Cloud Crunch
Cloud Crunch

Episode · 2 months ago

S4E5: Barbarians at Door


Welcome back to Cloud Crunch. Today’s topic, "Barbarians At The Door". We will discuss the risk factors you need to be thinking about when it comes to securing your cloud. We are joined by our lead host and Director of Marketing Michael Elliott, and co-host Fred Bliss, CTO of all things data at 2nd Watch. Our honored guest is Jeff Collins, Solutions Manager for 2nd Watch.

Involve, Solve Evolve. Welcome to cloud Crunch, the podcast for any large enterprise planning on moving to or is in the midst of moving to the cloud. Hosted by the cloud computing experts from Second Watch. Michael Elliott, Executive director of Marketing, and Fred Bliss, CTO of all Things Data at second Watch and now here are your hosts of cloud Crunch. Welcome back to a new season of cloud Crunch, and this season we're going to focus on AWS Reinvent, the biggest cloud conference in the world kicking off November. Are intended to enable you, the viewer, the opportunity to immerse yourself at how cloud has evolved since last year on topics like preparing and building a center of excellence, extracting data insights, managing a cloud native environment, and data center evacuation. Joining me today is Jeff Collins, Solutions manager here at second Watch. Welcome to cloud Crunch. Jeff, Thank you, Michael. It's good too, good to be here and good to talk to you this morning. Absolutely, so the focus of this video cast is gonna be Barbarians at the Gate and don't confuse that with the movie about I think it's JR. Reynolds. But it's more about addressing the real threats of securing your cloud environment, and those threats are little unique and different than securing you know, just your regular on prem data center. So with like first question out the gate is how have you seen that security landscape change from the data center into the cloud.

Yeah, it's uh, it's definitely evolved. I mean I've I've been doing this for probably started back in n two thousand and you know, it started off as dedicated devices, remember like Cisco Picks and Nokia running checkpoint devices, physical devices that you would build in a client's infrastructure. UM. And it's it's evolved, you know, it's gone from that. It's it's once virtual virtualization kicked in, UM, it's gone to more kind of those software based firewalls UM that that get deployed and now with they had been of public cloud. Not that it's new, UM, you know it's been around for a while now UM getting into more of cloud native security products UM where you don't have to worry about physical devices. The CSPs take care of of, you know, managing the actual services and you're just basically setting up the same type of firewall rules and security group rules and all that stuff. UM, But I would say holistically, the the technology hasn't really changed. Still kind of that cat and mouse game between the security providers and the folks that are in they're trying to do malicious things in the in the environment. So from a high level, it it's it's it's remained constant. It obviously has evolved. I think the method of delivering the service has definitely changed over the years. So from a CSO perspective, do you think the skill set then is still the same or has it evolved a little bit to understand how cloud service providers like AWS protect that environment and the responsibility you now have that you didn't have before. Yeah, I would say it's probably mixed of both. I think obviously the technology has changed, so having to get away from physical devices and UM kind of evolved as the technology has and be aware of how to operate within the within the public cloud space. UM that has definitely changed. UM. The kind of threat management technology that gets applied, like intrusion detection and...

...trusion prevention, file and integrity monitoring UM that is kind of remain constant UM with the exception of you know, the these threats are always changing, right, They're always evolving. It's it's never gonna end. So trying to detect new threats and figure out kind of what those threat patterns look like and then be able to UM kind of alert um man user as to what's going on and when to you know, when when there is an activity that that's malicious UM and and you know what what steps are required to go re mediate that. So I would say it's definitely a mix of both and understanding the kind of the technical aspects of how to operate the security services within the cloud. Um IS has evolved and it's going to continue to do so. So as we think about how m Initially the movement from on prem to cloud was around more lift and shift. So a lot of what you talked about is they've taken over securing your VMS and now it's at the threat detection. But now as we start to look at cloud native applications and the movement of um containerization and micro services and you know how we're developing applications today, how has that changed and what do CSOs and securities what did they need to be thinking about? Yeah, yeah, UM so and and and again I think it comes down to the application itself. You know, how secure does it need to be? A lot of times you can check the box with the cloud native um UM offerings, and sometimes you you can't, and you have to kind of go up another step and at additional layer. Like a lot of a lot of especially when you get into the compliancy world. UM, A lot of those requirements or those controls that you have to meet require a dedicated sock UM And if you're not really with the sock is it's simply a security operations center where you've got security experts that are you know, constantly monitoring all the data that's flowing in and out the cloud environments, UM mapping those two known...

