<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" aria-level="1"&gt; &lt;p dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/mczapinski/"&gt;Michael Czapinski&lt;/a&gt;, Security &amp; Reliability Enthusiast, Google&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/docs/security/production-services-protection"&gt; “How Google protects its production services”&lt;/a&gt; paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Can you elaborate on the concept of Foundational services and their significance in Google's security posture?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How do you implement this principle of &lt;a href= "https://www.usenix.org/conference/srecon19emea/presentation/czapinski"&gt; zero touch prod&lt;/a&gt; for both human and service accounts within our complex infrastructure? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Can you talk us through the broader approach you take through Workload Security Rings and how this helps?&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/docs/security/production-services-protection"&gt; “How Google protects its production services”&lt;/a&gt; paper (deep!)&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href="https://slsa.dev"&gt;SLSA framework &lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep189-how-google-does-security-programs-at-scale-ciso-insights/"&gt; EP189 How Google Does Security Programs at Scale: CISO Insights&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep109-how-google-does-vulnerability-management-the-not-so-secret-secrets/"&gt; EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep176-google-on-google-cloud-how-google-secures-its-own-cloud-use/"&gt; EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep75-how-we-scale-detection-and-response-at-google-automation-metrics-toil/"&gt; EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.usenix.org/conference/srecon19emea/presentation/czapinski"&gt; SREcon presentation&lt;/a&gt; on zero touch prod. &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://sre.google/books/building-secure-reliable-systems/"&gt;The SRS book (free access)&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;/p&gt;</description>

Cloud Security Podcast by Google

Anton Chuvakin

EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security

NOV 25, 202427 MIN
Cloud Security Podcast by Google

EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security

NOV 25, 202427 MIN

Description

Guest:

Topics:

  • “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
  • What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time?
  • Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
  • How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
  • How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure? 
  • Can you talk us through the broader approach you take through Workload Security Rings and how this helps?

Resources: