<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" aria-level="1"&gt; &lt;p dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/richmogull/"&gt;Rich Mogull&lt;/a&gt;, SVP of Cloud Security at Firemon and CEO at &lt;a href= "https://securosis.com/"&gt;Securosis&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;Let’s talk about cloud security shared responsibility.  How to separate the blame? Is there a good framework for apportioning blame?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;You've introduced the &lt;a href= "https://securosis.com/cloud/the-cloud-shared-irresponsibilities-model/"&gt; Cloud Shared Irresponsibilities Model&lt;/a&gt;, stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it lead to more collaboration or more friction?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;We both know the &lt;a href= "https://www.linkedin.com/in/jheiser/"&gt;Jay Heiser&lt;/a&gt; 2015 classic “cloud is secure, but you not using it securely.” In your view, what does “use cloud securely” mean for various organizations today?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Here is a very painful question: how to decide what cloud security should be free with cloud and what security can be paid? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;You dealt with cloud security for a long time, what is your #1 lesson so far on how to make the cloud more secure or use the cloud more securely?&lt;/li&gt; &lt;li&gt;What is the best way to learn how to cloud? What is this &lt;a href="https://slaw.securosis.com/"&gt;CloudSLAW&lt;/a&gt; thing?&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep201-every-cto-should-be-a-csto-or-else-transformation-lessons-from-the-hoff/"&gt; EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://securosis.com/cloud/the-cloud-shared-irresponsibilities-model/"&gt; The Cloud Shared Irresponsibilities Model&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://en.wikipedia.org/wiki/Trustworthy_computing"&gt;2002 Trustworthy computing memo&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://medium.com/anton-on-security/use-cloud-securely-what-does-this-even-mean-b723cf01f834"&gt; Use Cloud Securely? What Does This Even Mean?!&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep145-cloud-security-shared-responsibility-shared-fate-shared-faith/"&gt; EP145 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith?&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://medium.com/anton-on-security/no-snow-no-flakes-pondering-cloud-security-shared-responsibility-again-10b51e4ebba3"&gt; No Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again!&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://slaw.securosis.com/"&gt;Cloud Security Lab a Week (S.L.A.W)&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/blog/products/identity-security/8-megatrends-drive-cloud-adoption-and-improve-security-for-all/"&gt; Megatrends drive cloud adoption—and improve security for all&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/security/shared-fate?hl=en"&gt;Shared fate main page&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://securosis.com/blog/defining-the-journey-the-four-cloud-adoption-patterns-2/"&gt; Defining the Journey—the Four Cloud Adoption Patterns&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://medium.com/anton-on-security/celebrating-200-episodes-of-cloud-security-podcast-by-google-and-thanks-for-all-the-listens-602bc92bbf08"&gt; Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt;</description>

Cloud Security Podcast by Google

Anton Chuvakin

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

DEC 16, 202437 MIN
Cloud Security Podcast by Google

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

DEC 16, 202437 MIN

Description

Guest:

Topics:

  • Let’s talk about cloud security shared responsibility.  How to separate the blame? Is there a good framework for apportioning blame?
  • You've introduced the Cloud Shared Irresponsibilities Model, stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it lead to more collaboration or more friction?
  • We both know the Jay Heiser 2015 classic “cloud is secure, but you not using it securely.” In your view, what does “use cloud securely” mean for various organizations today?
  • Here is a very painful question: how to decide what cloud security should be free with cloud and what security can be paid? 
  • You dealt with cloud security for a long time, what is your #1 lesson so far on how to make the cloud more secure or use the cloud more securely?
  • What is the best way to learn how to cloud? What is this CloudSLAW thing?

Resources: