Cloud Security Podcast by Google

EP193 Inherited a Cloud? Now What? How Do I Secure It?

Oct 7, 2024

Taylor Lehmann, Director at the Office of the CISO, and Luis Urena, Cloud Security Architect at Google Cloud, tackle the complexities of securing inherited cloud environments. They discuss the risks of late security team involvement and the impracticality of drastic measures like 'nuking' the environment. Instead, they offer strategic steps for immediate security improvements, such as managing overly permissive roles. They also evaluate the necessity of compromise assessments and the balance between current priorities and securing new systems.

30:41

Creator website

Episode guests

Luis Urena

Taylor Lehmann

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Inheriting a cloud environment entails addressing unknown risks and establishing control through careful access management rather than drastic measures.

Implementing security measures like multi-factor authentication requires a methodical approach to avoid operational disruptions and ensure user readiness.

Deep dives

Inheriting Cloud Environments and Its Risks

Many organizations face the challenge of implementing security measures in cloud environments that were established without their involvement. This scenario often occurs during mergers and acquisitions, or when teams transition from experimenting with cloud technologies to operating in production. The primary concern is the uncertainty surrounding newly inherited workloads, whose security levels, histories, and access protocols remain unknown. Security teams are left to navigate these complexities, questioning the integrity and trustworthiness of the cloud accounts, while needing to establish effective security measures swiftly.

Intro

4min

Securing Inherited Cloud Environments

16min

Navigating Compromise Assessments in Inherited Cloud Environments

5min

Practicing Incident Response for Cloud Security

2min

Understanding Threat Modeling and the Importance of Structured Planning

4min

Guests:

Taylor Lehmann, Director at Office of the CISO, Google Cloud
Luis Urena, Cloud Security Architect, Google Cloud

Topics

There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
Why not just say “add MFA everywhere”? What may or will blow up?
We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast by Google

EP193 Inherited a Cloud? Now What? How Do I Secure It?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Inheriting Cloud Environments and Its Risks

Market Risks in Rapidly Growing Startups

Strategies for Managing Inherited Cloud Environments

The Importance of Phased Security Implementations

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast by Google

EP193 Inherited a Cloud? Now What? How Do I Secure It?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Inheriting Cloud Environments and Its Risks

Market Risks in Rapidly Growing Startups

Strategies for Managing Inherited Cloud Environments

The Importance of Phased Security Implementations

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights