Approach to restricting system access to authorized users
POPULARITY
Wer darf eigentlich was? Und sollten wir alle wirklich alles dürfen?Jedes Tech-Projekt beginnt mit einer simplen Frage: Wer darf eigentlich was? Doch spätestens wenn das Startup wächst, Kunden Compliance fordern oder der erste Praktikant an die Produktionsdatenbank rührt, wird Role Based Access Control (RBAC) plötzlich zur Überlebensfrage – und wer das Thema unterschätzt, hat schnell die Rechtehölle am Hals.In dieser Folge nehmen wir das altbekannte Konzept der rollenbasierten Zugriffskontrolle auseinander. wir klären, welches Problem RBAC eigentlich ganz konkret löst, warum sich hinter den harmlosen Checkboxen viel technische Tiefe und organisatorisches Drama verbirgt und weshalb RBAC nicht gleich RBAC ist.Dabei liefern wir dir Praxis-Insights: Wie setzen Grafana, Sentry, Elasticsearch, OpenSearch oder Tracing-Tools wie Jäger dieses Rechtekonzept um? Wo liegen die Fallstricke in komplexen, mehrmandantenfähigen Systemen?Ob du endlich verstehen willst, warum RBAC, ABAC (Attribute-Based), ReBAC (Relationship-Based) und Policy Engines mehr als nur Buzzwords sind oder wissen möchtest, wie du Policies, Edge Cases und Constraints in den Griff bekommst, darum geht es in diesem Deep Dives.Auch mit dabei: Open Source-Highlights wie Casbin, SpiceDB, OpenFGA und OPA und echte Projekt- und Startup-Tipps für pragmatischen Start und spätere Skalierung.Bonus: Ein Märchen mit Kevin und Max, wo auch manchmal der Praktikant trotzdem gegen den Admin gewinnt
In this episode of Tech Talks Daily, I'm joined by Glen Shok, VP of Product Marketing at Panzura, for a detailed look into how the company is rethinking hybrid cloud storage with the release of CloudFS 8.5 Adapt. CloudFS 8.5 isn't just another update. Built in direct response to customer feedback, it introduces powerful new features like Instant Node and Regional Store that redefine performance, availability, and business continuity. Instant Node allows failed systems to be replaced or migrated in under five minutes. Regional Store brings high-speed data access closer to end users around the world while reducing latency and cloud egress costs. As Glen explains, the latest release meets the growing demand for flexibility in the face of geopolitical uncertainty, rising cloud costs, and evolving IT infrastructure. Panzura is helping organizations maintain uptime, protect data, and adapt quickly, whether moving away from VMware or modernizing a global IT footprint. CloudFS 8.5 Adapt enables this without forcing customers to compromise on control, performance, or security. We also explore how Panzura's vision for autonomic data infrastructure is becoming a reality. With every CloudFS node sharing full configuration metadata, new nodes can spin up almost instantly. AI plays a central role here too. Through Panzura Data Services, AI tracks behavioral anomalies to detect early signs of data exfiltration, ransomware, or internal threats. This provides not just alerts, but the ability to interdict and isolate risky behavior in real time. Looking ahead, Glen shares how Panzura is preparing to support AI workloads directly where unstructured data lives. Instead of migrating terabytes to external platforms, organizations can train language models in place, reducing cost and complexity. With features like enhanced RBAC, native Entra ID support, and a virtual data lake model on the horizon, Panzura is clearly positioning itself at the intersection of enterprise storage and AI innovation. If you work in cloud infrastructure, cybersecurity, data governance, or AI deployment, this episode offers practical insights into the challenges IT teams face today and the technologies that are solving them.
In this episode of the Oil Ground Up podcast, Dr. Robert E. Brooks discusses the evolution of the LNG market, the role of RBAC in energy modeling, and the current dynamics of global energy supply, particularly focusing on the relationship between the U.S. and China regarding LNG exports. Dr. Brooks highlights the significant changes in the LNG industry over the years, the impact of geopolitical factors, and the future outlook for LNG contracts amidst evolving market conditions. In this conversation, Robert E Brooks discusses the complexities of global shipping routes, particularly focusing on the Panama Canal and the Red Sea, and their implications for natural gas shipments. He provides insights into the current state of natural gas supply and demand, forecasting trends, and the impact of data centers on energy consumption. Brooks also addresses the risks and opportunities within the natural gas market, including geopolitical factors stemming from the Russia-Ukraine conflict and the evolving landscape of energy production and consumption in Europe.
In the second part of our SUSECON special we've had a blast talking to Don Vosburg and Stefan Behlert about the latest SUSE Multi-Linux Manager 5.1 and Uyuni news. The new version ships with a lot of new features including RBAC, enhanced Ansible support and official IBM POWER support. It can also be installed on SLE 15 SP7 in addition to SUSE Linux Micro.
Maya Kaczorowski noticed that AI identity and AI agent identity concerns were emerging from outside the security industry, rather than from CISOs and security leaders. She concluded that OAuth, the open standard for authentication, already serves the purpose of granting access without exposing passwords. Kaczorowski, a respected technologist and founder of Oblique, a startup focused on self-serve access controls, recently wrote about OAuth and AI agents and shared her insights on this episode of The New Stack Makers. She noted that developers see AI agents as extensions of themselves, granting them limited access to data and capabilities—precisely what OAuth is designed to handle. The challenges with AI agent identity are vast, involving different approaches to authentication, such as those explored by companies like AuthZed. While existing authorization models like RBAC or ABAC may still apply, the real challenge lies in scale. The exponential growth of AI-related entities—from users to LLMs—could mean even small organizations manage hundreds of thousands of agents. Future solutions must accommodate this massive scale efficiently. For the full discussion, check out The New Stack Makers interview with Kaczorowski. Learn more from The New Stack about OAuth requirements for AI Agents: OAuth 2.0: A Standard in Name Only? AI Agents Are Redefining the Future of Identity and Access ManagementJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
This episode is sponsored by IAMONES. Visit https://iamones.ai/idac to learn more.In this sponsored episode of the Identity at the Center podcast, Jim welcomes Andrea Rossi from IAMONES, an innovative conversational identity governance platform. They discuss the revolutionary approach IAMONES takes in simplifying identity and access management (IAM) using large language models (LLM). Andrea explains how IAMONES aims to eliminate the need for complex roles and middle layers by providing business users with direct and comprehensible access to system functions. The discussion dives into the practical applications of LLM in enhancing existing IAM systems, particularly focusing on making permissions and entitlements more understandable and manageable for business users, auditors, and administrators. The episode also highlights the ease of integrating IAMONES with existing identity infrastructures and offers insights into reducing the burden of maintaining multilingual UIs. Tune in to learn more about the potential of AI in transforming IAM.Chapters00:00 Introduction to Simplifying Access Management02:11 Welcome to the Identity at the Center Podcast02:23 Sponsor Spotlight: Andrea Rossi from IAMONES05:04 The Story Behind the Name 'IAMONES'08:16 Conversational Identity and Large Language Models12:35 Revolutionizing IGA with AI17:22 The Future of AI in Identity Management23:08 Enhancing IGA Configuration with Natural Language31:37 Understanding Outcomes in Identity Governance32:09 The Shift from RBAC to PBAC33:35 Challenges with Role Explosion34:02 Introducing Temporal Identity Graph35:27 Simplifying Access for Business Users39:36 Ensuring Proper Data Visibility46:06 Implementing the Identity Gateway48:45 Customer Feedback and Success Metrics52:07 Future of AI in Identity Management56:21 Travel Tips for Visiting ItalyConnect with Andrea: https://www.linkedin.com/in/arossi67Learn more about IAMONES: https://iamones.ai/idacRamones - Blitzkrieg Bop (Official Music Video): https://www.youtube.com/watch?v=268C3N2dDYkMicrosoft's Satya Nadella on the evolution of SaaS: https://www.youtube.com/watch?v=a_RjOhCkhvQ&t=22sConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast
Safety and security-critical systems require extensive test and evaluation, but existing high assurance test methods are based on structural coverage criteria that do not apply to many black box AI and machine learning components. AI/ML systems make decisions based on training data rather than conventionally programmed functions. Autonomous systems that rely on these components therefore require assurance methods that evaluate input data to ensure that they can function correctly in their environments with inputs they will encounter. Combinatorial test methods can provide added assurance for these systems and complement conventional verification and test for AI/ML.This talk reviews some combinatorial methods that can be used to provide assured autonomy, including:Background on combinatorial test methodsWhy conventional test methods are not sufficient for many or most autonomous systemsWhere combinatorial methods applyAssurance based on input space coverageExplainable AI as part of validation About the speaker: Rick Kuhn is a computer scientist in the Computer Security Division at NIST, and is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE). He co-developed the role based access control (RBAC) model that is the dominant form of access control today. His current research focuses on combinatorial methods for assured autonomy and hardware security/functional verification. He has authored three books and more than 200 conference or journal publications on cybersecurity, software failure, and software verification and testing.
Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
In the Energy News Beat – Conversation in Energy with Stuart Turley, talks with NJ Ayuk, Executive Director of the African Energy Chamber, and Dr. Robert Brooks, Founder of RBAC, about Africa's journey towards energy independence and economic development. The discussion covers the importance of a balanced approach to energy policies, the need to leverage Africa's natural gas resources to reduce energy poverty, and the impact of global energy policies on Africa's development. They also address the role of BRICs partnerships, the challenges of transitioning from fossil fuels to renewables, and the potential for the African diaspora to contribute to sustainable growth on the continent.I thoroughly enjoyed this conversation with NJ and Robert. Both men are great leaders, and this is an important conversation about delivering low-cost, sustainable energy to everyone on the planet. NJ is leading the charge in Africa, and I highly recommend following him and the African Energy Chamber as they empower Africa.Thank you, NJ and Robert, I really appreciate your leadership in the global energy markets. - StuPlease follow the African Energy Chamber: https://energychamber.org/and RBAC https://rbac.com/Highlights of the Podcast00:00 - Intro02:30 - African Energy Chamber Updates05:40 - Fossil Fuel and Energy Policies in Africa and Beyond10:37 - Offshore vs. Onshore Oil Development in Africa15:04 - Challenges in Energy Transition for Africa22:20 - BRICs and Economic Cooperation for Food Security26:44 - BRICs' Role in Africa's Development28:19 - Self-Reliance and Growth Potential in Africa36:35 - The African Diaspora's Role in Development42:07 - African Energy Chamber Event Announcement43:53 - Closing Remarks Full Transcript: https://energynewsbeat.co/empowering-africa-navigating-energy-independence-and-economic-growth/
In this episode of "Authentically Successful," host Carol Schultz converses with Dr. Robert Brooks, founder of RBAC, Inc., and renowned energy expert. Sharing insights from his experience, Bob highlights his journey through several degrees to government work and beyond. He makes a bold suggestion to switch your mindset when it comes to selling assets versus selling time and how it helped him. They also delve into the evolving energy industry, focusing on the shift towards more reliable electricity sources like nuclear power to support data centers and AI applications. Bob discusses the environmental benefits of nuclear energy while stressing the safety and handling of radioactive waste. Tune in to learn from his journey in developing a multi-million-dollar business through strategic licensing agreements. Learn more about Dr. Robert Brooks and RBAC Inc.Find more information about our host Carol Schultz and her company at Vertical Elevation, LinkedIn, Twitter, and YouTube.Want to be our next guest? Email cat.gloria@verticalelevation.com with your information. And of course, click "follow" to stay up-to-date on new episodes and leave an honest review/rating letting us know what you thought!
Adam Kamor is the Co-founder of Tonic, a company that specializes in creating mock data that preserves secure datasets. RAG Quality Starts with Data Quality // MLOps Podcast #262 with Adam Kamor, Co-Founder & Head of Engineering of Tonic.ai. // Abstract Dive into what makes Retrieval-Augmented Generation (RAG) systems tick—and it all starts with the data. We'll be talking with an expert in the field who knows exactly how to transform messy, unstructured enterprise data into high-quality fuel for RAG systems. Expect to learn the essentials of data prep, uncover the common challenges that can derail even the best-laid plans, and discover some insider tips on how to boost your RAG system's performance. We'll also touch on the critical aspects of data privacy and governance, ensuring your data stays secure while maximizing its utility. If you're aiming to get the most out of your RAG systems or just curious about the behind-the-scenes work that makes them effective, this episode is packed with insights that can help you level up your game. // Bio Adam Kamor, PhD, is the Co-founder and Head of Engineering of Tonic.ai. Since completing his PhD in Physics at Georgia Tech, Adam has committed himself to enabling the work of others through the programs he develops. In his roles at Microsoft and Kabbage, he handled UI design and led the development of new features to anticipate customer needs. At Tableau, he played a role in developing the platform's analytics/calculation capabilities. As a founder of Tonic.ai, he is leading the development of unstructured data solutions that are transforming the work of fellow developers, analysts, and data engineers alike. // MLOps Jobs board https://mlops.pallet.xyz/jobs // MLOps Swag/Merch https://mlops-community.myshopify.com/ // Related Links Website: https://www.tonic.ai Various topics about RAG and LLM security are available on Tonic.ai's blogs: https://www.tonic.ai/blog https://www.tonic.ai/blog/how-to-prevent-data-leakage-in-your-ai-applications-with-tonic-textual-and-snowpark-container-services https://www.tonic.ai/blog/rag-evaluation-series-validating-the-rag-performance-of-the-openais-rag-assistant-vs-googles-vertex-search-and-conversation https://www.youtube.com/watch?v=5xdyt4oRONU https://www.tonic.ai/blog/what-is-retrieval-augmented-generation-the-benefits-of-implementing-rag-in-using-llms --------------- ✌️Connect With Us ✌️ ------------- Join our slack community: https://go.mlops.community/slack Follow us on Twitter: @mlopscommunity Sign up for the next meetup: https://go.mlops.community/register Catch all episodes, blogs, newsletters, and more: https://mlops.community/ Connect with Demetrios on LinkedIn: https://www.linkedin.com/in/dpbrinkm/ Connect with Adam on LinkedIn: https://www.linkedin.com/in/adam-kamor-85720b48/ Timestamps: [00:00] Adam's preferred coffee [00:24] Takeaways [00:59] Huge shout out to Tonic.ai for supporting the community! [01:03] Please like, share, leave a review, and subscribe to our MLOps channels! [01:18] Naming a product [03:38] Tonic Textual [08:00] Managing PII and Data Safety [10:16] Chunking strategies for context [14:19] Data prep for RAG [17:20] Data quality in AI systems [20:58] Data integrity in PDFs [27:12] Ensuring chatbot data freshness [33:02] Managed PostgreSQL and Vector DB [34:49] RBAC database vs file access [37:35] Slack AI data leakage solutions [42:26] Hot swapping [46:06] LLM security concerns [47:03] Privacy management best practices [49:02] Chatbot design patterns [50:39] RAG growth and impact [52:40] Retrieval Evaluation best practices [59:20] Wrap up
The Generative AI revolution is transforming how organizations operate, unlocking new use cases across industries and employee workflows. However, challenges such as security, legal compliance, and demonstrating return on investment (ROI) hinder widespread adoption. One approach for solving some of these issues uses a security orchestration layer, enabling organizations to confidently connect any data source with any generative AI model. This approach lets businesses leverage the power of GenAI while maintaining control and confidentiality. Check out this episode of DMRadio to learn more as Host @eric_kavanagh interviews Oz Wasserman of Opsin. They'll discuss how retrieval-augmented generation (RAG) can be used to optimize the outputs of Large Language Models (LLMs). Combining contextual information with ongoing improvements in foundational models, RAG delivers superior results, ensuring organizations achieve tangible ROI with GenAI investments. Security features like role-based access control (RBAC), auditing, and anonymization can be used to safeguard data privacy and enhance security.
Send us a Text Message.What would you do if your social security number was compromised in a massive data breach affecting billions? In our latest episode of the CISSP Cyber Training Podcast, we unpack the alarming reality of a recent breach that exposed the personal records of 3 billion people. We provide critical advice on how to protect yourself using tools like "Have I Been Pwned," setting up credit freezes, and enabling multi-factor authentication. It's not just about safeguarding your data; it's about arming yourself with the knowledge to navigate these digital threats effectively.Next, we dive into the realm of access controls with a keen focus on discretionary and non-discretionary systems. Discover why discretionary access control (DAC) might be a double-edged sword for smaller setups and how non-discretionary models such as mandatory access control (MAC), role-based access control (RBAC), and rule-based access control provide a structured, scalable framework for larger organizations. With real-world examples, we breakdown the benefits and challenges of each system, helping you understand which control model best suits your organization's needs.Finally, we explore the complexities of RBAC and rule-based access controls, emphasizing the necessity of efficient access management in large enterprises and regulated industries. Learn about the principle of least privilege, the intricacies of role assignment, and how predefined static rules can simplify or complicate access management. We also delve into mandatory access controls, using high-security environments like military clearances to illustrate their importance. Whether you're an industry professional or just passionate about cybersecurity, this episode brings essential insights right to your ear.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
In this episode, Jeff and Jim discuss various Identity and Access Management (IAM) topics with their guest, Chris Power, Senior Manager of IAM at Sallie Mae. They tackle the evolution and challenges of non-human identities, the potential sunsetting of Role-Based Access Control (RBAC) in favor of policy-based methods, and the organizational design of IAM teams and the importance of governance and cybersecurity measures. The episode rounds off with a light discussion about Marvel movie news, focusing on Robert Downey Jr.'s return to the Marvel universe as Dr. Doom. 00:00 Introduction and Casual Banter 2:07 Exploring Digital Identity Trends 5:01 Conference Highlights and Discount Codes 8:35 Introducing the Guest: Chris Power 12:11 Deep Dive into Non-Human Identities 29:20 The Future of RBAC in IAM 30:42 Challenges in HR Systems and RBAC 32:21 The Complexity of Implementing RBAC 33:23 Exploring Alternatives to RBAC 34:13 The Role of Attributes in Access Control 37:35 Policy-Based Access Control (PBAC) 42:59 Organizational Design in IAM 52:34 Future of IAM with AI and Big Data 55:55 Marvel Universe Discussion 63:42 Conclusion and Final Thoughts Connect with Chris: https://www.linkedin.com/in/jameschristopherpower/ Chris' LinkedIn Post: https://www.linkedin.com/pulse/trying-something-new-chris-power-ysmdc/ Attending Identity Week in America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast
Consumers in different regions of the U.S. are paying vastly different prices for natural gas — the consequence of notoriously slow pipeline projects. In this episode of Power Plays, Bethel King and Dr. Robert Brooks, principal researchers at RBAC, explain the primary regional drivers that will influence the price you'll pay for natural gas.
