Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    EP69 Cloud Threats and How to Observe Them

    EP69 Cloud Threats and How to Observe Them

    FromCloud Security Podcast by Google

    Start listeningView podcast show

    EP69 Cloud Threats and How to Observe Them

    FromCloud Security Podcast by Google

    ratings:
    Length:
    30 minutes
    Released:
    Jun 13, 2022
    Format:
    Podcast episode

    Description

    Guest: James Condon,  Director of Security Research @  Lacework  Topics: What are realistic and actually observed cloud threats today? How did you observe them at Lacework? Cloud threats: are they on-premise  style threats to cloud assets? We hate the line “cloud is just somebody else’s computer” but apparently threats actors seem to think so? What is the 2nd most dangerous cloud issue after configuration mistakes? Why is it so common for organizations to have insecure configurations in their cloud environments?  Give me a few examples of the most common mistakes organizations make, and what they can do to avoid those configurations. Cloud malware and  ransomware / RansomOps, are these real risks today? Are we finally seeing the rise of Linux malware at scale (in the cloud)? As multi cloud expands in popularity, what are threat actors doing in this area? Are actors customizing their attacks on a per-cloud basis (AWS, GCP, Azure)?  Resources: Lacework 2022 Cloud Threat Report “Securing DevOps: Security in the Cloud” book “Threat Models and Cloud Security” (ep12) Google Threat Horizons Report #1 Google Threat Horizons Report #2
    Released:
    Jun 13, 2022
    Format:
    Podcast episode

    Titles in the series (100)

    Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.