Detection and response is alive
(obviously), but sometimes you say SOC is dead, what do you mean by
You refer to a federated
approach for Detection and Response” (“route the outcomes to
the teams that need them or can address them”), but is it workable
for any organization?
What about the separation of
duty concerns that some raise in response to this? What about the
organizations that don’t have any security talent in those
Is the approach you advocate
"cloud native"? Does it only work in the cloud? Can a traditional,
on-premise focused organization use it?
The model of “security team as
a decision-maker, not an implementer” has a bit of a
painful history, as this is what led to “GRC-only teams” who
lack any technical knowledge. Why will this approach work this
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.