In the season's final episode, hosts Lois Houston and Nikita Abraham interview senior OCI instructor Mahendra Mehra about the security practices that are vital for OKE clusters on OCI. Mahendra shares his expert insights on the importance of Kubernetes security, especially in today's digital landscape where the integrity of data and applications is paramount. OCI Container Engine for Kubernetes Specialist: https://mylearn.oracle.com/ou/course/oci-container-engine-for-kubernetes-specialist/134971/210836 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X (formerly Twitter): https://twitter.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Radhika Banka, and the OU Studio Team for helping us create this episode. --------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Principal Technical Editor with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi there! In our last episode, we spoke about self-managed nodes and how you can manage Kubernetes deployments. Nikita: Today is the final episode of this series on OCI Container Engine for Kubernetes. We're going to look at the security side of things and discuss how you can implement vital security practices for your OKE clusters on OCI, and safeguard your infrastructure and data. 00:59 Lois: That's right, Niki! We can't overstate the importance of Kubernetes security, especially in today's digital landscape, where the integrity of your data and applications is paramount. With us today is senior OCI instructor, Mahendra Mehra, who will take us through Kubernetes security and compliance practices. Hi Mahendra! It's great to have you here. I want to jump right in and ask you, how can users add a service account authentication token to a kubeconfig file? Mahendra: When you set up the kubeconfig file for a cluster, by default, it contains an Oracle Cloud Infrastructure CLI command to generate a short-lived, cluster-scoped, user-specific authentication token. The authentication token generated by the CLI command is appropriate to authenticate individual users accessing the cluster using kubectl and the Kubernetes Dashboard. However, the generated authentication token is not appropriate to authenticate processes and tools accessing the cluster, such as continuous integration and continuous delivery tools. To ensure access to the cluster, such tools require long-lived non-user-specific authentication tokens. One solution is to use a Kubernetes service account. Having created a service account, you bind it to a cluster role binding that has cluster administration permissions. You can create an authentication token for this service account, which is stored as a Kubernetes secret. You can then add the service account as a user definition in the kubeconfig file itself. Other tools can then use this service account authentication token when accessing the cluster. 02:47 Nikita: So, as I understand it, adding a service account authentication token to a kubeconfig file enhances security and enables automated tools to interact seamlessly with your Kubernetes cluster. So, let's talk about the permissions users need to access clusters they have created using Container Engine for Kubernetes. Mahendra: For most operations on Container Engine for Kubernetes clusters, IAM leverages the concept of groups. A user's permissions are determined by the IAM groups they belong to, including dynamic groups. The access rights for these groups are defined by policies. IAM provides granular control over various cluster operations, such as the ability to create or delete clusters, add, remove, or modify node pool, and dictate the Kubernetes object create, delete, view operations a user can perform. All these controls are specified at the group and policy levels. In addition to IAM, the Kubernetes role-based access control authorizer can enforce additional fine-grained access control for users on specific clusters via Kubernetes RBAC roles and ClusterRoles. 04:03 Nikita: What are Kubernetes RBAC roles and ClusterRoles, Mahendra? Mahendra: Roles here defines permissions for resources within a specific namespace and ClusterRole is a global object that will provide access to global objects as well as non-resource URLs, such as API version and health endpoints on the API server. Kubernetes RBAC also includes RoleBindings and ClusterRoleBindings. RoleBinding grants permission to subjects, which can be a user, service, or group interacting with the Kubernetes API. It specified an allowed operation for a given subject in the cluster. RoleBinding is always created in a specific namespace. When associated with a role, it provides users permission specified within that role related to the objects within that namespace. When associated with a ClusterRole, it provides access to namespaced objects only defined within that cluster rule and related to the roles namespace. ClusterRoleBinding, on the other hand, is a global object. It associates cluster roles with users, groups, and service accounts. But it cannot be associated with a namespaced role. ClusterRoleBinding is used to provide access to global objects, non-namespaced objects, or to namespaced objects in all namespaces. 05:36 Lois: Mahendra, what's IAM's role in this? How do IAM and Kubernetes RBAC work together? Mahendra: IAM provides broader permissions, while Kubernetes RBAC offers fine-grained control. Users authorized either by IAM or Kubernetes RBAC can perform Kubernetes operations. When a user attempts to perform any operation on a cluster, except for create role and create cluster role operations, IAM first determines whether a group or dynamic group to which the user belongs has the appropriate and sufficient permissions. If so, the operation succeeds. If the attempted operation also requires additional permissions granted via a Kubernetes RBAC role or cluster role, the Kubernetes RBAC authorizer then determines whether the user or group has been granted the appropriate Kubernetes role or Kubernetes ClusterRoles. 06:41 Lois: OK. What kind of permissions do users need to define custom Kubernetes RBAC rules and ClusterRoles? Mahendra: It's common to define custom Kubernetes RBAC rules and ClusterRoles for precise control. To create these, a user must have existing roles or ClusterRoles with equal or higher privileges. By default, users don't have any RBAC roles assigned. But there are default roles like cluster admin or super user privileges. 07:12 Nikita: I want to ask you about securing and handling sensitive information within Kubernetes clusters, and ensuring a robust security posture. What can you tell us about this? Mahendra: When creating Kubernetes clusters using OCI Container Engine for Kubernetes, there are two fundamental approaches to store application secrets. We can opt for storing and managing secrets in an external secrets store accessed seamlessly through the Kubernetes Secrets Store CSI driver. Alternatively, we have the option of storing Kubernetes secret objects directly in etcd. 07:53 Lois: OK, let's tackle them one by one. What can you tell us about the first method, storing secrets in an external secret store? Mahendra: This integration allows Kubernetes clusters to mount multiple secrets, keys, and certificates into pods as volumes. The Kubernetes Secrets Store CSI driver facilitates seamless integration between our Kubernetes clusters and external secret stores. With the Secrets Store CSI driver, our Kubernetes clusters can mount and manage multiple secrets, keys, and certificates from external sources. These are accessible as volumes, making it easy to incorporate them into our application containers. OCI Vault is a notable external secrets store. And Oracle provides the Oracle Secrets Store CSI driver provider to enable Kubernetes clusters to seamlessly access secrets stored in Vault. 08:54 Nikita: And what about the second method? How can we store secrets as Kubernetes secret objects in etcd? Mahendra: In this approach, we store and manage our application secrets using Kubernetes secret objects. These objects are directly managed within etcd, the distributed key value store used for Kubernetes cluster coordination and state management. In OKE, etcd reads and writes data to and from block storage volumes in OCI block volume service. By default, OCI ensures security of our secrets and etcd data by encrypting it at rest. Oracle handles this encryption automatically, providing a secure environment for our secrets. Oracle takes responsibility for managing the master encryption key for data at rest, including etcd and Kubernetes secrets. This ensures the integrity and security of our stored secrets. If needed, there are options for users to manage the master encryption key themselves. 10:06 Lois: OK. We understand that managing secrets is a critical aspect of maintaining a secure Kubernetes environment, and one that users should not take lightly. Can we talk about OKE Container Image Security? What essential characteristics should container images possess to fortify the security posture of a user's applications? Mahendra: In the dynamic landscape of containerized applications, ensuring the security of containerized images is paramount. It is not uncommon for the operating system packages included in images to have vulnerabilities. Managing these vulnerabilities enables you to strengthen the security posture of your system and respond quickly when new vulnerabilities are discovered. You can set up Oracle Cloud Infrastructure Registry, also known as Container Registry, to scan images in a repository for security vulnerabilities published in the publicly available Common Vulnerabilities and Exposures Database. 11:10 Lois: And how is this done? Is it automatic? Mahendra: To perform image scanning, Container Registry makes use of the Oracle Cloud Infrastructure Vulnerability Scanning Service and Vulnerability Scanning REST API. When new vulnerabilities are added to the CVE database, the container registry initiates automatic rescanning of images in repositories that have scanning enabled. 11:41 Do you want to stay ahead of the curve in the ever-evolving AI landscape? Look no further than our brand-new OCI Generative AI Professional course and certification. For a limited time only, we're offering both the course and certification for free! So, don't miss out on this exclusive opportunity to get certified on Generative AI at no cost. Act fast because this offer is valid only until July 31, 2024. Visit https://education.oracle.com/genai to get started. That's https://education.oracle.com/genai. 12:20 Nikita: Welcome back! Mahendra, what are the benefits of image scanning? Mahendra: You can gain valuable insights into each image scan conducted over the past 13 months. This includes an overview of the number of vulnerabilities detected and an overall risk assessment for each scan. Additionally, you can delve into comprehensive details of each scan featuring descriptions of individual vulnerabilities, their associated risk levels, and direct links to the CVE database for more comprehensive information. This historical and detailed data empowers you to monitor, compare, and enhance image security over time. You can also disable image scanning on a particular repository by removing the image scanner. 13:11 Nikita: Another characteristic that container images should have is unaltered integrity, right? Mahendra: For compliance and security reasons, system administrators often want to deploy software into a production system. Only when they are satisfied that the software has not been modified since it was published compromising its integrity. Ensuring the unaltered integrity of software is paramount for compliance and security in production environment. 13:41 Lois: Mahendra, what are the mechanisms that guarantee this integrity within the context of Oracle Cloud Infrastructure? Mahendra: Image signatures play a pivotal role in not only verifying the source of an image but also ensuring its integrity. Oracle's Container Registry facilitates this process by allowing users or systems to push images and sign them using a master encryption key sourced from the OCI Vault. It's worth noting that an image can have multiple signatures, each associated with a distinct master encryption key. These signatures are uniquely tied to an image OCID, providing granularity to the verification process. Furthermore, the process of image signing mandates the use of an RSA asymmetric key from the OCI Vault, ensuring a robust and secure validation of the image's unaltered integrity. 14:45 Nikita: In the context of container images, how can users ensure the use of trusted sources within OCI? Mahendra: System administrators need the assurance that the software being deployed in a production system originates from a source they trust. Signed images play a pivotal role, providing a means to verify both the source and the integrity of the image. To further strengthen this, administrators can create image verification policies for clusters, specifying which master encryption keys must have been used to sign images. This enhances security by configuring container engine for Kubernetes clusters to allow the deployment of images signed with specific encryption keys from Oracle Cloud Infrastructure Registry. Users or systems retrieving signed images from OCIR can trust the source and be confident in the image's integrity. 15:46 Lois: Why is it imperative for users to use signed images from Oracle Cloud Infrastructure Registry when deploying applications to a Container Engine for Kubernetes cluster? Mahendra: This practice is crucial for ensuring the integrity and authenticity of the deployed images. To achieve this enforcement. It's important to note that an image in OCIR can have multiple signatures, each linked to a different master encryption key. This multikey association adds layers of security to the verification process. A cluster's image verification policy comes into play, allowing administrators to specify up to five master encryption keys. This policy serves as a guideline for the cluster, dictating which keys are deemed valid for image signatures. If a cluster's image verification policy doesn't explicitly specify encryption keys, any signed image can be pulled regardless of the key used. Any unsigned image can also be pulled potentially compromising the security measures. 16:56 Lois: Mahendra, can you break down the essential permissions required to bolster security measures within a user's OKE clusters? Mahendra: To enable clusters to include master encryption key in image verification policies, you must give clusters permission to use keys from OCI Vault. For example, to grant this permission to a particular cluster in the tenancy, we must use the policy—allow any user to use keys in tenancy where request.user.id is set to the cluster's OCID. Additionally, for clusters to seamlessly pull signed images from Oracle Cloud Infrastructure Registry, it's vital to provide permissions for accessing repositories in OCIR. 17:43 Lois: I know this may sound like a lot, but OKE container image security is vital for safeguarding your containerized applications. Thank you so much, Mahendra, for being with us through the season and taking us through all of these important concepts. Nikita: To learn more about the topics covered today, visit mylearn.oracle.com and search for the OCI Container Engine for Kubernetes Specialist course. Join us next week for another episode of the Oracle University Podcast. Until then, this is Nikita Abraham… Lois Houston: And Lois Houston, signing off! 18:16 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
In today's episode, we cover the critical Linux vulnerability CVE-2024-1086 being actively exploited and urge users to patch immediately (https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/). We also discuss the Ticketmaster data breach by the ShinyHunters group, impacting 560 million customers and demanding a £400,000 ransom (https://www.theguardian.com/technology/article/2024/jun/01/live-nation-investigating-data-breach-of-its-us-ticketmaster-unit). Lastly, we delve into potential Snowflake compromises involving stolen customer credentials, with conflicting reports on whether Snowflake itself or its customers were breached (https://www.helpnetsecurity.com/2024/05/31/snowflake-compromised-data-theft/). Tags: Linux, Exploited, Kernel, Vulnerability, CVE, Cybersecurity, CISA, ShinyHunters, Ticketmaster, Cybercrime, Data breach, Cybercriminals, Snowflake, Credentials, Security, Privilege escalation Search Phrases: How to protect against CVE-2024-1086 Linux kernel vulnerability CVE-2024-1086 ShinyHunters Ticketmaster data breach Snowflake stolen credentials breach Cybersecurity measures for Linux vulnerabilities Protecting against data breaches in Ticketmaster Cybercrime groups targeting big companies Escalating privileges in Linux kernel Preventing credential-based attacks in Snowflake Recent exploits in cybersecurity 2024 Linux vulnerability being actively exploited https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/ ---`Sure thing! Here's a flash briefing on the Linux vulnerability actively exploited: Critical Linux Vulnerability Alert: The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical Linux vulnerability (CVE-2024-1086) to its known exploited vulnerabilities list. [Source: Dan Goodin, Ars Technica] Severity and Impact: Severity rating: 7.8 out of 10. Affected Linux kernel versions: 5.14 through 6.6. The vulnerability allows privilege escalation, enabling attackers to gain higher system privileges. Technical Details: It's a use-after-free error in the NF_tables component of the Linux kernel. Use-after-free errors can result in remote code execution or privilege escalation. The bug was patched in January, but many systems remain unpatched. Exploitation Details: Exploits allow for a "powerful double-free primitive" when the correct code paths are hit. Techniques include arbitrary code execution in the kernel and potentially dropping a universal root shell. Action Required: CISA mandates federal agencies to patch by June 20. All affected organizations should update their systems immediately. Engagement Tips: Question for Listeners: Have you checked if your systems are running the affected Linux kernel versions? Call to Action: Update your systems now to prevent potential exploitation. Feedback Request: Share your experiences with patching critical vulnerabilities on our social media channels. By keeping these points in mind, you'll ensure your systems are secure and you're up-to-date with the latest cybersecurity threats. Stay safe out there!` Ticketmaster hit by data hack that may affect 560m customers https://www.theguardian.com/technology/article/2024/jun/01/live-nation-investigating-data-breach-of-its-us-ticketmaster-unit ---`- Ticketmaster Cyber-Attack: Ticketmaster has experienced a significant data breach, with hackers offering to sell customer data on the dark web. Live Nation, Ticketmaster's parent company, confirmed the breach and is working with forensic investigators and law enforcement to mitigate the risks. [Source: The Guardian] Ticketmaster hit by data hack that may affect 560m customers https://www.theguardian.com/technology/article/2024/jun/01/live-nation-investigating-data-breach-of-its-us-ticketmaster-unit---`security. Snowflake compromised? Attackers exploit stolen credentials https://www.helpnetsecurity.com/2024/05/31/snowflake-compromised-data-theft/ ---`- Snowflake Compromise Overview: Attackers exploited stolen customer credentials to access Snowflake accounts, leveraging a tool called "rapeflake". Snowflake itself denies a direct breach, attributing unauthorized access to compromised customer credentials. Sources: Help Net Security, Mitiga, Hudson Rock. What is Snowflake? A cloud-based data storage and analytics platform with around 9,500 global customers. Enterprises use Snowflake for data warehousing solutions, choosing a cloud provider like AWS, Azure, or Google Cloud. Key Security Practices: Role-based access control (RBAC), single sign-on (SSO), IP whitelisting, and network policies. Nature of the Attack: Threat actor UNC5537 used stolen credentials and VPNs to bypass security measures, focusing on environments lacking two-factor authentication. They used credential stuffing techniques and Snowflake's built-in features to exfiltrate data. The attackers aim to extort organizations by offering the stolen data on hacker forums. Snowflake's Response: Snowflake observed increased threat activity starting mid-April 2024, linked to certain IP addresses and suspicious clients. Investigation revealed unauthorized access caused by exposed user credentials from unrelated cyber activities. Snowflake maintains no internal vulnerabilities or misconfigurations were exploited. Conflicting Claims: While Snowflake denies a direct breach, Hudson Rock reports that attackers accessed Snowflake's servers via an infected employee device. The attackers claim to have bypassed security measures like OKTA and exfiltrated data, demanding a $20 million ransom. Impact on Customers: Confirmed data theft from organizations like Ticketmaster and Santander Bank. Mass data scraping has reportedly occurred, affecting multiple organizations. Steps for Snowflake Admins: Use Snowflake's compiled document to identify indicators of` Snowflake compromised? Attackers exploit stolen credentials https://www.helpnetsecurity.com/2024/05/31/snowflake-compromised-data-theft/ ---`compromise and perform investigative queries. Remediate by disabling suspected users and resetting credentials. Enforce strong security measures: Ensure SSO and MFA are enabled, and restrict database access to authorized IP addresses. Leverage Snowflake's logs for threat hunting using the ‘ACCOUNT_USAGE' schema to detect anomalous activities. Engagement Tip: Sources: Help Net Security, Mitiga, Hudson Rock.
