EP193 Inherited a Cloud? Now What? How Do I Secure It?

OCT 7, 202430 MIN
Cloud Security Podcast by Google

EP193 Inherited a Cloud? Now What? How Do I Secure It?

OCT 7, 202430 MIN

Description

Guests:

Topics

  • There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
  • Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
  • On the opposite side, what if business demands you don't  touch anything but “make it secure” regardless?
  • Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
  • Why not just say “add MFA everywhere”? What may or will blow up?
  • We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
  • What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
  • How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources: