Security Rules

The cloud is far from new, but the tools, methods, and people that secure it are changing. Although the “castle” is still Security’s to protect, the guards may no longer be part of the team. Efforts are necessary to train, immerse, and provide real context for this new guard of cloud security, and companies are exploring how to do this effectively. Join Shay Dayan, CTO of Cloud at Tufin, and understand how companies are approaching this successfully to ensure that security is persistent despite the change inherent of cloud.

Acceptance of risk has overtaken the business; a dangerous position built on a crumbling foundation of decades worth of layered access. Digital transformation is fueled by and requires IT agility to ensure necessary connectivity. However, the adoption of cloud infrastructure requires us to rethink how we construct the foundation, and ensure security from the ground up. Join Alexander Busshoff, former security consultant for BDG, and current Solutions Architect at Tufin to understand the cultural changes needed within the business to reinforce security and regain relevance in a battle that security is often losing badly.

Network segmentation is necessary for an efficient and secure network. But the network has changed, and so too must the network segmentation strategy. Segmenting across two sets of infrastructure necessitates a new sense of creativity within security and empowering the access owners of the cloud to effectively implement security controls. But developing new methods to extend security comes with caveats, and lessons learned that need to be shared. This episode features Ethan Smart, formerly of IT Security Operations at McDonalds and CipherTechs, discussing how organizations seek to segment in the cloud, the struggles they face, and ideas to overcome them.

The model of effective security is often under a permutating name with the same emphasis: ensure the least access necessary. But as technology has evolved, so too have the solutions to manage it. So while security get more achievable, technology – and the ownership over it – has changed. Now too security must change, but utilizing what methods? Zero Trust? Least Privilege Necessary? Positive Security? This episode of Security Rules covers these topics with Joe Schreiber, a veteran of IT security and former SOC leader.

The adoption of cloud has come with a separation in ownership between the corporate legacy network and the public cloud. And while your application team doesn’t share your priority on cloud security, they are managing connectivity in the cloud. The division in ownership and lack of security knowledge requires IT Security to change their perspective, embrace security automation, and the DevOps mindset. Listen to Colby Dyess on how to ensure security in the cloud, leverage the CI/CD pipeline to include automated security, and successfully socialize security with the cloud console owners.

Intent-Based Networking is meant to simplify networking – utilize software to plan, design, and implement changes to the network without reliance on human action or intervention. And while the acronym IBN is often utilized in marketing materials, how close are we to achieving the next big thing in network automation? Join Tufin’s Technical Director of Business Development and former SOC lead, Joe Schreiber, to differentiate the hype from the academic definition of IBN. We'll discuss how close we are to achieving IBN and even hear some cautionary tales on adoption based on experiences at automated eateries.

Unprotected. Server. Breached. These three words are as relevant in headlines today as they were in the 90s. Have we failed to translate lessons already learned to improved security? Security’s history and lessons learned are well documented, and our current processes clearly defined and structured. But our history isn’t that of the owners of the new network – the public cloud. And without being able to effectively bridge this organizational gap, our mistakes made are now repeated by the application development team. This episode of Security Rules features Colby Dyess as we cover the modern issues of cloud security, why breaches in the cloud are seemingly so common, and how organizations need to acclimate to the new world of security in the cloud. This episode is brought to you by Tufin, the makers of Tufin Iris. Tufin Iris is an agentless, cloud-native platform that enables IT Security to regain visibility and control security policies, powered by automation that integrates with DevOps pipelines. You can learn more by visiting Tufin.io.

The rapid and increasing adoption of Kubernetes for application development has further obscured visibility over the network. And in this changing and fluctuating corporate network, containers, and those leveraging them, are introducing new security challenges. Hear from Colby Dyess, former software developer and Director of Cloud Marketing, on the security risks of container environments, working with those responsible for securing them, and some of the methods to regain visibility over the increasingly complex network. This episode of Security Rules is sponsored by Tufin Orca: https://www.tufin.com/products/tufin-orca

Firewalls. SDN. Public cloud. Containers. The network is getting more complex, more dynamic, and seemingly less secure. Hear from Aleck Brailsford on span of control of the network, the challenges, and approaches to securing the ever expanding network.

CSO magazine wrote a column in 2012 asserting that the firewall was dying and soon to be obsolete. Yet here we are over five years later, still relying on the firewall while welcoming the next generation of the technology. Hear commentary from Ruvi Kitov, former Check Point firewall developer turned information security solutions CEO on how the firewall staved off the predicted decline and evolved to meet the next generation of security needs in the network and the cloud.