On this episode of Identity at the Center, Jim McDonald and Jeff Steadman are joined by Chad Wolcott, Managing Director at RSM US LLP, to peel back the layers of the identity industry. They delve into the complexities of identity consulting, discussing the challenges and triumphs of implementing and managing IAM solutions. From Chad's early days of designing robots to Jim's arcade escapades, the trio shares their most unusual jobs and the lessons learned from their unique experiences. They also tackle pressing topics like the future of passwordless authentication, the role of AI and analytics in identity, and the evolution of authorization from RBAC to dynamic access models. The conversation takes a turn into the realm of IAM horror stories, highlighting the pitfalls of over-engineering solutions and the importance of aligning with organizational change. As they gear up for Identiverse, they share their excitement for reconnecting with industry peers, diving into sessions on AI and identity security, and enjoying the Vegas experience. Tune in for an insightful and candid discussion on the state of identity security, the potential of AI, and the power of automation in the ever-evolving IAM landscape. Connect with Chad: https://www.linkedin.com/in/chad-wolcott/ Meet up with our RSM team at Identiverse 2024! Schedule at https://rsmus.com/events/2024-events/join-rsm-at-identiverse-2024.html Learn more about RSM Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.html Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
Could your company's board benefit from cybersecurity expertise? Discover the untold impact security professionals can make in risk mitigation and financial stability. This week on the CISSP Cyber Training Podcast, I, Sean Gerber, navigate the critical intersection of cybersecurity and corporate governance, underscoring a need for expertise that's often overlooked. We dissect the lifecycle of role management, from the precise art of onboarding to the essential processes of deprovisioning and offboarding. Ensuring your organization's digital fortress is impenetrable requires immediate action and smart tools, which we'll cover in detail.Struggle with managing permissions in your organization? You're not alone. We'll break down Role-Based Access Control, a system that not only fortifies your security but streamlines your access management too. By understanding the risks of credential creep and the benefits of roles defined by job functions, you'll see how a robust RBAC system can prevent conflicts of interest and align with evolving business processes. And for those in the trenches of cybersecurity, I'll outline how the synergy between compliance and security teams forms the backbone of a solid role management plan.Finally, we turn our focus to the CISSP exam, providing a beacon for those charting a course through the vast sea of cybersecurity knowledge. With strategic guidance and essential resources, I'll steer you towards not just passing the exam, but mastering it. Ensure you're equipped with the right identity and access management tools like single sign-on, multi-factor authentication, and Identity Governance and Administration. Remember, your journey doesn't end with certification. Stay connected for continued support as we build your cybersecurity expertise into a powerhouse skill set for any organization.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
In Episode 91 of The Energy Question, David Blackmon talks with Dr. Robert Brooks, the CEO of RBAC. RBAC is the market leading supplier of global and regional gas and LNG market simulation systems. These systems provide industry analysts powerful tools for supporting investment and M&A strategy, environmental and sustainability goals, credible risk analysis, trading strategy and policy development and assessment. RBAC's products and expertise help companies go beyond the narratives and hype to identify the opportunities and define the risks inherent in the uncertainties of energy transition using reality and fact-based fundamentals and analysis.Enjoy.RBAC Website: www.rbac.comHighlights of the Podcast02:34 - Energy market simulation systems05:14 - The company provides software products to the energy industry07:47 - G2M2 Global gas market model09:19 - The global LNG markets15:22 - The transit agreement on Russian gas pipelines across Ukraine18:35 - The resilience of the market20:58 - Real major impact on the industry24:07 - Southeast Asia could grow27:39 - The U.S. domestic delivery system for natural gas
OPAL is an open-source administration layer for Policy Engines such as Open Policy Agent (OPA). OPAL provides the necessary infrastructure to load policy and data into multiple policy engines, ensuring they have the information they need to make decisions. Today, we're talking to Or Weis (@OrWeis), co-creator of OPAL and co-founder of Permit, the end-to-end authorization platform that envisions a world where developers never have to build permissions again. Contributor is looking for a community manager! If you want to know more, shoot us an email at eric@scalevp.com. Subscribe to Contributor on Substack for email notifications! In this episode we discuss: History of Permit and OPAL The benefits of an open-foundation model rather than open-core RBAC vs ABAC vs ReBAC Why developers would prefer to not have to deal with authorization Or's own podcast, Command+Shift+Left Links: OPAL Permit Command+Shift+Left Terraform People mentioned: Asaf Cohen (@asafchn) Filip Grebowski (@developerfilip) Other episodes: Open Policy Agent with Torin Sandall Community Driven IaC: OpenTofu with Kuba Martin
“It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina AnnechinoOn this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company's data safe. Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories.In this episode, you'll learn: The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.Things to listen for:[00:24 - 02:47] Introduction to episode and compliance series[02:57 - 04:25] The difference between security and privacy and compliance[04:28 - 06:08] The challenges in balancing security, privacy and compliance[06:26 - 07:24] The difference between risk and control[07:31 - 09:46] The difference between a breach and an incident[09:58 - 11:03] The difference between data security and protection[11:03 - 12:18] The most common data protection regulations[12:31 - 13:10] The difference between frameworks and standards[13:22 - 14:50] What is RBAC and how it relates to cybersecurity[14:50 - 16:45] The meaning of IoT and maintaining inventory assets[16:50 - 18:00] What does Cyber Hygiene mean[18:01 - 20:37] Jara's receiptsResources:Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryData Security 101: Decoding Incidents and BreachesSafeguarding Your Connected Devices: A Practical Approach to IoT SecurityConnect with the Guest:Marie Joseph's LinkedInChristina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity
Energy poverty is real. But it can be cured. Sit back and enjoy a conversation with one of the world's leading experts in ending energy poverty. NJ Ayuk is the executive chairman of the African Energy Chamber, and he is a phenomenal author and industry-leading expert on a mission to eliminate energy poverty.I had an absolute blast, and Cyrus Brooks, RBAC, was on the panel. His passion and energy experience is phenomenal. NJ, Cyrus, and I covered the key issues in Africa but only scratched the surface of some of the solutions.The West has not always had Africa's best interest at heart, and it is time for Africa to put Africa first. If done correctly, the West could have great new markets for goods and services. Africa could get the manufacturing and technical knowledge transfer while shipping completed goods rather than just raw materials.Check out NJ's book A Just Transition: Making Energy Poverty History with an Energy Mix. It is a fantastic book about his mission leading the African Energy Chamber.Thank you, NJ and Cyrus, for your time and industry leadership. I am looking forward to our future conversations about the problems and solutions of ending energy poverty.Follow and connect with NJ on his LinkedIn HERE: https://www.linkedin.com/in/nj-ayuk-jd-mba-6658662/Follow up with Cyrus on his LinkedIn HERE: https://www.linkedin.com/in/cyrus-brooks-03274713/Energy News Beat Podcasts: https://energynewsbeat.co/industry-insights-2/Highlights of the Podcast02:25 - The whole idea behind the energy industry04:07 - Energy poverty08:02 - The geopolitical problems with the Red Sea08:27 - The love for free markets12:09 - African oil and gas producers should seek to maximize their own capacities13:06 - Where they refine their crude oil14:22 - The power of natural gas20:53 - One of the biggest acquisitions that happened in the African continent
Unlock the secrets of your computer's command center as Professor JRod navigates the intricate world of operating systems with expertise that's anything but ordinary. Step into the realm of process management, where the birth, life, and eventual demise of a process unfolds, and where process control blocks stand guard over the vital information that keeps your system ticking. From the ins and outs of scheduling algorithms to the nuances of inter-process communication, this episode is a treasure chest of knowledge, perfect for those on the brink of CompTIA certification or for the tech-curious seeking to deepen their understanding of the digital universe.Venture further into the cybersecurity stronghold, where Professor Jay Rod dissects access control mechanisms with the precision of a master locksmith. Decode the complex language of DAC, MAC, ACLs, and RBAC, and discover how these frameworks act as the bulwarks against digital threats. This dialogue isn't just about the "how" but the "why" - why staying vigilant with software patches is paramount, why audits are the backbone of trust, and why encryption is your silent sentinel. It's a conversation that doesn't just inform; it empowers and equips you with the tools to fortify your own cyber fortress. Join us for a session that's set to enlighten, inspire, and transform your approach to cybersecurity.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod
How prepared is your organization to move forward without fear in the face of ransomware, cyberthreats, ongoing digital transformation, and hybrid cloud adoption? More importantly, if your organization is disrupted, how fast can you recover and move ahead confidently? To navigate these complex waters, we're joined on the Banking Transformed podcast by Rick Vanover is Senior Director of Product Strategy at Veeam. Veeam is at the forefront of providing cutting-edge solutions for data protection and management in the cloud era. Rick shares insights on how Veeam's innovative approaches are safeguarding financial institutions against these threats and ensuring operational continuity in the face of ongoing digital transformation and cloud adoption. This episode of Banking Transformed Solutions is sponsored by Veeam Software In today's financial service landscape, security, compliance, and agility are paramount. Veeam's Kasten K10 solution emerges as a top choice for banking and insurance companies looking to protect their Kubernetes data with leading security and compliance features like end-to-end encryption and RBAC. Kasten K10 supports a broad ecosystem of data services, empowering financial institutions to scale quickly and securely.Find out more https://www.kasten.io/free-kubernetes
Follow: https://stree.ai/podcast | Sub: https://stree.ai/sub | New episodes every Monday! In this episode of "The Real Time Analytics Podcast," Tim Berglund is joined by returning guest Peter Corless (Director of Product Marketing, StarTree) to delve into the complex world of federated data systems. They discuss the evolution of data architectures, the challenges of federated identity and data governance, and the implications for modern businesses. Tune in for an insightful conversation on the intricacies and future directions of federated data in an era of diverse and interconnected systems.
