Artwork

محتوای ارائه شده توسط Anton Chuvakin. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Anton Chuvakin یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !

EP193 Inherited a Cloud? Now What? How Do I Secure It?

30:41
 
اشتراک گذاری
 

Manage episode 444011594 series 2892548
محتوای ارائه شده توسط Anton Chuvakin. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Anton Chuvakin یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Guests:

Topics

  • There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
  • Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
  • On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
  • Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
  • Why not just say “add MFA everywhere”? What may or will blow up?
  • We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
  • What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
  • How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

  continue reading

202 قسمت

Artwork
iconاشتراک گذاری
 
Manage episode 444011594 series 2892548
محتوای ارائه شده توسط Anton Chuvakin. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Anton Chuvakin یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Guests:

Topics

  • There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
  • Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
  • On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
  • Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
  • Why not just say “add MFA everywhere”? What may or will blow up?
  • We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
  • What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
  • How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

  continue reading

202 قسمت

همه قسمت ها

×
 
Loading …

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

 

راهنمای مرجع سریع