139 episodes

Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.

We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.

We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.

Cloud Security Podcast Cloud Security Podcast Team

    • Technology
    • 5.0 • 16 Ratings

Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.

We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.

We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.

    McFee and FireEye join forces for XDR

    McFee and FireEye join forces for XDR

    Cloud Security News this week 26 Jan 2022


    Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The merger of these two companies has now form Trellix, which aims to be a leader in extended detection and response (XDR). In their blog post Trellix shared that  “Customers can expect Trellix’s living security platform to deliver bold innovation across the XDR market.”  - “with automation, machine learning, extensible architecture, and threat intelligence.”  You can find out more about Trellix and read their blog post here and let us know if you are excited about this merger?
    Orca Security is back in the news this week, not for their funding round or their vulnerability findings in AWS. They have made their 1st acquisition: RapidSec, an Israeli cybersecurity startup that protects web applications from client-side attacks. RapidSec’s software allows for detection of  web-application misconfigurations and deviations from best practices. Orca has indicated that it  plans to integrate these web services and API security technologies into its agentless cloud security platform. You can read more about this acquisition here.
    Cloud Security Firm Polar Security that has emerged from Stealth With $8.5 Million Seed Funding. They are a Tel Aviv, Israel-based cloud security company that aims to provide visibility into companies’ cloud data storage to allow security teams to secure the data and avoid compliance problems. You can find out more about them here
    Hunters.ai announced that  it has raised a $68 million Series C round bringing their total funding to date to $118 million. Hunters share in their blog that  “Never before has it been more lucrative to be a cyber criminal” and “On the defenders’ side, we see organizations struggling to keep pace. As technology advances and more tools are being used, the attack surface grows and the number of security products used by these organizations increases.” This is where Hunter.ai believes they can help with their Extended Detection and Response (XDR) platform used by Security Operations Center (SOC) teams to detect, investigate and stop threats. You can find out more about them here

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    Instagram - Cloud Security News 

    If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

    - Cloud Security Podcast:

    - Cloud Security Academy:

    • 3 min
    AWS IAM Getting Started

    AWS IAM Getting Started

    In this episode of the Virtual Coffee with Ashish edition, we spoke with Ian Mckay (@iann0036), a AWS Community Hero, AWS APN Ambassador who has a lot of popular open sources projects in the AWS security space.

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter: Ian Mckay (@iann0036)

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

    - Cloud Security News 

    - Cloud Security Academy

    • 40 min
    Remote Access Trojans target Public Cloud Infrastructure

    Remote Access Trojans target Public Cloud Infrastructure

    Cloud Security News this week 19 Jan 2022


    Cisco Talos Researchers have shared in a blog last week that  a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.”  Read more about this here.
    Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here
    Vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that  AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here
    The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here
    Sysdig’s platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here 

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    Instagram - Cloud Security News 

    If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

    - Cloud Security Podcast:

    - Cloud Security Academy:

    • 7 min
    Secret Management for Modern Apps Explained

    Secret Management for Modern Apps Explained

    In this episode of the Virtual Coffee with Ashish edition, we spoke with Dylan Ayrey (@insecurenature) is a Professional Hacker and Co-Founder of Truffle Security (@trufflesec)

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter: Dylan Ayrey (@insecurenature)

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

    - Cloud Security News 

    - Cloud Security Academy

    • 48 min
    CISO in a Cloud World in 2022 - Stu Hirst

    CISO in a Cloud World in 2022 - Stu Hirst

    In this episode of the Virtual Coffee with Ashish edition, we spoke with Stu Hirst (Linkedin-Stu Hirst) is the Chief Information Security Officer (CISO) of Trustpilot (@Trustpilot).

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter: Stu Hirst (Linkedin-Stu Hirst)

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

    - Cloud Security News 

    - Cloud Security Academy

    • 39 min
    UK Financial Regulators monitoring Cloud Providers Closely

    UK Financial Regulators monitoring Cloud Providers Closely

    Cloud Security News this week 12 Jan 2022


    UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a handful of cloud providers. A lot of major British banks have partnerships with cloud providers “AWS has announced deals with Barclays and HSBC, while Lloyd Banking Group holds partnerships with Google Cloud and Microsoft Azure.”. There is an increasing concerns about the impacts on the banks should these cloud providers experience outages. You can view the financial times article here
    Speaking of regulators and how they are dealing with cloud providers, a few weeks ago in December Chinese regulators have “suspended an information-sharing partnership with Alibaba Cloud Computing” over concerns that it failed to promptly report and address a cybersecurity vulnerability. According to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology “Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator”.This comes after, according to Reuters “The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.” From what we understand, there is no statement from Alibaba Cloud on this yet. You can read more about this here.
    Gartner's Report can be found here.
    Redhat's Report can be found here.

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    Instagram - Cloud Security News 

    If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

    - Cloud Security Podcast:

    - Cloud Security Academy:

    • 4 min

Customer Reviews

5.0 out of 5
16 Ratings

16 Ratings

newly_registered26 ,

Solid content and diverse participants

Ashish delivers some solid content on cloud security, not just AWS and interviews a number of diverse peeps from the security community.

MegaMooMa ,

Awesome Podcast, a Must Listen!

Every episode is so informative. Great line up of speakers discussing great topics, AWS, DevSecOps, Security the list goes on!
Highly recommended.

raji pillay ,

Brilliant content on cloud security.

The content is perfect for anyone who wants to keep up with cloud security.
Unbiased, real and you can find solutions to your cloud security problems.

Top Podcasts In Technology

Lex Fridman
Jack Rhysider
WBUR
Guy the crypto guy
The New York Times
Jason Calacanis

You Might Also Like

CISO Series
CyberWire, Inc.
ITWC
Johannes B. Ullrich
The Record Media