Maya Kaczorowski, Chief Product Officer at Tailscale, joins Corey on Screaming in the Cloud to discuss what sets the Tailscale product approach apart, for users of their free tier all the way to enterprise. Maya shares insight on how she evaluates feature requests, and how Tailscale's unique architecture sets them apart from competitors. Maya and Corey discuss the importance of transparency when building trust in security, as well as Tailscale's approach to new feature roll-outs and change management.About MayaMaya is the Chief Product Officer at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises.Maya completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.Links Referenced: Tailscale: https://tailscale.com/ Tailscale features: VS Code extension: https://marketplace.visualstudio.com/items?itemName=tailscale.vscode-tailscale Tailscale SSH: https://tailscale.com/kb/1193/tailscale-ssh Tailnet lock: https://tailscale.com/kb/1226/tailnet-lock Auto updates: https://tailscale.com/kb/1067/update#auto-updates ACL tests: https://tailscale.com/kb/1018/acls#tests Kubernetes operator: https://tailscale.com/kb/1236/kubernetes-operator Log streaming: https://tailscale.com/kb/1255/log-streaming Tailscale Security Bulletins: https://tailscale.com/security-bulletins Blog post “How Our Free Plan Stays Free:” https://tailscale.com/blog/free-plan Tailscale on AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-nd5zazsgvu6e6 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I am joined today on this promoted guest episode by my friends over at Tailscale. They have long been one of my favorite products just because it has dramatically changed the way that I interact with computers, which really should be enough to terrify anyone. My guest today is Maya Kaczorowski, Chief Product Officer at Tailscale. Maya, thanks for joining me.Maya: Thank you so much for having me.Corey: I have to say originally, I was a little surprised to—“Really? You're the CPO? I really thought I would have remembered that from the last time we hung out in person.” So, congratulations on the promotion.Maya: Thank you so much. Yeah, it's exciting.Corey: Being a product person is probably a great place to start with this because we've had a number of conversations, here and otherwise, around what Tailscale is and why it's awesome. I don't necessarily know that beating the drum of why it's so awesome is going to be covering new ground, but I'm sure we're going to come up for that during the conversation. Instead, I'd like to start by talking to you about just what a product person does in the context of building something that is incredibly central not just to critical path, but also has massive security ramifications as well, when positioning something that you're building for the enterprise. It's a very hard confluence of problems, and there are days I am astonished that enterprises can get things done based purely upon so much of the mitigation of what has to happen. Tell me about that. How do you even function given the tremendous vulnerability of the attack surface you're protecting?Maya: Yeah, I don't know if you—I feel like you're talking about the product, but also the sales cycle of talking [laugh] and working with enterprise customers.Corey: The product, the sales cycle, the marketing aspects of it, and—Maya: All of it.Corey: —it all ties together. It's different facets of frankly, the same problem.Maya: Yeah. I think that ultimately, this is about really understanding who the customer that is buying the product is. And I really mean that, like, buying the product, right? Because, like, look at something like Tailscale. We're typically used by engineers, or infrastructure teams in an organization, but the buyer might be the VP of Engineering, but it might be the CISO, or the CTO, or whatever, and they're going to have a set of requirements that's going to be very different from what the end-user has as a set of requirements, so even if you have something like bottom-up adoption, in our case, like, understanding and making sure we're checking all the boxes that somebody needs to actually bring us to work.Enterprises are incredibly demanding, and to your point, have long checklists of what they need as part of an RFP or that kind of thing. I find that some of the strictest requirements tend to be in security. So like, how—to your point—if we're such a critical part of your network, how are you sure that we're always available, or how are you sure that if we're compromised, you're not compromised, and providing a lot of, like, assurances and controls around making sure that that's not the case.Corey: I think that there's a challenge in that what enterprise means to different people can be wildly divergent. I originally came from the school of obnoxious engineering where oh, as an engineer, whenever I say something is enterprise grade, that's not a compliment. That means it's going to be slow and moribund. But that is a natural consequence of a company's growth after achieving success, where okay, now we have actual obligations to customers and risk mitigation that needs to be addressed. And how do you wind up doing that without completely hobbling yourself when it comes to accelerating feature velocity? It's a very delicate balancing act.Maya: Yeah, for sure. And I think you need to balance, to your point, kind of creating demand for the product—like, it's actually solving the problem that the customer has—versus checking boxes. Like, I think about them as features, or you know, feature requests versus feature blockers or deal blockers or adoption blockers. So, somebody wants to, say, connect to an AWS VPC, but then the person who has to make sure that that's actually rolled out properly also wants audit logs and SSH session recording and RBAC-based controls and lots of other things before they're comfortable deploying that in their environment. And I'm not even talking about the list of, you know, legal, kind of, TOS requirements that they would have for that kind of situation.I think there's a couple of things that you need to do to even signal that you're in that space. One of the things that I was—I was talking to a friend of mine the other day how it feels like five years ago, like, nobody had SOC 2 reports, or very few startups had SOC 2 reports. And it's probably because of the advent of some of these other companies in this space, but like, now you can kind of throw a dart, and you'll hit five startups that have SOC 2 reports, and the amount that you need to show that you're ready to sell to these companies has changed.Corey: I think that there's a definite broadening of the use case. And I've been trying to avoid it, but let's go diving right into it. I used to view Tailscale as, oh it's a VPN. The end. Then it became something more where it effectively became the mesh overlay where all of the various things that I have that speak Tailscale—which is frankly, a disturbing number of things that I'd previously considered to be appliances—all talk to one another over a dedicated network, and as a result, can do really neat things where I don't have to spend hours on end configuring weird firewall rules.It's more secure, it's a lot simpler, and it seems like every time I get that understanding down, you folks do something that causes me to yet again reevaluate where you stand. Most recently, I was doing something horrifying in front-end work, and in VS Code the Tailscale extension popped up. “Oh, it looks like you're running a local development server. Would you like to use Tailscale Funnel to make it available to the internet?” And my response to that is, “Good lord, no, I'm ashamed of it, but thanks for asking.” Every time I think I get it, I have to reevaluate where it stands in the ecosystem. What is Tailscale now? I feel like I should get the official description of what you are.Maya: Well, I sure hope I'm not the official description. I think the closest is a little bit of what you're saying: a mesh overlay network for your infrastructure, or a programmable network that lets you mesh together your users and services and services and services, no matter where they are, including across different infrastructure providers and, to your point, on a long list of devices you might have running. People are running Tailscale on self-driving cars, on robots, on satellites, on elevators, but they're also running Tailscale on Linux running in AWS or a MacBook they have sitting under their desk or whatever it happens to be. The phrase that I like to use for that is, like, infrastructure agnostic. We're just a building block.Your infrastructure can be whatever infrastructure you want. You can have the cheapest GPUs from this cloud, or you can use the Android phone to train the model that you have sitting on your desk. We just help you connect all that stuff together so you can build your own cloud whatever way you want. To your point, that's not really a VPN [laugh]. The word VPN doesn't quite do it justice. For the remote access to prod use case, so like a user, specifically, like, a developer infra team to a production network, that probably looks the most like a zero-trust solution, but we kind of blur a lot of the lines there for what we can do.Corey: Yeah, just looking at it, at the moment, I have a bunch of Raspberries Pi, perhaps, hanging out on my tailnet. I have currently 14 machines on there, I have my NAS downstairs, I have a couple of EC2 instances, a Google Cloud instance, somewhere, I finally shut down my old Oracle Cloud instance, my pfSense box speaks it natively. I have a Thinkst Canary hanging out on there to detect if anything starts going ridiculously weird, my phone, my iPad, and a few other things here and there. And they all just talk seamlessly over the same network. I can identify them via either IP address, if I'm old, or via DNS if I want to introduce problems that will surprise me at one point or another down the road.I mean, I even have an exit node I share with my brother's Tailscale account for reasons that most people would not expect, namely that he is an American who lives abroad. So, many weird services like banks or whatnot, “Oh, you can't log in to check your bank unless you're coming from US IP space.” He clicks a button, boom, now he doesn't get yelled at to check his own accounts. Which is probably not the primary use case you'd slap on your website, but it's one of those solving everyday things in somewhat weird ways.Maya: Oh, yeah. I worked at a bank maybe ten years ago, and they would block—this little bank on the east coast of the US—they would block connections from Hawaii because why would any of your customers ever be in Hawaii? And it was like, people travel and maybe you're—Corey: How can you be in Hawaii? You don't have a passport.Maya: [laugh]. People travel. They still need to do banking. Like, it