Cloud Security Podcast by Google EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
16 snips
Nov 3, 2025 Balazs Scheidler, CEO at Axoflow and founder of syslog-ng, shares his expertise on the evolving landscape of security data management. He emphasizes the shift from centralization to access, discussing the challenges of managing diverse data pipelines and the necessity of automated classification. Balazs warns against relying solely on source storage, suggesting federated search as a solution. He also highlights the need for pipeline-level enrichment to enhance data relevance while addressing real-world logging failures that impact security operations.
AI Snips
Chapters
Transcript
Episode notes
Centralization Is Evolving
- Centralizing all security telemetry is no longer strictly necessary for detection and compliance.
- Some data must be moved off sources, but storage can be distributed and federated with managed access.
Pipelines Need Fleet-Style Management
- Past pipelines failed mainly due to manual, brittle management at scale.
- Modern pipeline management should adopt fleet-style automation and declarative methods like cloud compute management.
Automate Data Classification
- Automate classification of security telemetry to map data to policy and retention rules.
- Use source-aware labels so you can route, retain, and process logs without manual regex-heavy decisions.