Episode 26: Current Challenges With Cloud
This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words - 5 min introducing the podcast - Moshe / Ariel Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe Security challenges People Shortage in manpower: There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud computing, but our ability to create granular access controls based on identity is not mature yet Multi tenancy Continuous monitoring Automation and devops - Security automation is still maturing. We still don't know how to integrate developers and operation without breaking best practices Using the wrong tools Closure (5 min) Moshe - Summersing Ariel - closing