Guest: Eran Feigenbaum
Guest title: CSO, Oracle Cloud
The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services.
0:00 introducing our guest
5:40 Generation one of cloud infrastructure
8:40 so what is second generation of cloud infrastructure
10:30 how Oracle is planning to change the cloud market
11:40 how second generation cloud services can help with common mistakes such as misconfiguration
13:35 what cloud provider should do in order to increase security
16:05 how cloud providers can be proactive with their customers
19:00 handling miss-configuration such as open buckets and lost API’s keys
23:40 summary and last words
Attendees Guest: Yinon Costica Guest title: VP Product Abstract Wiz is the new star in the cloud security market, founded by veterans with a proven record and raised over $100M in less than a year of operations. In this episode, we talked with Yinon Costica, Co-Founder and VP Product at Wiz, about cloud security challenges, how is Wiz different from others, and how are they going to disrupt the market. ...
Sponsored By: Attendees Guest: Arick Goomanovsky Guest title: Co-Founder & Chief Business Officer Company: Ermetic Abstract In cloud platforms, identity and permissions are the most important control that customers get to implement. Network segmentation and other traditional controls are often ineffective and access to resources is determined by a mixture of roles & policies. This mixture can become very complex and difficult to lock down. In this episode, we are hosting Arick Goomanovsky, Chief Business Officer at Ermetic, to discuss Cloud identity and access challenges, and to review real life examples of what can happen when neglecting identity and access entitlements in cloud infrastructure. Mail to: [email protected] Timing: 0:00 Introducing our guest and Ermetic 2:21 Understanding Identity Governance 4:40 Cloud identity challenges 10:55 Dealing with identity challenges by adding visualization and analysis of permissions 16:30 Who are the organizational stakeholders relevant? 22:01 Examples for IAM challenges and outbreaks 22:25 Example 1: Protecting sensitive resources 26:25 Example 2: Third party access 29:49 Example 3: The visibility challenge when using SSO 31:30 Summary and final words ...
Attendees Guest: Olaf Streutker Guest title: CISO Advisor Company: ABN Amro Abstract The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud. Link to CSA Cloud Octagon Model: https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/ Timing 0:00 Intro and introducing the guest and ABN Amro cloud adoption methodology 12:10 The evolution of the Cloud Octagon Model and basic concepts 11:28 How ABN-Amro are dealing with IaaS/PaaS vs. SaaS 15:30 The different phases of the Cloud Octagon Model: Classification 20.30 Core banking applications in the cloud 24.20 The different phases of the Cloud Octagon Model 31.20 Summary and conclusions ...