Episode 7: Creating Trust in Cloud

Episode 7 September 02, 2019 00:36:26
Episode 7: Creating Trust in Cloud
SilverLining IL
Episode 7: Creating Trust in Cloud
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Damir Savanović

Guest title: Senior researcher

Company: Cloud Security Alliance

Abstract

Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In  this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws.

Timing

0:00

Intro and introducing our guest and overview of Damir activities in the area of cloud security

5:40

Introducing Cloud Security Alliance activities and major projects (STAR and CCSK)

9.17 

The true meaning of trust in cloud computing. Using attestation and certification for establishing trust

14:50  

The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance

17.50

Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring

24.20

Behind the scenes of continuous monitoring - the CSA STAR methodology 

32.00

Summary and conclusions

Other Episodes

Episode 9

October 29, 2019 00:35:01
Episode Cover

Episode 9: Challenges With Cloud Management Logs

Attendees Guest: Shira Shamban Guest title:  Cloud Security Company:  Check Point (Dome9) Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. Abstract Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking  and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms  and the challenges of gaining insights from them.  0:00 Introducing Shira and her activities in CheckPoint and community activities (Security-Diva, CSA Top Threat working group, OWASP-IL)  11:55 Introducing the challenges of cloud log management: enabling correctly,  long term storage, analysis challenges, lack of info  19.45  The challenges of monitoring cloud assets using IP addresses  21:25   How to properly do cloud based log collection: Enrichment, external threat service 24.20 Values of log visualization  28.05 Log storage management 31:21 Summary and last words ...

Listen

Episode 27

October 14, 2020 00:40:46
Episode Cover

Episode 27: Protecting Your Cloud Data With Legal Controls

Attendees Guest: Dalit Ben Israel Guest title: Partner, head of IT & Data protection practice Company: Naschitz Brandes Amir  In the cloud era, the information security officer's new best friends are the lawyers in the legal department.   Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring.  Timing: 0:00 - Opening 2:03 - Introduction of our guest 4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield 12:50 - The roles and responsibilities of cloud providers and customers  15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs 20:00 - Specific challenges with SaaS and agreements with subprocessors 22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks. 30:32 - Dispute resolution and venue of jurisdiction 33:24 - Ongoing contract monitoring 36:10 - Summary  Connect with Dalit here: Email: [email protected] Website: www.nblaw.com ...

Listen

Episode 38

May 12, 2021 00:32:43
Episode Cover

SilverLining Episode 38: Cloud Native Security Foundations

Attendees Guest: Gadi Naor  Guest Title: VP Software Engineering, Cloud Security @ Rapid7 Topic: Cloud Native Security Foundations Abstract Lately, The CNCF (Cloud Native Computing Foundation) released the cloud native security whitepaper: the first release of security guidelines for organizations who adopt cloud native approaches. In order to better understand the guidelines, we hosted Gadi Naor, VP Software Engineering, Cloud Security @ Rapid7, and co-author of the guidelines, for a conversation about what is cloud native security and why & how organizations should adopt this approach. ...

Listen