doesn't change, yeah. The internet, we've built a lot of weird controls that are IP-based, that don't really make any sense, that aren't reflective. And like, that's true for individuals—like you're describing, people who travel and need to bank or whatever they need to do when they travel—and for corporations, right? Like the old concept—this is all back to the zero trust stuff—but like, the old concept that you were trusted just because you had an IP address that was in the corp IP range is just not true anymore, right? Somebody can walk into your office and connect to the Wi-Fi and a legitimate employee can be doing their job from home or from Starbucks, right? Those are acceptable ways to work nowadays.Corey: One other thing that I wanted to talk about is, I know that in previous discussions with you folks—sometimes on the podcast sometimes when I more or less corner someone a Tailscale at your developer conference—one of the things that you folks talk about is Tailscale SSH, which is effectively a drop-in replacement for the SSH binary on systems. Full disclosure, I don't use it, mostly because I'm grumpy and I'm old. I also like having some form of separation of duties where you're the network that ties it all together, but something else winds up acting as that authentication step. That said, if I were that interesting that someone wanted to come after me, there are easier ways to get in, so I'm mostly just doing this because I'm persnickety. Are you seeing significant adoption of Tailscale SSH?Maya: I think there's a couple of features that are missing in Tailscale SSH for it to be as adopted by people like you. The main one that I would say is—so right now if you use Tailscale SSH, it runs a binary on the host, you can use your Tailscale credentials, and your Tailscale private key, effectively, to SSH something else. So, you don't have to manage a separate set of SSH keys or certs or whatever it is you want to do to manage that in your network. Your identity provider identity is tied to Tailscale, and then when you connect to that device, we still need to have an identity on the host itself, like in Unix. Right now, that's not tied to Tailscale. You can adopt an identity of something else that's already on the host, but it's not, like, corey@machine.And I think that's the number one request that we're getting for Tailscale SSH, to be able to actually generate or tie to the individual users on the host for an identity that comes from, like, Google, or GitHub, or Okta, or something like that. I'm not hearing a lot of feedback on the security concerns that you're expressing. I think part of that is that we've done a lot of work around security in general so that you feel like if Tailscale were to be compromised, your network wouldn't need to be compromised. So, Tailscale itself is end-to-end encrypted using WireGuard. We only see your public keys; the private keys remain on the device.So, in some sense the, like, quote-unquote, “Worst” that we could do would be to add a node to your network and then start to generate traffic from that or, like, mess with the configuration of your network. These are questions that have come up. In terms of adding nodes to your network, we have a feature called tailnet lock that effectively lets you sign and verify that all the nodes on your network are supposed to be there. One of the other concerns that I've heard come up is, like, what if the binary was compromised. We develop in open-source so you can see that that's the case, but like, you know, there's certainly more stuff we could be doing there to prevent, for example, like a software supply chain security attack. Yeah.Corey: Yeah, but you also have taken significant architectural steps to ensure that you are not placed in a position of undue trust around a lot of these things. Most recently, you raised a Series B, that was $100 million, and the fact that you have not gone bankrupt in the year since that happened tells me that you are very clearly not routing all customer traffic through you folks, at least on one of the major cloud providers. And in fact, a little bit of playing a-slap-and-tickle with Wireshark affirm this, that the nodes talk to each other; they do not route their traffic through you folks, by design. So one, great for the budget, I have respect for that data transfer pattern, but also it means that you are in the position of being a global observer in a way that can be, in many cases, exploited.Maya: I think that's absolutely correct. So, it was 18 months ago or so that we raised our Series B. When you use Tailscale, your traffic connects peer-to-peer directly between nodes on your network. And that has a couple of nice properties, some of what you just described, which is that we don't see your traffic. I mean, one, because it's end-to-end encrypted, but even if we could capture it, and then—we're not in the way of capturing it, let alone decrypting it.Another nice property it has is just, like, latency, right? If your user is in the UK, and they're trying to access something in Scotland, it's not, you know, hair-pinning, bouncing all the way to the West Coast or something like that. It doesn't have to go through one of our servers to get there. Another nice property that comes with that is availability. So, if our network goes down, if our control plane goes down, you're temporarily not able to add nodes or change your configuration, but everything in your network can still connect to each other, so you're not dependent on us being online in order for your network to work.And this is actually coming up more and more in customer conversations where that's a differentiator for us versus a competitor. Different competitors, also. There's a customer case study on our website about somebody who was POC'ing us with a different option, and literally during the POC, the competitor had an outage, unfortunately for them, and we didn't, and they sort of looked at our model, our deployment model and went, “Huh, this really matters to us.” And not having an outage on our network with this solution seems like a better option.Corey: Yeah, when the network is down, the computers all turn into basically space heaters.Maya: [laugh]. Yeah, as long as they're not down because, I guess, unplugged or something. But yeah, [laugh] I completely agree. Yeah. But I think there's a couple of these kinds of, like, enterprise things that people are—we're starting to do a better job of explaining and meeting customers where they are, but it's also people are realizing actually does matter when you're deploying something at this scale that's such a key part of your network.So, we talked a bit about availability, we talked a bit about things like latency. On the security side, there's a lot that we've done around, like I said, tailnet lock or that type of thing, but it's like some of the basic security features. Like, when I joined Tailscale, probably the first thing I shipped in some sense as a PM was a change log. Here's the change log of everything that we're shipping as part of these releases so that you can have confidence that we're telling you what's going on in your network, when new features are coming out, and you can trust us to be part of your network, to be part of your infrastructure.Corey: I do want to further call out that you have a—how should I frame this—a typically active security notification page.Maya: [laugh].Corey: And I think it is easy to misconstrue that as look at how terrifyingly insecure this is? Having read through it, I would argue that it is not that you are surprisingly insecure, but rather that you are extraordinarily transparent about things that are relatively minor issues. And yes, they should get fixed, but, “Oh, that could be a problem if six other things happen to fall into place just the right way.” These are not security issues of the type, “Yeah, so it turns out that what we thought was encrypting actually wasn't and we're just expensive telnet.” No, there's none of that going on.It's all been relatively esoteric stuff, but you also address it very quickly. And that is odd, as someone who has watched too many enterprise-facing companies respond to third-party vulnerability reports with rather than fixing the problem, more or less trying to get them not to talk about it, or if they do, to talk about it only using approved language. I don't see any signs of that with what you've done there. Was that a challenging internal struggle for you to pull off?Maya: I think internally, it was recognizing that security was such an important part of our value proposition that we had to be transparent. But once we kind of got past that initial hump, we've been extremely transparent, as you say. We think we can build trust through transparency, and that's the most important thing in how we respond to security incidents. But code is going to have bugs. It's going to have security bugs. There's nothing you can do to prevent that from happening.What matters is how you—and like, you should. Like, you should try to catch them early in the development process and, you know, shift left and all that kind of stuff, but some things are always going to happen [laugh] and what matters in that case is how you respond to them. And having another, you know, an app update that just says “Bug fixes” doesn't help you figure out whether or not you should actually update, it doesn't actually help you trust us. And so, being as public and as transparent as possible about what's actually happening, and when we respond to security issues and how we respond to security issues is really, really important to us. We have a policy that talks about when we will publish a bulletin.You can subscribe to our bulletins. We'll proactively email anyone who has a security contact on file, or alternatively, another contact that we have if you haven't provided us a security contact when you're subject to an issue. I think by far and large, like, Tailscale has more security bulletins just because we're transparent about them. It's like, we probably have as many bugs as anybody else does. We're just lucky that people report them to us because they see us react to them so quickly, and then we're able to fix them, right? It's a net positive for everyone involved.Corey: It's one of those hard problems to solve for across the board, just because I've seen companies in the past get more or less brutalized by the tech press when they have been overly transparent. I remember that there was a Reuters article years ago about Slack, for example, because they would pull up their status history and say, “Oh, look at all of these issues here. You folks can't keep your website up.” But no, a lot of it was like, “Oh, file uploads for a small subset of our users is causing a problem,” and so on and so forth. These relatively minor issues that, in aggregate, are