Cloud Security Podcast by Google

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

Dec 16, 2024

Rich Mogull, SVP of Cloud Security at FireMon and CEO at Securosis, dives into the intricacies of cloud security responsibility. He introduces the Cloud Shared Irresponsibilities Model, suggesting that cloud providers bear some blame in breaches due to customer misconfigurations. The discussion includes insights on what 'using the cloud securely' really means today and how to effectively teach cloud security. Rich also touches on balancing free and paid security features in the cloud and shares his top lesson for safer cloud practices.

37:13

Creator website

Episode guests

Rich Mogull

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Cloud Shared Irresponsibilities Model emphasizes the blurred lines of accountability between cloud providers and customers in addressing security breaches.

Continuous learning and adaptation are essential for organizations to effectively navigate the complexities and evolving threats of cloud security.

Deep dives

The Cloud Transformation Timeline

Cloud transformation is often misunderstood in terms of its timeline and implementation. While some industry professionals envision a swift transition to cloud computing, the reality is that many organizations are only beginning their journey, even years after cloud technology has been established. The speaker suggests that the original projection of a 20-year transition might actually extend to 30 years, given that a significant number of companies still rely on traditional data centers. This highlights the disparity between those who have fully adopted cloud technologies and those just beginning to explore their potential.

Intro

3min

Navigating Cloud Migration Challenges

2min

Navigating Cloud Responsibility

14min

Innovative Hands-On Learning for Cloud Security

2min

Navigating Cloud Security Education

6min

Navigating Cloud Security and Threat Management

10min

Guest:

Rich Mogull, SVP of Cloud Security at Firemon and CEO at Securosis

Topics:

Let’s talk about cloud security shared responsibility. How to separate the blame? Is there a good framework for apportioning blame?
You've introduced the Cloud Shared Irresponsibilities Model, stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it lead to more collaboration or more friction?
We both know the Jay Heiser 2015 classic “cloud is secure, but you not using it securely.” In your view, what does “use cloud securely” mean for various organizations today?
Here is a very painful question: how to decide what cloud security should be free with cloud and what security can be paid?
You dealt with cloud security for a long time, what is your #1 lesson so far on how to make the cloud more secure or use the cloud more securely?
What is the best way to learn how to cloud? What is this CloudSLAW thing?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Cloud Transformation Timeline

Shared Responsibility and Its Complexities

Essential Learning for Cloud Security

The Ongoing Need for Learning and Adaptation

Remember Everything You Learn from Podcasts