...threats and then sending out alerts or even vulnerability. So it's UM, it's it's it's ever evolving and I think just kind of keeping up with all those different changes, it represents a challenge. You know, sometimes UM the UM the CSPs can provide services and and take care of that, and other times you need additional layers of security to to meet whatever your your business requirements are, especially if you get into once you start getting into compliancy, well, let's talk about you know, when an attack you know, the inevitable when an attack occurs. So what's the most important thing to do there? Yeah, and it's all about visibility. And I would say that there's two main types of things that you have to look at. Obviously, the first one being UM any kind of UM virus or vulnerability UM or any kind of live and I guess the second one being a live attack, right, So keeping that visibility into your environment UM. And you can do this both cloud datively or you can do it with with add on security products, but essentially just knowing what's going on in environment in real time and that can be anywhere from are things like UM loading agents into v ms or instances, are monitoring, log UM log ingestion tools like cloud trail for example UM in real time and and kind of comparing that data that's constantly coming in two known threats UM. And then if if something malicious is picked up, like it picks up on a on a pattern, that should be looked at creating alerts based on severity how important it is, you know, is it something that's you know, uh seven one and it's going to shut down your environment and it's you know, it's kind of all hands on deck or is something that that can be remediated over It's not quite as important, but it's something to look for. UM. You know, maybe within a couple of hours, it needs to be looked at and remediated. So classifying those different alert as they come in... key. Use a lot of these products, even the cloud native or the add on stuff. Can you can create a lot of noise for the end users. All that noise that's created, how do you start to be able to you know, see the trees from the forest type of a scenario with all that noise and the alerting that's going to happen. Yeah, and a lot of that, especially if you're going through a separate security provider UM, a lot of that gets filtered out within the SoC or the or the STEM as they call it, which is kind of the collection of UM different software products that are doing all that scanning and looking for those alerts. And then I would say the second part of that question would be vulnerabilities. So you know, a lot of times you might not have a virus or a malware attack or UM Adidas attack or something like that, but being able to scan those environments and look for vulnerabilities that could potentially become problematic. UM is key as well. So I know in the last couple of months, log Poor Jay was a big one. There was one that came out probably two or three weeks ago called Maggie UM. And if you don't have those those types of visibility products in place to see what's going on, UM, you won't know that you're infected, or that I wouldn't say infect, I would say you don't know that those potential vulnerabilities are there. And what that basically does is kind of open opens the door to a hacker to gain access to whatever you know, wherever that vulnerability is UM and and get in the and get in the cloud environment. So what are some examples of those tools that you referenced UM? So I guess specific to the big CSPs, UM UM, AWS, Audit Manager, AWS inspector, UM Guard Duty, Microsoft Defender UM. There there's a whole slew of those. Then you kind of get into some of the add on security products like Armor or Logic or CrowdStrike UM.

They all kind of have that those same type of feature sets, and and it comes down to what they call UM M d R Managed Detection and Response UM. They're all they're all similar in terms of what they're what they're doing. They're essentially looking for the same type of vulnerabilities and also scanning UM for those known threats. Excellent. Next question you mentioned earlier in the in the video casts about compliancy. Now, how do you see security relating to compliancy because as we look at now the financial word, banking word, now UM, government entities, they look at healthcare, especially around compliance. How how do you look at security in the in the construct of ensuring compliance. Yeah, I think they go hand in hand because typically with eachal healthcare, so Hippo, we can take that one. For example, UM, to to maintain Hippo compliancy, you have to have UM, you have to have the right security settings and in place. Typically that's going to require additional levels of security and you need a you need your own sock or have a some type of security service that that's UM integrated into your cloud platform that has a sock UM and also getting visibility into how your cloud environment is performing against those Hippo controls for example. So there's a there's a product, and I guess the common term in the industry is CESPM or UM Cloud Security Posture Management and Essentially what that is that there's all kinds of different flavors UM that are different vendors that that have offered that that type of service, and you get a cloud natively, you can get it UM externally. It's basically a scan that runs in the cloud environment and specific to Hippo, it would it would it would bump those various known controls up against what's running in the environment and if...

