Sign up to save your podcasts
Or
Share EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
Guest:
-
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- "How Google protects its production services" paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google's defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- "How Google protects its production services" paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- "How Google protects its production services" paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google's defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- "How Google protects its production services" paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
More shows like Cloud Security Podcast by Google
View all
Security Now (Audio)
2,004 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,029 Listeners
NVIDIA AI Podcast
344 Listeners
Darknet Diaries
8,086 Listeners
Tech Brew Ride Home
968 Listeners
Cybersecurity Today
178 Listeners
The Intelligence from The Economist
2,563 Listeners
Cloud Security Podcast
58 Listeners
Big Technology Podcast
505 Listeners
Cybersecurity Headlines
139 Listeners
Hard Fork
5,535 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
638 Listeners
HBR On Leadership
166 Listeners
The Pragmatic Engineer
70 Listeners