Sign up to save your podcasts
Or
Share The Cloud and Shared Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Cloud and Shared Security
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/)
When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors?
Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud.
This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Paul Calatayud (@paulcatalayud), CSO for Americas, Palo Alto Networks.
Thanks to this week's podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
On this episode of Defense in Depth, you'll learn:
- You have to have a business reason to go to the cloud. Usually it's done as a business imperative in order to stay competitive.
- Security is rarely the primary reason businesses move to the cloud. It's often an adjunct reason.
- Moving to the cloud may transfer risk, but it also introduces new risk.
- Security professionals have long avoided the cloud because they feel they give up perceived control. If I can't see or touch it, how can I secure it?
- One issue security people need to grapple with during digital transformation and a move to the cloud is what does it mean to manage risk when you don't own the program?
- Much of the online discussion was about getting your service license agreements (SLAs) in place. But if you're a small- to medium-sized businss (SMB) you're going to have a hard if not impossible time negotiating.
- Don't lean on SLAs to be your entire risk profile. It's like using insurance as your only means of security.
- Cloud security requires setting up automation guard rails.
- For cloud evolution you'll need a change in talent and it probably won't be your traditional network engineers.
- Because of performance, privacy, and data protection issues you're probably going to find your business moving apps in and out of the cloud.
- The Cloud Controls Matrix (CCM), from the Cloud Security Alliance (CSA) is a controls framework designed to help you assess the risk of a cloud security provider.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/)
When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors?
Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud.
This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Paul Calatayud (@paulcatalayud), CSO for Americas, Palo Alto Networks.
Thanks to this week's podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
On this episode of Defense in Depth, you'll learn:
- You have to have a business reason to go to the cloud. Usually it's done as a business imperative in order to stay competitive.
- Security is rarely the primary reason businesses move to the cloud. It's often an adjunct reason.
- Moving to the cloud may transfer risk, but it also introduces new risk.
- Security professionals have long avoided the cloud because they feel they give up perceived control. If I can't see or touch it, how can I secure it?
- One issue security people need to grapple with during digital transformation and a move to the cloud is what does it mean to manage risk when you don't own the program?
- Much of the online discussion was about getting your service license agreements (SLAs) in place. But if you're a small- to medium-sized businss (SMB) you're going to have a hard if not impossible time negotiating.
- Don't lean on SLAs to be your entire risk profile. It's like using insurance as your only means of security.
- Cloud security requires setting up automation guard rails.
- For cloud evolution you'll need a change in talent and it probably won't be your traditional network engineers.
- Because of performance, privacy, and data protection issues you're probably going to find your business moving apps in and out of the cloud.
- The Cloud Controls Matrix (CCM), from the Cloud Security Alliance (CSA) is a controls framework designed to help you assess the risk of a cloud security provider.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
376 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
321 Listeners
Click Here
414 Listeners
Darknet Diaries
8,011 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Cyber Security Headlines
136 Listeners
Risky Bulletin
46 Listeners
Hacker And The Fed
171 Listeners