Preview Mode Links will not work in preview mode

Cloud Security Podcast by Google

Sep 25, 2023



  • What is different about system hardening today vs 20 years ago? 

  • Also, what is special about hardening systems at Google massive scale?

  • Can I just apply CIS templates and be done with it?

  • Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity?

  • A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us?

  • Are there cases where we have taken lessons from hardening at scale and converted those into product improvements?

  • What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you’re doing? [Spoiler: the answer here is VERY fun!]