Preview Mode Links will not work in preview mode

Cloud Security Podcast by Google


Oct 16, 2023

Guests:

Topics:

  • It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true?

  • As far as remediation scope, do we need to cover  traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too?

  • One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this the same in the cloud? If still true, how can any vendor technology help resolve it?

  • Why is cloud security remediation such a headache for so many organizations?

  • Is the friction real between security and engineering teams? Do they have any hope of ever becoming BFFs?

  • Doesn’t every CSPM (and now ASPM too?) vendor say they do automated remediation today? How should security pros evaluate solutions for prioritizing, triaging, and fixing issues?

Resources: