Episode 35: Compliance Automation and Zero Trust Containers

Episode 35 February 24, 2021 00:33:05
Episode 35: Compliance Automation and Zero Trust Containers
SilverLining IL
Episode 35: Compliance Automation and Zero Trust Containers
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Sponsored By:

 

‍‍

Attendees

Guest: Malgorzata (Gosia) Steinder
Guest title: CTO of Hybrid Cloud Research. IBM research
Topic: Compliance automation and zero trust containers

 

Abstract

Continuous monitoring, containers, zero trust, confidential computing - those are all examples of technologies that will be the main focus in the upcoming years. In this episode, we hosted Malgorzata (Gosia) Steinder, CTO of Hybrid Cloud Research at IBM, who provided her vision on how all those technologies mentioned above, should be integrated into highly secure applications deployments.

 

Links: 

 

 

Other Episodes

Episode 1

November 04, 2018 00:37:41
Episode Cover

Episode 1: Security Challenges With The Growing World Of Serverless Functions

Attendees Guest: Ory Segal, Puresec Guest title:  CTO & Co-Founder at PureSec Company:  Puresec is the global leader in serverless architectures security.   Serverless functions are one the most interesting things that is happening in architecture of application development. With Serverless, application developers can stop worry about the underlying infrastructure and scalability of the application, but they must address other risks at application level. In this podcast we are interviewing Puresec CTO, Ory Segal , co-author of the top 12 risks to serverless applications   Timing 0:00 – 2:35 – intro 2:35 – 8:05 - what are Serverless functions 8:05- 12:20 - how Serverless is different (security wise) 12:20 -  19:40 - Serverless risks & threats 19:40 -  24:00 - common mistakes and misconfiguration with Serverless 24:00 – 29:30 - Serverless effect on people, process and technology 29:30 – 37:00 – Summary and conclusions ...

Listen

Episode 14

January 14, 2020 00:30:45
Episode Cover

Episode 14: DevOps Secret Management

Attendees Guest: Oded Hareven Guest title:  Founder & CEO Company:  A-Key-Less Abstract Application Secret management is becoming one of the biggest challenges for application security. With cloud, CI/CD and micro services architecture we discover that we are using a growing number of encryption keys, API keys, SSH keys tokens and connection strings. In this episode we talk with Oded HarEven, Founder at A-Key-Less about the challenges of secret management and the way to build secure secret management solution. Timing 0:00 Intro and introducing our guest 1:40 Application secret management  - defining what secret is, and what is secret management 6.00  Challenges with encryption keys  9:47   How to handle application secret management and encryption keys - requirements and best practices 12.25 Zero trust in key management - what does it mean and how to implement it 20:10 The process of integrating keys with cloud platform 25:35 A-Key-Less state of the market approach 27.35 Summary and conclusions ...

Listen

Episode 21

August 03, 2020 00:26:59
Episode Cover

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title:  CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can  be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Listen