Cloud Security Podcast by Google
Anton Chuvakin
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
Episodes
Mentioned books
Mar 17, 2021 • 23min
Cloud Security Talks Summarized: A Recap Episode
Guests: no guests, just Tim and Anton Topics covered: Discussion of the interesting presentations from Cloud Security Talks Q1 2021 focused on trusted cloud, container security, cyber insurance, Chronicle, ML for network security, etc Resources: All Q1 2021 Cloud Security Talks “Cloud Risk Panel Discussion” video “A conversation on overcoming risk management challenges in the Cloud” video “Better together - expanding the Confidential Computing ecosystem” video “Detect potential threats to your containers” video “Supercharge your security telemetry with Chronicle” video “Tales from the trenches: Using machine learning to create safer networks” video “Chrome Enterprise Security - A deep dive” video
Mar 11, 2021 • 20min
Preparing for Cloud Migrations from a CISO Perspective, Part 1
Guests: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Nick Godfrey, Director, Financial Services Security & Compliance and a member of Office of the CISO @ Google Cloud Topics covered: Why do you think so many CISOs of traditional organizations fear cloud migrations? What is your best advice to a CISO who wants to migrate to the cloud using the on-premise playbook, or lift and shift? What are the real tradeoffs in this decision such as using familiar tools/practices vs cloud benefits/effectiveness? What would you recommend reading for a CISO managing their first cloud migration Resources mentioned: Paper “CISO’s guide to Cloud Security Transformation” Book “Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems” Book “Practical Guide to Cloud Migration”
Feb 24, 2021 • 24min
Gathering Data for Zero Trust
Episode 4 “Gathering Data for Zero Trust” focuses on enabling zero trust access in the real world Guest: Max Saltonstall (@maxsaltonstall), Developer Advocate @ Google Cloud Topics covered: What should be trusted for a zero trust system to work? What is the first thing you need to do to have a zero trust access project succeed? What data needs to be collected for zero trust system operation?
Feb 11, 2021 • 18min
Automate and/or Die?
Episode 3 “Automate and/or Die?” focuses on automated remediation (or is it response!) in the cloud Guest: Joe Crawford, formerly in charge of cloud-native security at a large bank Topics covered: Can we automatically remediate vulnerabilities and threats in the cloud? Did you require humans to be in the loop for your automation? Is that still automation if we do? Does security fear of automation have a place in the cloud?
Feb 11, 2021 • 20min
Data Security in the Cloud
Episode 2 “Data Security in the Cloud” focuses on data security in the cloud Guest: Andrew Lance, Sidechain Topics covered: What is special about data security in the cloud? How data security plays in the shift from perimeter and network security to identity-based security? Can I use detective data security controls and turn them into preventative controls? Resources: “Designing and deploying a data security strategy with Google Cloud” paper
Feb 11, 2021 • 21min
Confidentially Speaking
“Confidentially Speaking” episode focuses on confidential computing Guest: Nelly Porter, Group Product Manager @ Google. Topics covered: What risks are mitigated by confidential computing? What types of organizations must adopt confidential computing? How and where the data is encrypted? Resources: Confidential computing at Google Cloud
