Cloud Security Podcast by Google

The hosts recap Google Cloud Next 2024, highlighting fun security launches, favorite sessions, and new security ideas inspired by the event. They discuss the evolution of cloud-native security, explore new security vendors and the CNAB framework, and delve into the interplay of cloud security, AI, and emerging threats. They also touch on embracing curiosity in technology and science fiction.

Join Umesh Shankar and Scott Coull as they discuss teaching AI security, the benefits of security-trained LLMs, the practical applications for security teams, and the feedback on impact. Explore the limitations of LLMs for security tasks and the importance of task-specific training. Delve into using cloud audit logs for anomaly detection and the challenges of intelligent summarization in the security context.

Guest Maria Riaz, an Engineering Lead at Google Cloud, discusses counter-abuse and security on GCP, dealing with stolen cards, and relevant competencies for this field. They explore academic vs industry experience, popular abuse types like coin mining, and innovative abuse strategies at Google, emphasizing problem-solving and user safety.

Guests Evan Gilman and Eli Nesterov discuss workload identity, zero trust, and SPIFFE in a lively podcast. They delve into the challenges faced by large organizations, the benefits of adopting modern security paradigms like SPIFFE, and the importance of reimagining traditional technologies for cloud environments. The conversation also touches on the concept of 'solving the bottom turtle' in workload identity and security.

Ahmad Robinson, Cloud Security Architect at Google, discusses 'Pets vs Cattle' mentality in cloud operations, shifting left in cloud security, and the confusion around Policy as Code. He emphasizes the importance of scalability, standardization, and collaboration among teams for efficient security practices.

Exploring the looming threats of quantum computing on cryptography, the podcast delves into the urgency of adopting post-quantum algorithms. NIST standards, skepticism vs. reality in quantum computing, and proactive data safeguarding measures are discussed. The importance of discerning truth from hype and practical tips on post-quantum cryptography are highlighted.

Exploring cloud security megatrends with a focus on AI integration, governance, and AI for security. Discussing the contentious nature of certain megatrends, the simplicity of cloud over on-premise IT, and the role of AI in enhancing security practices. Delving into questions CISOs should be asking about AI and the transformative potential of AI in improving data governance and scalability.

Explore the complexities of IAM in cloud security with expert Kat Traxler. Discuss why people still struggle with IAM mistakes, resource hierarchy, and management. Learn about the importance of assigning roles at the lowest resource-level possible and how the 'big 3' got it wrong.

Guest: Victoria Geronimo, Cloud Security Architect, Google Cloud Topics: You work with technical folks at the intersection of compliance, security, and cloud. So  what do you do, and where do you find the biggest challenges in communicating across those boundaries? How does cloud make compliance easier? Does it ever make compliance harder?  What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT? What has been the most surprising compliance challenge you’ve helped teams debug in your time here?  You also work on standards development –can you tell us about how you got into that and what’s been surprising in that for you?  We often say on this show that an organization’s ability to threat model is only as good as their team’s perspectives are diverse: how has your background shaped your work here?   Resources: Video (YouTube) EP14 Making Compliance Cloud-native EP25 Beyond Compliance: Cloud Security in Europe  Fordham University Law and Technology site IAPP  site  

Guest: Merritt Baer, Field CTO,  Lacework, ex-AWS, ex-USG Topics: How can organizations ensure that their security posture is maintained or improved during a cloud migration? Is cloud migration a risk reduction move? What are some of the common security challenges that organizations face during a cloud migration? Are there different gotchas between the three public clouds? What advice would you give to those security leaders who insist on lift/shift or on lift/shift first? How should security and compliance teams approach their engineering and DevOps colleagues to make sure things are starting on the right foot? In your view, what is the essence of a cloud-native approach to security? How can organizations ensure that their security posture scales as their cloud usage grows? Resources: Video (LinkedIn, YouTube) EP69 Cloud Threats and How to Observe Them EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win? 9 Megatrends drive cloud adoption—and improve security for all Darknet Diaries podcast