Sign up to save your podcasts
Or
Share Mark Curphey from Open Raven: Getting the birds-eye view of cloud data security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Mark Curphey from Open Raven: Getting the birds-eye view of cloud data security
Note: This interview is part of a paid sponsorship between Open Raven and The Cloud Pod.
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Mark Curphey, Chief Product Office and Co-Founder of Open Raven, a fully integrated platform for security and privacy workflows.
Featured Guest
Name: Mark Curphey
What he does: Mark is Chief Product Officer and Co-Founder of Open Raven.
Where to find him: LinkedIn | Twitter
Listen to Mark discuss the Open Raven strategy for protecting your data, the use of serverless workflows to scale to enormous workloads. Protecting your data and ensuring compliance using the Open Policy Agent – and more.
Key Points
Discover – Classify – Monitor – Protect
“The cloud has moved in incredibly fast; security has been moved off to the side and as a result companies don’t know where their data is, breaches are happening constantly, and these are the big things that get companies in the press.”
Macie
“Every single customer that we spoke to in the early stages said, a) It doesn’t work b) It’s ridiculously expensive, and c) It’s only on s3 buckets. Well, whilst The Register is always reporting breaches of S3 buckets, my customer data is in RDS! That’s a real piece of the problem for me; sure, it’s popular, but I shouldn’t just be thinking about trying to protect myself from getting on The Register.”
Part of the challenge is that data is not one thing… I may have a name, I may have an address, I may have a card number. There are all sorts of different parameters, and the data could be stored in multiple ways. So you have the concept of like data adjacency; If I have a CCV number, and expiry date and name associated to it that might be something which is real.
With Macie, even if you just use the straight matching techniques, you don’t have control over the adjacency thing, so that’s why a lot of the basic trivial cases get completely missed.
Security at the edge?
“If you are protecting data in the cloud, you have to wire the tools into the cloud to understand which IAM has access, which routes, which security groups can give you access? That’s the only way to understand the context to protect it. You can’t do it in some sort of edge device.”
Getting started with Open Raven
Visit openraven.com to get a 15 day trial. Spin up a SaaS instance and go play.
“We already think we’re a better choice than Macie, but don’t think that’s the end goal. Come partner with us, work with us on the end goal, because those are things that we love; solving massive, complex, and interesting problems.”
https://www.openraven.com/thecloudpod
View all episodes
By Justin Brodley, Jonathan Baker, Ryan Lucas and Matthew Kohn
4.9
3434 ratings
Note: This interview is part of a paid sponsorship between Open Raven and The Cloud Pod.
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Mark Curphey, Chief Product Office and Co-Founder of Open Raven, a fully integrated platform for security and privacy workflows.
Featured Guest
Name: Mark Curphey
What he does: Mark is Chief Product Officer and Co-Founder of Open Raven.
Where to find him: LinkedIn | Twitter
Listen to Mark discuss the Open Raven strategy for protecting your data, the use of serverless workflows to scale to enormous workloads. Protecting your data and ensuring compliance using the Open Policy Agent – and more.
Key Points
Discover – Classify – Monitor – Protect
“The cloud has moved in incredibly fast; security has been moved off to the side and as a result companies don’t know where their data is, breaches are happening constantly, and these are the big things that get companies in the press.”
Macie
“Every single customer that we spoke to in the early stages said, a) It doesn’t work b) It’s ridiculously expensive, and c) It’s only on s3 buckets. Well, whilst The Register is always reporting breaches of S3 buckets, my customer data is in RDS! That’s a real piece of the problem for me; sure, it’s popular, but I shouldn’t just be thinking about trying to protect myself from getting on The Register.”
Part of the challenge is that data is not one thing… I may have a name, I may have an address, I may have a card number. There are all sorts of different parameters, and the data could be stored in multiple ways. So you have the concept of like data adjacency; If I have a CCV number, and expiry date and name associated to it that might be something which is real.
With Macie, even if you just use the straight matching techniques, you don’t have control over the adjacency thing, so that’s why a lot of the basic trivial cases get completely missed.
Security at the edge?
“If you are protecting data in the cloud, you have to wire the tools into the cloud to understand which IAM has access, which routes, which security groups can give you access? That’s the only way to understand the context to protect it. You can’t do it in some sort of edge device.”
Getting started with Open Raven
Visit openraven.com to get a 15 day trial. Spin up a SaaS instance and go play.
“We already think we’re a better choice than Macie, but don’t think that’s the end goal. Come partner with us, work with us on the end goal, because those are things that we love; solving massive, complex, and interesting problems.”
https://www.openraven.com/thecloudpod
More shows like The Cloud Pod
View all
Planet Money
30,655 Listeners
Hidden Brain
43,758 Listeners
Marketplace
8,770 Listeners
Motley Fool Money
3,220 Listeners
The Vergecast
3,698 Listeners
Decoder with Nilay Patel
3,151 Listeners
Risky Business
376 Listeners
The Cloudcast
153 Listeners
Software Defined Talk
67 Listeners
Pod Save America
87,552 Listeners
Screaming in the Cloud
92 Listeners
AWS Podcast
201 Listeners
Day Two DevOps
15 Listeners
AWS Morning Brief
80 Listeners
Bloomberg Tech
60 Listeners