This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Sisällön tarjoaa Anton Chuvakin. Anton Chuvakin tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!
Siirry offline-tilaan Player FM avulla!
EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
MP3•Jakson koti
Manage episode 451882272 series 2892548
Sisällön tarjoaa Anton Chuvakin. Anton Chuvakin tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Guest:
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- “How Google protects its production services” paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
210 jaksoa
MP3•Jakson koti
Manage episode 451882272 series 2892548
Sisällön tarjoaa Anton Chuvakin. Anton Chuvakin tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Guest:
Michael Czapinski, Security & Reliability Enthusiast, Google
Topics:
- “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting?
- What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time?
- Can you elaborate on the concept of Foundational services and their significance in Google's security posture?
- How does your security approach adapt to this vast spectrum of sensitivity and purpose of our servers and services, actually?
- How do you implement this principle of zero touch prod for both human and service accounts within our complex infrastructure?
- Can you talk us through the broader approach you take through Workload Security Rings and how this helps?
Resources:
- “How Google protects its production services” paper (deep!)
- SLSA framework
- EP189 How Google Does Security Programs at Scale: CISO Insights
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- SREcon presentation on zero touch prod.
- The SRS book (free access)
210 jaksoa
Kaikki jaksot
×Tervetuloa Player FM:n!
Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.