Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more.

Agenda

Opening words  - 5 min 

1. introducing the podcast  - Moshe / Ariel 
2. Introducing our guest - Ariel
3. Introducing myself - Moshe
4. Introducing the topic and context of the podcast - Moshe 

Security challenges  

People

• • Shortage in manpower:  There are missing jobs for cyber professional and especially application security
  • Shortage in knowledge: security professional lag behind learning new technologies

Process

• • Malicious insider - one of the biggest challenges for cloud providers
  • Shared responsibility model collapsing
  • Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data
  • Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest

Technology

• • API security best practices - there will be more & more API’s, we did not master how to protect them
  • Encryption and key management - the holy grail for holding your own encryption keys is fading
  • Multi tenancy - we don't have clear practices on building multi tenant applications
  • Identity based access controls - network access controls are useless in cloud computing, but our ability to create granular access controls based on identity is not mature yet 
  • Multi tenancy 
  • Continuous monitoring
  • Automation and devops - Security automation is still maturing. We still don't know how to integrate developers and operation without breaking best practices
  • Using the wrong tools 

Closure (5 min)

1. Moshe - Summersing 
2. Ariel - closing