Security Rules Security Rules

The cloud is far from new, but the tools, methods, and people that secure it are changing. Although the “castle” is still Security’s to protect, the guards may no longer be part of the team. Efforts are necessary to train, immerse, and provide real context for this new guard of cloud security, and companies are exploring how to do this effectively. Join Shay Dayan, CTO of Cloud at Tufin, and understand how companies are approaching this successfully to ensure that security is persistent despite the change inherent of cloud.

Acceptance of risk has overtaken the business; a dangerous position built on a crumbling foundation of decades worth of layered access. Digital transformation is fueled by and requires IT agility to ensure necessary connectivity. However, the adoption of cloud infrastructure requires us to rethink how we construct the foundation, and ensure security from the ground up. Join Alexander Busshoff, former security consultant for BDG, and current Solutions Architect at Tufin to understand the cultural changes needed within the business to reinforce security and regain relevance in a battle that security is often losing badly.

Network segmentation is necessary for an efficient and secure network. But the network has changed, and so too must the network segmentation strategy. Segmenting across two sets of infrastructure necessitates a new sense of creativity within security and empowering the access owners of the cloud to effectively implement security controls. But developing new methods to extend security comes with caveats, and lessons learned that need to be shared. This episode features Ethan Smart, formerly of IT Security Operations at McDonalds and CipherTechs, discussing how organizations seek to segment in the cloud, the struggles they face, and ideas to overcome them.

The model of effective security is often under a permutating name with the same emphasis: ensure the least access necessary. But as technology has evolved, so too have the solutions to manage it. So while security get more achievable, technology – and the ownership over it – has changed. Now too security must change, but utilizing what methods? Zero Trust? Least Privilege Necessary? Positive Security? This episode of Security Rules covers these topics with Joe Schreiber, a veteran of IT security and former SOC leader.

The adoption of cloud has come with a separation in ownership between the corporate legacy network and the public cloud. And while your application team doesn’t share your priority on cloud security, they are managing connectivity in the cloud. The division in ownership and lack of security knowledge requires IT Security to change their perspective, embrace security automation, and the DevOps mindset. Listen to Colby Dyess on how to ensure security in the cloud, leverage the CI/CD pipeline to include automated security, and successfully socialize security with the cloud console owners.

Intent-Based Networking is meant to simplify networking – utilize software to plan, design, and implement changes to the network without reliance on human action or intervention. And while the acronym IBN is often utilized in marketing materials, how close are we to achieving the next big thing in network automation? Join Tufin’s Technical Director of Business Development and former SOC lead, Joe Schreiber, to differentiate the hype from the academic definition of IBN. We'll discuss how close we are to achieving IBN and even hear some cautionary tales on adoption based on experiences at automated eateries.