...there's UM as long as you're meeting those controls, it will give you reporting that says, yes you can, here's your evidence to provide your auditor. You're meeting these these specific controls UM and you're you're good to go, and if you're not, they typically will provide remediation steps in terms of what you need to do to fix those issues. UM. And it's kind of an ongoing process because that those those controls change over time UM and you want to make sure that, especially in more dynamic environments, as different cloud resources get added into that environment, that they're scanned and your and your meeting those those various controls. So I would say that they got their hand and hand. So the last question for you then, UM and this requires you a little bit of a crystal ball, And I asked in a different way earlier around cloud native. But as as we continue to evolve and involve rapidly into the cloud as we have, what do you think the future security is going to look like? Yeah, it's evolving. I think especially UM. You know what what we've seen here at second launches, clients are are evolve, aren't They are evolving? You know they it's gone from the data center into the cloud, and a lot of times they'll do just kind of a one to one mapping UM and and essentially build what they had in the in their data center within the cloud using UM infrastructure like UM instances and vms. But that's that's shifting as well, because now you're kind of getting away from that three tiered architecture into more of a DevOps type of mentality where you know, you're constantly releasing code UM, you don't have to worry about the infrastructure so much. You start using containerization a lot more UM as well as as servilests and more cloud native products essentially do the same thing that you were doing UM within that within the data center or the three tiered architecture UM cloud within the cloud itself. UM but it it opens up the door to a lot more products and a lot more UM services that you can integrate UM to kind of enhance...

...your business and make it more efficient. UM. You know, maybe you're you're processing some sort of transaction and you know, through servi lists and and containerization you can you can increase that cycle time by you know, a couple of milliseconds and then at scale, you know you're saving your company millions of dollars a year UM. But that also introduces more of a challenge well on the security side. So now you don't necessarily have an agent that you can go load on a on a VM or an instance, you're monitoring log traffic and in certain cases you have to inject that security code in your pipeline and make sure that it's you know, before your your code goes into production, that uh, that the code is scanned and you know, just kind of like you would with an agent UM, it's looking for those known threats and if there's nothing that's there, then you're good. You can put the code into production. And that's like a continuous cycle. So that that's a little bit different than than what what has been done historically. So and just keeping up with all those different technologies too. That's that's a challenge knowing how things operate because it's a little different. It's UM and it's it's only going to keep changing and evolving over time. So I think that's that's kind of always the challenge is keeping up with the evolving technology as it relates to cloud. So, Jeff, I want to thank you for joining us to today to discuss barbarians at the Gate. Any final words of advice for the attendees of Reinvent Yeah, I would. I would say, just, um, you know, when you're when you're out at reinvent UM, you know, they always like to announce everything there, so it can be kind of daunting to to keep up with it. But UM, yeah, I guess specific for security, just you know, any any kind of new enhancements or there's any kind of feature sets that are coming out, just things to be aware of. UM. I'm sure they will. They'll make a big deal of any security related UM announced it says they as they come out, as they always... UM. But just you know, if you're out there and you want to have conversations around security, by all means will be there obviously, So happy to talk to you. UM and if it's something that we can help you in the security realm, if it's if it's anything from doing assessments to um kind of more. What we do on on on my side in terms of managing environments and applying managed security or cloud native security products on an ongoing basis, by all means let us know we'd love to talk to you. Well. I want to thank our audience for listening to our show. This video cast is intended to add value to any large enterprise it is planning to or moving to the cloud, or just currently focus on leveraging the value of the cloud. Send your comments or suggestions to cloud Crunch at second watch dot com. Thank you you've been listening to cloud Crunch with Michael Elliott and Fred Bliss. For more information, check out the blog second watch dot com, forward Slash Cloud dash blog, or reach out to second watch on Twitter and LinkedIn.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (43)