Sandra Guo, Product
Manager in Security, Google Cloud
We have a really interesting
problem here: if we make great investments in our use of trusted
repositories, and great investments in doing code review on every
change, and securing our build systems, and having reproducible
builds, how do we know that all of what we did upstream is actually
what gets deployed to production?
What are the realistic threats
thatBinary Authorizationhandles? Are there specific organizations that
are more at risk from those?
What’s the Google inspiration
for this work, both development and adoption?
How do we make this work in
practice at a real organization that is not
Where do you see organizations
“getting it wrong” and where do you see organizations “getting it
We’ve had a lot of
conversations about rolling out zero-trust for enterprise
applications, how do those lessons (start small, be visible, plan
plan plan) translate into deploying Binauthz into blocking
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.