EP143 Cloud Security Remediation: The Biggest Headache?
Cloud Security Podcast by Google
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guests:
Topics:
-
It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?
-
As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?
-
One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?
-
Why is cloud security remediation such a headache for so many organizations?
-
Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?
-
Doesn't every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?
Resources:
-
EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?'
-
EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud
-
EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
-
8 Megatrends drive cloud adoption—and improve security for all