Cloud Security Podcast

🚀 You've probably heard of Cloud Native Security, but what does it mean in 2024? 🌥️🔒 We caught up with return guest Jimmy Mesta 🤙, CTO and Co-Founder of RAD Security at RSA to understand what Cloud Native Security means today! 💡 Real-Time Security: It’s not enough to scan your environment once a week or even once a day. Real-time insights are critical. You may need tools using eBPF, Kubernetes logs, and cloud metadata to surface contextualized risks. ⚙️ Leveraging Cloud APIs: Utilizing cloud APIs to their fullest extent is key. Building applications that leverage these APIs can significantly enhance security and efficiency. 🛠️ Native Application Stacks: Many organisation containers cycle and rebuild every five minutes or less. By integrating tools like AWS RDS and IAM, you can create application stacks that are truly native to their environments. ✨ Sprinkle of AI: While AI isn't the sole focus, it plays a crucial role in enhancing the effectiveness of cloud-native security measures. If you are interested in Kubernetes and Cloud Native, this episode with Jimmy is a good listen, we have linked the full episode in the comments below #cloudnativesecurity #kubenetessecurity #cloudnative

What will be AI’s role in solving real-world problems? Kelsey has been a prominent figure in the Kubernetes and cloud-native community for a very long time and this time around at Kubecon EU Paris, Ashish sat down with Kelsey to have a chat with a difference. In this episode Kelsey speaks about the evolution and impact of generative AI, how it enables natural communication between humans and machines, the ethical considerations of AI decision-making, and the potential for AI to revolutionize industries.

🌟 The Curious Case of CSPM Alerts! 🌟 🔍 Where do those CSPM (Cloud Security Posture Management) alerts actually go? 🤔 We asked Chris Farris and Rich Mogull on one of our recent episodes and they shared some great insights! 🚀 From Black Hole to Vulnerability Management: CSPM alerts often end up in either a black hole or get absorbed into vulnerability management programs. 🔐 Prioritization Challenges: There is a real struggle of prioritizing alerts, from public S3 buckets to unencrypted EBS snapshots, alongside other critical vulnerabilities. 🛡️ Role of Security Operations Centers (SOC): Mature organizations handle CSPM findings and the crucial role of SOCs in this process. 🤖 SOAR Workflows: The automated workflows triggered by critical CSPM alerts, tracing the incidents back to the human actions that caused them. 🧑💻 Human Factor: The inevitable "carbon-based life forms" at the end of the alert chain and how security operations engage with them to fix issues. ⚙️ Auto-remediation Dilemmas: There are complexities to auto-remediation, when it's safe, and when human intervention is necessary. 📊 Managing Alert Overload: How do we manage the massive influx of CSPM findings without overwhelming your SOC team. This is a great episode if you want to understand the current state of cloud security in 2024. We have linked the episode in the comments below #cspm #cloudsecurity

🌐🔐 How does Zero Trust fit into DevSecOps? 🔐🌐 We spoke to Sarah Polan, Field CTO at HashiCorp EMEA about the interconnectivity of Zero Trust and DevSecOps. 🚀 Building Zero Trust: - The necessity of machine identity to ensure data encryption both at rest and in transit. - Implementing MTLS (Mutual TLS) requires identity verification on both sides, enabling the secure use of certificates. - Insights from NIST on the importance of time and context-bound identity for true Zero Trust architecture. 🤖 Strategic Security Design: - Zero Trust as a strategy for identity and contract brokering. - The importance of designing security from day one when moving towards Zero Trust. 🔧 DevSecOps Integration: - Ensuring security with robust policy engines that must remain breach-proof. - The critical role of break glass procedures, continuous scanning, and dynamic security measures (including SAST and DAST). If you are trying to implement Zero Trust in the world of DevSecOps then this episode with Sarah is music to the ears (and when you listen to the episode you will now why ;) ) Full episode in the comments below! #cloudsecurity #zerotrust #devsecops

💡 In the shift from on-premises to the cloud, we've seen a fundamental change in how we manage identities and privileges. Remember when we focused solely on securing networks with firewalls, endpoint protection, and defending against APTs and insider threats? The game has changed. - Today, identity is not just the new perimeter – it's the new network. In cloud-native environments, nothing functions without an identity fabric. - Every VM, every service, and every application relies on roles, service principles, or managed identities to operate. The result? An explosion of identities and permissions that needs managing. We spoke to Jeff Moncrief, Field CTO at Sonrai Security about how identities and permissions should be managed in the world of cloud in 2024. If you are interested in this space, you will find this episode valuable, we have linked the full episode in the comments below. Jeff also speaks about  Sonrai Security’s Cloud Permissions Firewall - we have added some information about this in the comments below, if you want to check it out! #cloudsecurity #identitymanagement

👩🏽💻 Where is a good starting point for AI Security in your Org❓ We spoke to Matt McKeever, CTO Cloud Engineering at LexisNexis world of Generative AI (GenAI) and its implications for security. 📌 Understanding the Threat Landscape: Just like any new technology, GenAI brings with it unique risks and threats. 📌 Data Confidentiality: Know the importance of keeping customer queries confidential. Imagine a lawyer's sensitive search queries being exposed—unthinkable, right? Know how to safeguard such critical information. 📌 Closed-Loop Systems: Ensuring that your data flow is segmented and secure is crucial. Matt breaks down how to maintain these secure pathways, ensuring that only the right entities are communicating. 📌 Core Security Building Blocks: At the heart of GenAI security are the tried-and-true basics: authentication, encryption, and proper architecture. We get into how these elements remain essential, even as we adapt to new technologies. If you are working with GenAI in your organisation, this was a great chat with Matt who brought many real world examples to the conversation, we have linked the full episode in the comments below #aisecurity #genai #cloudsecurity

🔍 Where do you start with Cloud Security? ☁️ We spoke to Rich Mogull on one of our recent episodes with Chris Farris. - Rich shared that "all cloud security failures are IAM failures and all IAM failures are governance failures." Starting your cloud security from IAM can make a world of difference. 🌐🔒 - Chris and Rich share real-world stories and strategies on how to handle being airdropped into chaotic cloud environments. Whether it's misconfigured S3 buckets or public RDS instances, they’ve seen it all and have actionable insights to share. 💼🔍 - They discuss their Universal Cloud Threat Model, a framework designed to help prioritize threats and manage vulnerabilities effectively. 🛠️📊 This was a great conversation and we have linked the full episode in the comments below #cloudsecurity #threatmodelling #identityandaccessmanagement

☁ Where to start with Google Cloud? ☁ We spoke to ⛅️ Jorge Liauw Calo, who is the Practice Lead for Google Cloud Security at Xebia. - Structuring Your Cloud Environment: Know the importance of structuring your Google Cloud with organizations, folders, and projects. A well-thought-out structure can simplify your cloud management. - IAM Best Practices: Identity and Access Management (IAM) is the backbone of cloud security. Effectively connect and sync users, ensuring seamless access for new joiners and secure revocation for leavers. - Google Cloud Blueprint: Get to know the Google Cloud blueprint, your ultimate guide to building a solid cloud foundation. From hierarchy and structure to managing workloads and firewalls. If you are looking to learn more about Google Cloud Security, this is a good episode. We have linked the full episode in the comments below! #googlecloudsecurity #cloudsecurity #googlecloud

🐝 How is SE Linux different from eBPF? 🐝 We spoke to Liz Rice, Chief Open Source Officer at Isovalent about why eBPF is different? 🔍 SE Linux: Rigid, hard-coded interface within the kernel. Limited in flexibility and adaptability. Utilizes the Linux Security Module Interface for predefined policies. 💡 eBPF: Leverages the same Linux Security Module Interface, but with a twist! Allows for custom, bespoke policies. Enables contextual decision-making for dynamic security responses. Empowers you to write your own code or use existing tools for flexible policy management. Why should you care? 🤔 - Innovation in Security: eBPF can provide platform for much more creative and dynamic security solutions, adapting to the ever-evolving threat landscape. - Custom Solutions: Move beyond one-size-fits-all security approaches and tailor your defenses to your specific needs. - Future-Proofing: understanding the potential of eBPF in enhancing your cloud security posture. If eBPF is on your mind in 2024 then this episode is a great listen with Liz, who has literally written the book on eBPF. We have linked the episode in the comments below #cloudsecurity #ebpf #kubernetessecurity

🌟 How AI is changing DevSecOps? ⭐ We spoke to Michael Hanley, CSO & SVP, Engineering at GitHub about the the integration of AI in DevSecOps. 🔹 Shifting Left with AI: Traditionally, security has often been an afterthought, resulting in late feedback and context switching for developers. But AI could be changing the game by integrating security seamlessly into the development process, providing real-time feedback and reducing the need for constant oversight. 🔹 Empowering Developers: Imagine having a virtual security expert available 24/7! With natural language interfaces like ChatGPT or Copilot chat, developers can now ask questions and receive immediate, trustworthy guidance. This removes the intimidation factor and fosters a more inclusive, security-conscious development environment. 🔹 Enhanced Developer Experience: No more waiting for ticket resolutions that take days. AI tools can make the process faster, more efficient, and more developer-friendly. It’s about boosting productivity without compromising on security. 🔹 Real-world Caution: While AI offers significant advantages, it's crucial to remember that it’s not a ‘set it and forget it’ solution. Think of it as a powerful co-pilot, not a fully autonomous driver. Continuous vigilance and traditional security practices remain essential. 🔹 Better Results with AI: The integration of AI doesn’t just streamline processes; it enhances overall code quality and security. By adopting AI technologies, teams can expect improved results and reduced workloads. Michael shared a lot of great insights in this episode and if you are interested in how GitHub is looking at AI, this is one episode you can check out. We have linked the full episode in the comments below! #aisecurity #githubcopilot #cloudsecurity