Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Episode 6 August 12, 2019 00:33:45
Episode 6: The Cloud Octagon Model Framework for Cloud Adoption
SilverLining IL
Episode 6: The Cloud Octagon Model Framework for Cloud Adoption
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Olaf Streutker

Guest title: CISO Advisor

Company: ABN Amro

Abstract

The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud.

Link to CSA Cloud Octagon Model:

https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/

 

Timing

 

0:00

Intro and introducing the guest and ABN Amro cloud adoption methodology

12:10

The evolution of the Cloud Octagon Model and basic concepts

11:28 

How ABN-Amro are dealing with IaaS/PaaS vs. SaaS

15:30

The different phases of the Cloud Octagon Model: Classification

20.30

Core banking applications in the cloud

24.20

The different phases of the Cloud Octagon Model

31.20

Summary and conclusions

 

Other Episodes

Episode 25

September 01, 2020 00:35:08
Episode Cover

Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

Attendees Guest: Shira Shamban Guest title: CEO & Co-Founder Company: Solvo Abstract In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process.  Timing: 0:00 Introducing our guest 3:00 Introducing cloud identity challenges  6:20 Why role management is not enough 11:40 Why we fail to create least-privilege-roles   15:10 How to manage IAM securly - the people angle 18:13 How to manage IAM securly - the process angle 21:08 How to manage IAM securly - the technology angle 31:08 Summary and last words ...

Listen

Episode 1

November 04, 2018 00:37:41
Episode Cover

Episode 1: Security Challenges With The Growing World Of Serverless Functions

Attendees Guest: Ory Segal, Puresec Guest title:  CTO & Co-Founder at PureSec Company:  Puresec is the global leader in serverless architectures security.   Serverless functions are one the most interesting things that is happening in architecture of application development. With Serverless, application developers can stop worry about the underlying infrastructure and scalability of the application, but they must address other risks at application level. In this podcast we are interviewing Puresec CTO, Ory Segal , co-author of the top 12 risks to serverless applications   Timing 0:00 – 2:35 – intro 2:35 – 8:05 - what are Serverless functions 8:05- 12:20 - how Serverless is different (security wise) 12:20 -  19:40 - Serverless risks & threats 19:40 -  24:00 - common mistakes and misconfiguration with Serverless 24:00 – 29:30 - Serverless effect on people, process and technology 29:30 – 37:00 – Summary and conclusions ...

Listen

Episode 7

September 02, 2019 00:36:26
Episode Cover

Episode 7: Creating Trust in Cloud

Attendees Guest: Damir Savanović Guest title: Senior researcher Company: Cloud Security Alliance Abstract Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In  this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws. Timing 0:00 Intro and introducing our guest and overview of Damir activities in the area of cloud security 5:40 Introducing Cloud Security Alliance activities and major projects (STAR and CCSK) 9.17  The true meaning of trust in cloud computing. Using attestation and certification for establishing trust 14:50   The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance 17.50 Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring 24.20 Behind the scenes of continuous monitoring - the CSA STAR methodology  32.00 Summary and conclusions ...

Listen