Cloud Security Podcast by Google

Guest: Avi Shua, CEO and Co-founder @ Orca Security Topics: Where do you spend more efforts, on detection of pre-fail issues (like configuration errors) or post-fail issues (like incidents)? How do you prioritize the preventative and detective controls in your platform? When talking to CISOs, how do you explain that cloud threat detection is different from the on-premise type? In your opinion, are agents dead in the cloud? Do you think your customers care more about cloud-specific threats or traditional threats against cloud assets? How do you think about the tradeoff for security teams between using cloud native controls vs a 3rd party vendor like, say, you? Resources: “The Orca Security 2020 State of Public Cloud Security Report“

Guest:  John Kindervag, who is widely considered to be the creator of zero trust model in 2010 (currently works at ON2IT) Topics: What has changed in the world of zero trust since 2010? What must be trusted for a zero trust (ZT) system to work? What are key ZT project success pre-requisites? What is the first step in ZT implementation that increases the chance of its success? Is zero trust hard for most companies? What’s the most spectacular failure you’ve seen in a ZT project? Where do you see ZT heading in the next 10+ years? Resource: John's original zero trust paper (2010)

Guest: Brandon Levene, Malware Inquisitor @ Google Cloud Topics covered: Which malware is scarier, state-sponsored or criminal? How do we approach cybercrime mitigation at Google? How do we actually track malware? Don’t we need “attribution” for it? What are the most useful telemetry sources for study in modern malware? Does ransomware have a bright future? Where do you see threat actors making the biggest investments? Resource: "Crimeware In The Modern Era" paper by Brandon Levene

Guests: no guests, just Tim and Anton  Topics covered: Discussion of the interesting presentations from Cloud Security Talks Q1 2021 focused on trusted cloud, container security, cyber insurance, Chronicle, ML for network security, etc Resources: All Q1 2021 Cloud Security Talks “Cloud Risk Panel Discussion” video “A conversation on overcoming risk management challenges in the Cloud” video  “Better together - expanding the Confidential Computing ecosystem” video “Detect potential threats to your containers” video “Supercharge your security telemetry with Chronicle” video “Tales from the trenches: Using machine learning to create safer networks” video “Chrome Enterprise Security - A deep dive” video

Guests: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud  Nick Godfrey, Director, Financial Services Security & Compliance and a member of Office of the CISO @ Google Cloud Topics covered: Why do you think so many CISOs of traditional organizations fear cloud migrations? What is your best advice to a CISO who wants to migrate to the cloud using the on-premise playbook, or lift and shift?  What are the real tradeoffs in this decision such as using familiar tools/practices vs cloud benefits/effectiveness?  What would you recommend reading for a CISO managing their first cloud migration Resources mentioned: Paper “CISO’s guide to Cloud Security Transformation”  Book “Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems”  Book “Practical Guide to Cloud Migration”

Episode 4 “Gathering Data for Zero Trust” focuses on enabling zero trust access in the real world Guest: Max Saltonstall (@maxsaltonstall), Developer Advocate @ Google Cloud   Topics covered: What should be trusted for a zero trust system to work? What is the first thing you need to do to have a zero trust access project succeed? What data needs to be collected for zero trust system operation?

Episode 3 “Automate and/or Die?” focuses on automated remediation (or is it response!) in the cloud Guest: Joe Crawford, formerly in charge of cloud-native security at a large bank Topics covered: Can we automatically remediate vulnerabilities and threats in the cloud? Did you require humans to be in the loop for your automation? Is that still automation if we do? Does security fear of automation have a place in the cloud?

Episode 2 “Data Security in the Cloud” focuses on data security in the cloud  Guest: Andrew Lance, Sidechain Topics covered: What is special about data security in the cloud? How data security plays in the shift from perimeter and network security to identity-based security? Can I use detective data security controls and turn them into preventative controls? Resources: “Designing and deploying a data security strategy with Google Cloud” paper

“Confidentially Speaking” episode focuses on confidential computing Guest: Nelly Porter, Group Product Manager @ Google. Topics covered: What risks are mitigated by confidential computing? What types of organizations must adopt confidential computing? How and where the data is encrypted? Resources:  Confidential computing at Google Cloud