29 episodes

The podcast for Security Architecture
Hosted by Moshe Ferber and Ariel Munafo.

The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & DevOps – they all changed the way we build new applications. Young startups today got access to enterprise-grade infrastructure enabling them to produce scalable, robust applications faster and cheaper. But as companies innovate faster, security challenges arise. The security community has not mastered yet the full art of developing software fast, at scale, and secure and variety of companies still struggle to found the right foundation for their security posture.

SilverLining podcast was created to help you do just that – find the right combination of people, processes, and technologies to build more secure and reliable services. We will focus on the latest development in infrastructure and software development and talk with people who mastered how to secure those. In each episode, we will host an expert for discussion on the security aspects of new technologies and provide insights, best practices, and knowledge in creating more secure software architecture.

SilverLining IL MarkeTech

    • Technology
    • 5.0 • 2 Ratings

The podcast for Security Architecture
Hosted by Moshe Ferber and Ariel Munafo.

The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & DevOps – they all changed the way we build new applications. Young startups today got access to enterprise-grade infrastructure enabling them to produce scalable, robust applications faster and cheaper. But as companies innovate faster, security challenges arise. The security community has not mastered yet the full art of developing software fast, at scale, and secure and variety of companies still struggle to found the right foundation for their security posture.

SilverLining podcast was created to help you do just that – find the right combination of people, processes, and technologies to build more secure and reliable services. We will focus on the latest development in infrastructure and software development and talk with people who mastered how to secure those. In each episode, we will host an expert for discussion on the security aspects of new technologies and provide insights, best practices, and knowledge in creating more secure software architecture.

    Episode 29: Cloud Identity Governance - understanding challenges

    Episode 29: Cloud Identity Governance - understanding challenges

    Sponsored By:

    Attendees
    Guest: Arick Goomanovsky
    Guest title: Co-Founder & Chief Business Officer
    Company: Ermetic
    Abstract
    In cloud platforms, identity and permissions are the most important control that customers get to implement. Network segmentation and other traditional controls are often ineffective and access to resources is determined by a mixture of roles & policies. This mixture can become very complex and difficult to lock down. In this episode, we are hosting Arick Goomanovsky, Chief Business Officer at Ermetic, to discuss Cloud identity and access challenges, and to review real life examples of what can happen when neglecting identity and access entitlements in cloud infrastructure.
    Mail to: info@ermetic.com
    Timing:
    0:00  Introducing our guest and Ermetic
    2:21  Understanding Identity Governance
    4:40  Cloud identity challenges
    10:55 Dealing with identity challenges by adding visualization and analysis of permissions
    16:30 Who are the organizational stakeholders relevant?
    22:01 Examples for IAM challenges and outbreaks
    22:25 Example 1: Protecting sensitive resources
    26:25 Example 2: Third party access
    29:49 Example 3: The visibility challenge when using SSO
    31:30 Summary and final words

    • 36 min
    Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

    Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

    Attendees
    Guest: Ofer Maor
    Guest title: Co-Founder & CTO 
    Company: Mitiga
    Abstract
    The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples.
    Timing:
    0:00 Introducing our guest and Mitiga
    3:32 Preparing for cloud incident response 
    7:15 Cloud attack vector - malicious AMI
    11:00 More attack vectors on marketplaces
    13:18 Github attack vectors
    18:15 attack vector - Business email compromise on 365
    25:44 how to mitigate cloud incidents
    27:58 Summary and last words

    • 29 min
    Episode 27: Protecting Your Cloud Data With Legal Controls

    Episode 27: Protecting Your Cloud Data With Legal Controls

    Attendees
    Guest: Dalit Ben Israel
    Guest title: Partner, head of IT & Data protection practice
    Company: Naschitz Brandes Amir
     In the cloud era, the information security officer's new best friends are the lawyers in the legal department.   Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring. 
    Timing:
    0:00 - Opening
    2:03 - Introduction of our guest
    4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield
    12:50 - The roles and responsibilities of cloud providers and customers 
    15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs
    20:00 - Specific challenges with SaaS and agreements with subprocessors
    22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks.
    30:32 - Dispute resolution and venue of jurisdiction
    33:24 - Ongoing contract monitoring
    36:10 - Summary
     Connect with Dalit here:
    Email: marketing@nblaw.com
    Website: www.nblaw.com

    • 40 min
    Episode 26: Current Challenges With Cloud

    Episode 26: Current Challenges With Cloud

    This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more.
    Agenda
    Opening words  - 5 min 

    introducing the podcast  - Moshe / Ariel 
    Introducing our guest - Ariel
    Introducing myself - Moshe
    Introducing the topic and context of the podcast - Moshe 

    Security challenges  
    People


    Shortage in manpower:  There are missing jobs for cyber professional and especially application security
    Shortage in knowledge: security professional lag behind learning new technologies


    Process


    Malicious insider - one of the biggest challenges for cloud providers
    Shared responsibility model collapsing
    Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data
    Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest


    Technology


    API security best practices - there will be more & more API’s, we did not master how to protect them
    Encryption and key management - the holy grail for holding your own encryption keys is fading
    Multi tenancy - we don't have clear practices on building multi tenant applications
    Identity based access controls - network access controls are useless in cloud computing, but our ability to create granular access controls based on identity is not mature yet 
    Multi tenancy 
    Continuous monitoring
    Automation and devops - Security automation is still maturing. We still don't know how to integrate developers and operation without breaking best practices
    Using the wrong tools 


    Closure (5 min)

    Moshe - Summersing 
    Ariel - closing 

    • 49 min
    Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

    Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

    Attendees
    Guest: Shira Shamban
    Guest title: CEO & Co-Founder
    Company: Solvo
    Abstract
    In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process. 
    Timing:
    0:00 Introducing our guest
    3:00 Introducing cloud identity challenges 
    6:20 Why role management is not enough
    11:40 Why we fail to create least-privilege-roles  
    15:10 How to manage IAM securly - the people angle
    18:13 How to manage IAM securly - the process angle
    21:08 How to manage IAM securly - the technology angle
    31:08 Summary and last words

    • 35 min
    Episode 24: Putting The Sec Into DevOps

    Episode 24: Putting The Sec Into DevOps

    Attendees
    Guest: Dima Revelis
    Guest title: Senior Devops engineer
    Company: MoonActive
    Abstract
    DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices.
    Timing:
    0:00 - Introducing our guest
    2:50 - What is devops
    7:50 - What is deployment pipeline
    14:20 - What is CI and which security testing can be implemented
    17:20 - What is CD and which security consideration 
    18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis
    20:45 - So much automation, do we still need manual testing? 
    22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management
    26:40 - Availability considerations and disaster recovery
    33:30 - Summary and final words

    • 37 min

Customer Reviews

5.0 out of 5
2 Ratings

2 Ratings

dvid namorsky ,

נהנה לשמוע

תודה על פרקים מצויינים

Top Podcasts In Technology