Episode Summary

11:11 Systems Director of Cloud Market Intelligence Brian Knudtson is joined by guests John Grange, Steve Sims, and Trevor Pott for a conversation about the upcoming third season of the podcast. They discuss the parallels between the rise of cloud and the importance of cybersecurity, the dynamics of the security industry, and their advice to sysadmins on how to be more secure. If security is an afterthought, you’ve already failed, but subscribing to season 3 is your best move going forward.

Panel

Cloud Conversations

Topic 1

[02:58] Last season, we did talk about security concerns when moving to the cloud, and one of the key takeaways I took from that episode in that conversation was that cloud providers can do security better than most individual companies can. John, you were on that episode. How is it that cloud can be more secure in practice, yet many customers feel that going to the cloud will make their data less secure.

Topic 2

[15:38] There’s a lot of [managed security service providers] being acquired by cloud and service providers trying to provide this as a service to their customers. And whether it’s beefing up an existing product or service that they have or trying to build a broader portfolio of other security services, there’s a lot of movement. And so I guess I’m kind of curious, Steve from your perspective having been caught up in that, is this a trend towards addressing concerns that customers have with security in the cloud, is it simply a play towards making cloud service providers more robust, or is it some combination therein?

Topic 3

[27:39] What advice do you have to people like us that generally have been focused on Windows, Linux, VMware, and maybe helping to manage cloud providers, but haven’t really dug into the cybersecurity side of the industry yet. Is it just learning how to do firewalls or is there more advice that you would give to them there?

Cloud Bites

[11:11] “I feel like we’re just kind of reliving the last decade, but changing it from cloud to security. And we’re having the same kinds of conversations that we were then.” — Steve Sims 

[13:42] “I remember lots of people went to virtualization because they had whole I.T. departments of people that were wanting to be on that VMware track. And that’s kind of what this reminds me of a little bit.” — John Grange 

[16:18] “We need to go back to the fundamentals of security and think about the fact that availability is just one leg of the CIA triad, which is a core tenet, or the three core tenants, so to speak, of security: confidentiality, integrity and availability.” — Steve Sims

[18:38] “We need to be able to provide better levels of security within that service that we already offer. And because of that, we’ve got to go out and acquire that talent and acquire those tools to live within our own ecosystems” — Steve Sims

[20:41] “You can’t just go shopping for a security nerd, because you don’t have one. All those vendors and all those service providers have been snapping them up.” — Trevor Pott

[21:49] “That’s put a lot of pressure on the product teams inside Amazon and Microsoft and such to actually be able to meet real enterprise requirements as their kind of range of use cases are just sort of exploding.” — John Grange

[23:24] “Long gone are the days you could just throw a firewall up and call it secure.” — Trevor Pott

[24:34] “You are statistically more likely to have the default configuration be more secure with the cloud than you will with an off the shelf product, at least right now. But that doesn’t make you secure. It just makes you slightly less insecure.” — Trevor Pott

[28:23] “Certainly the best thing is to convince your organization that security needs to be a first class citizen and a part of absolutely every aspect of your information technology and your business processes.” — Trevor Pott

[30:26] “Taking that approach that you are more granular the closer you are to the application, and the further away you are the more you are using blunt instruments, will really help focus where you’re thinking about doing security and how..” — Trevor Pott

[31:55] “Understanding the control planes of the services you’re consuming and the products you’re using is huge. I find that lots of security people have no idea how the cloud stuff works and is configured and developers don’t seem to care.” — John Grange