud and providing effective risk underwriting data to insurers?
  • How soon do you think we will have actuarial data from many clients re: real risks in the cloud? What about the fact that risks change all the time unlike say many “non cyber” risks?