Episode 27: Protecting Your Cloud Data With Legal Controls

Episode 27 October 14, 2020 00:40:46
Episode 27: Protecting Your Cloud Data With Legal Controls
SilverLining IL
Episode 27: Protecting Your Cloud Data With Legal Controls
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Dalit Ben Israel

Guest title: Partner, head of IT & Data protection practice

Company: Naschitz Brandes Amir

 In the cloud era, the information security officer's new best friends are the lawyers in the legal department.   Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring. 

Timing:

0:00 - Opening

2:03 - Introduction of our guest

4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield

12:50 - The roles and responsibilities of cloud providers and customers 

15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs

20:00 - Specific challenges with SaaS and agreements with subprocessors

22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks.

30:32 - Dispute resolution and venue of jurisdiction

33:24 - Ongoing contract monitoring

36:10 - Summary

 Connect with Dalit here:

Email: [email protected]

Website: www.nblaw.com

Other Episodes

Episode 18

August 02, 2020 00:38:08
Episode Cover

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen

Episode 38

May 12, 2021 00:32:43
Episode Cover

SilverLining Episode 38: Cloud Native Security Foundations

Attendees Guest: Gadi Naor  Guest Title: VP Software Engineering, Cloud Security @ Rapid7 Topic: Cloud Native Security Foundations Abstract Lately, The CNCF (Cloud Native Computing Foundation) released the cloud native security whitepaper: the first release of security guidelines for organizations who adopt cloud native approaches. In order to better understand the guidelines, we hosted Gadi Naor, VP Software Engineering, Cloud Security @ Rapid7, and co-author of the guidelines, for a conversation about what is cloud native security and why & how organizations should adopt this approach. ...

Listen

Episode 39

June 23, 2021 00:29:08
Episode Cover

SilverLining Episode 39: Securing API Services

Attendees Guest: Oz Avenstein Guest Title: Founder & CEO @ Avensec - Cloud & Application Security Topic: Securing API Services   Abstract The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most common connection method is to use Application Programming Interfaces (APIs). In this episode we spoke with Oz Avenstein, co-author of the CSA Security Guidelines for Providing and Consuming APIs about the guidelines creation process and how organizations should secure access to API resources. ...

Listen