In this episode, Tripwire’s Brent Holder and Raymond Kirk discuss what cloud security means today. Breaking down the different aspects of cloud security controls, they cover the technology, security implications and risks with cloud use.

Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3

Tim Erlin: On the latest episode of the Tripwire Cybersecurity Podcast, I had the pleasure of speaking with Raymond Kirk, and Brent Holder. Raymond and Brent are both distinguished members of the Tripwire team.

The topic that we focused on was cloud security, which is definitely a hot topic. But, as the technology for cloud is expanding, it’s not always clear what people actually mean when they say “cloud security”. You might say that it’s an overloaded term. What does the term “cloud security” really mean?

Brent Holder:  I think about the different answers that we get from different people when we’re talking to them. There’s a lot of different ways that my mind goes with cloud security, but what’s always interesting to me, is that if you ask someone about some of the challenges they are experiencing with cloud security, their answer will depend on their specific area.  For example, if they are on a development team, but have security priorities, then cloud security is focused on making sure that their teams are correctly using their accounts, which doesn’t necessarily have anything to do with the templates that are being used for the virtual machines in the environment.  Then, if you ask the question of the folks in IT, they are focused on the approved virtual machine templates.  Meanwhile, if you ask the question to a security team member, they want to make sure that when someone works their way around a policy, (Read more...)