The State of Cloud Security

Josh Stella (@joshstella, Founder/CEO of @FugueHQ) talks about the differences between cloud security and data center security, the value businesses place on security implementations, and enabling governance in the cloud.

SHOW: 553

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

CHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"

SHOW SPONSORS:

• CloudZero - Cloud Cost Intelligence for Engineering Teams
• CBT Nuggets: Expert IT Training for individuals and teams
• Sign up for a CBT Nuggets Free Learner account 
• AWS Data Backup for Dummies (Veeam)
• Choose Your Own Cloud Adventure with Veeam and AWS

SHOW NOTES:

• PagerDuty (homepage)
• State of Digital Operations report (PagerDuty)
• Fugue (homepage)
• Sonatype (homepage)
• State of Cloud Security 2021
• The Cloudcast Eps.333 - DevSecOps and Governance (with Josh Stella) 
• The Cloudcast Eps.543 - What does Security even mean anymore

Topic 1 - Welcome back to the show. It’s been a complicated world for security the last 12-18 months. Tell us a little bit about your background and the State of Cloud Security 2021 report.

Topic 2 - Between the SolarWinds hack, Microsoft database hack and daily breaches of 100M users, where are we with security these days? It seems as messy as ever, and yet it also seems like people aren’t that concerned anymore. 

Topic 3 - Misconfiguration still seems to be a major issue. Isn’t Automation and Infra-as-Code and GitOps catching on? Policy-as-Code.

Topic 4 - We now have DevSecOps, which combines all these functions together. Who is ultimately responsible for Security?

Topic 5 - When companies move to the public cloud, they still have regulatory requirements. The cloud providers have “certifications” (e.g. SOC 2, NIST 800-53, GDPR, and HIPAA, so are they responsible now?

Topic 6 - How do we start matching the level of motivation the bad guys (hackers) have with the level of concern companies should have?

FEEDBACK?

• Email: show at the cloudcast dot net
• Twitter: @thecloudcastnet