Sign up to save your podcasts
Or
Share EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?
Guests:
-
Dominik Richter, the founder and head of product at Mondoo
Cooked questions:
-
What is a policy, is that the same as a control, or is there a difference? And what's the gap between a policy and a guardrail?
-
We have IaC, so what is this Policy as Code? Is this about security policy or all policies for cloud?
-
Who do I hire to write and update my policy as code? Do I need to be a coder to create policy now?
-
Who should own the implementation of Policy as Code? Is Policy as Code something that security needs to be driving? Is it the DevOps or Platform Engineering teams?
-
How do organizations grow into safely rolling out new policy as code code?
-
You [Mondoo] say that "cnspec assesses your entire infrastructure's security and compliance" and this problem has been unsolved for as long as the cloud existed. Will your toolset change this?
-
There are other frameworks that exist for security testing like HashiCorp's sentinel, Open Policy Agent, etc and you are proposing a new one with MQL. Why do we need another security framework?
-
What are some of the success metrics when adopting Policy as Code?
Resources:
- Live video (LinkedIn, YouTube)
- "Why Infrastructure as Code Is Setting You up to Make Bad Things Faster" blog
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guests:
-
Dominik Richter, the founder and head of product at Mondoo
Cooked questions:
-
What is a policy, is that the same as a control, or is there a difference? And what's the gap between a policy and a guardrail?
-
We have IaC, so what is this Policy as Code? Is this about security policy or all policies for cloud?
-
Who do I hire to write and update my policy as code? Do I need to be a coder to create policy now?
-
Who should own the implementation of Policy as Code? Is Policy as Code something that security needs to be driving? Is it the DevOps or Platform Engineering teams?
-
How do organizations grow into safely rolling out new policy as code code?
-
You [Mondoo] say that "cnspec assesses your entire infrastructure's security and compliance" and this problem has been unsolved for as long as the cloud existed. Will your toolset change this?
-
There are other frameworks that exist for security testing like HashiCorp's sentinel, Open Policy Agent, etc and you are proposing a new one with MQL. Why do we need another security framework?
-
What are some of the success metrics when adopting Policy as Code?
Resources:
- Live video (LinkedIn, YouTube)
- "Why Infrastructure as Code Is Setting You up to Make Bad Things Faster" blog
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,723 Listeners
WSJ What’s News
4,423 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,026 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,297 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
683 Listeners
HBR On Leadership
169 Listeners
AI Security Podcast
9 Listeners