Sign up to save your podcasts
Or
Share EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
Guest:
-
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- "How Google protects its production services" paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google's defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- "How Google protects its production services" paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- "How Google protects its production services" paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google's defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- "How Google protects its production services" paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,722 Listeners
WSJ What’s News
4,424 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,025 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,300 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
681 Listeners
HBR On Leadership
168 Listeners
AI Security Podcast
9 Listeners