very hard to represent when you're using traffic light signaling.So, then you see people effectively going full-on AWS status page where there's a significant outage lasting over a day, last month, and what you see on this is if you go really looking for it is this yellow thing buried in his absolute sea of green lights, even though that was one of the more disruptive things to have happened this year. So, it's a consistent and constant balance, and I really have a lot of empathy no matter where you wind up landing on that?Maya: Yeah, I think that's—you're saying it's sort of about transparency or being able to find the right information. I completely agree. And it's also about building trust, right? If we set expectations as to how we will respond to these things then we consistently respond to them, people believe that we're going to keep doing that. And that is almost more important than, like, committing to doing that, if that makes any sense.I remember having a conversation many years ago with an eng manager I worked with, and we were debating what the SLO for a particular service should be. And he sort of made an interesting point. He's like, “It doesn't really matter what the SLO is. It matters what you actually do because then people are going to start expecting [laugh] what you actually do.” So, being able to point at this and say, “Yes, here's what we say and here's what we actually do in practice,” I think builds so much more trust in how we respond to these kinds of things and how seriously we take security.I think one of the other things that came out of the security work is we realized—and I think you talked to Avery, the CEO of Tailscale on a prior podcast about some of this stuff—but we realized that platforms are broken, and we don't have a great way of pushing automatic updates on a lot of platforms, right? You know, if you're using the macOS store, or the Android Play Store, or iOS or whatever, you can automatically update your client when there is a security issue. On other platforms, you're kind of stuck. And so, as a result of us wanting to make sure that the fleet is as updated as possible, we've actually built an auto-update feature that's available on all of our major clients now, so people can opt in to getting those updates as quickly as needed when there is a security issue. We want to expose people to as little risk as possible.Corey: I am not a Tailscale customer. And that bugs me because until I cross that chasm into transferring $1 every month from my bank account to yours, I'm just a whiny freeloader in many respects, which is not at all how you folks who never made me feel I want to be very clear on that. But I believe in paying for the services that empower me to do my job more effectively, and Tailscale absolutely qualifies.Maya: Yeah, understood, I think that you still provide value to us in ways that aren't your data, but then in ways that help our business. One of them is that people like you tend to bring Tailscale to work. They tend to have a good experience at home connecting to their Synology, helping their brother connect to his bank account, whatever it happens to be, and they go, “Oh.” Something kind of clicks, and then they see a problem at work that looks very similar, and then they bring it to work. That is our primary path of adoption.We are a bottom-up adoption, you know, product-led growth product [laugh]. So, we have a blog post called “How Our Free Plan Stays Free” that covers some of that. I think the second thing that I don't want to undersell that a user like you also does is, you have a problem, you hit an issue, and you write into support, and you find something that nobody else has found yet [laugh].Corey: I am very good at doing that entirely by accident.Maya: [laugh]. But that helps us because that means that we see a problem that needs to get fixed, and we can catch it way sooner than before it's deployed, you know, at scale, at a large bank, and you know, it's a critical, kind of, somebody's getting paged kind of issue, right? We have a couple of bugs like that where we need, you know, we need a couple of repros from a couple different people in a couple different situations before we can really figure out what's going on. And having a wide user base who is happy to talk to us really helps us.Corey: I would say it goes beyond that, too. I have—I see things in the world of Tailscale that started off as features that I requested. One of the more recent ones is, it is annoying to me to see on the Tailscale machines list everything I have joined to the tailnet with that silly little up arrow next to it of, “Oh, time to go back and update Tailscale to the latest,” because that usually comes with decent benefits. Great, I have to go through iteratively, or use Ansible, or something like that. Well, now there's a Tailscale update option where it will keep itself current on supported operating systems.For some unknown reason, you apparently can't self-update the application on iOS or macOS. Can't imagine why. But those things tend to self-update based upon how the OS works due to all the sandboxing challenges. The only challenge I've got now is a few things that are, more or less, embedded devices that are packaged by the maintainer of that embedded system, where I'm beholden to them. Only until I get annoyed enough to start building a CI/CD system to replace their package.Maya: I can't wait till you build that CI/CD system. That'll be fun.Corey: “We wrote this code last night. Straight to the bank with it.” Yeah, that sounds awesome.Maya: [laugh] You'd get a couple of term sheets for that, I'm sure.Corey: There are. I am curious, looping back to the start of our conversation, we talked about enterprise security requirements, but how do you address enterprise change management? I find that that's something an awful lot of companies get dreadfully wrong. Most recently and most noisily on my part is Slack, a service for which I paid thousands of dollars a year, decided to roll out a UI redesign that, more or less, got in the way of a tremendous number of customers and there was no way to stop it or revert it. And that made me a lot less likely to build critical-flow business processes that depended upon Slack behaving a certain way.Just, “Oh, we decided to change everything in the user interface today just for funsies.” If Microsoft pulled that with Excel, by lunchtime they'd have reverted it because an entire universe of business users would have marched on Redmond to burn them out otherwise. That carries significant cost for businesses. Yet I still see Tailscale shipping features just as fast as you ever have. How do you square that circle?Maya: Yeah. I think there's two different kinds of change management really, which is, like—because if you think about it, it's like, an enterprise needs a way to roll out a product or a feature internally and then separately, we need a way to roll out new things to customers, right? And so, I think on the Tailscale side, we have a change log that tells you about everything that's changing, including new features, and including changes to the client. We update that religiously. Like, it's a big deal, if something doesn't make it the day that it's supposed to make it. We get very kind of concerned internally about that.A couple of things that were—that are in that space, right, we just talked about auto-updates to make it really easy for you to maintain what's actually rolled out in your infrastructure, but more importantly, for us to push changes with a new client release. Like, for example, in the case of a security incident, we want to be able to publish a version and get it rolled out to the fleet as quickly as possible. Some of the things that we don't have here, but although I hear requests for is the ability to, like, gradually roll out features to a customer. So like, “Can we change the configuration for 10% of our network and see if anything breaks before rolling back, right before rolling forward.” That's a very traditional kind of infra change management thing, but not something I've ever seen in, sort of, the networking security space to this degree, and something that I'm hearing a lot of customers ask for.In terms of other, like, internal controls that a customer might have, we have a feature called ACL Tests. So, if you're going to change the configuration of who can access what in your network, you can actually write tests. Like, your permission file is written in HuJSON and you can write a set of things like, Corey should be able to access prod. Corey should not be able to access test, or whatever it happens to be—actually, let's flip those around—and when you have a policy change that doesn't pass those tests, you actually get told right away so you're not rolling that out and accidentally breaking a large part of your network. So, we built several things into the product to do it. In terms of how we notify customers, like I said, that the primary method that we have right now is something like a change log, as well as, like, security bulletins for security updates.Corey: Yeah, it's one of the challenges, on some level, of the problem of oh, I'm going to set up a service, and then I'm going to go sail around the world, and when I come back in a year or two—depending on how long I spent stranded on an island somewhere—now I get to figure out what has changed. And to your credit, you have to affirmatively enable all of the features that you have shipped, but you've gone from, “Oh, it's a mesh network where everything can talk to each other,” to, “I can use an exit node from that thing. Oh, now I can seamlessly transfer files from one node to another with tail drop,” to, “Oh, Tailscale Funnel. Now, I can expose my horrifying developer environment to the internet.” I used that one year to give a talk at a conference, just because why not?Maya: [crosstalk 00:27:35].Corey: Everything evolves to become [unintelligible 00:27:37] email on Microsoft Outlook, or tries to be Microsoft Excel? Oh, no, no. I want you to be building Microsoft PowerPoint for me. And we eventually get there, but that is incredibly powerful functionality, but also terrifying when you think you have a handle on what's going on in a large-scale environment, and suddenly, oh, there's a whole new vector we need to think about. Which is why your—the thought and consideration you put into that is so apparent and so, frankly, welcome.Maya: Yeah, you actually kind of made a statement there that I completely missed, which is correct, which is, we don't turn features on by default. They are opt-in features. We will roll out features by default after they've kind of baked for an incredibly long period of time and with, like, a lot of fanfare and warning. So, the example that I'll give is, we have a DNS feature that was probably available for maybe 18 months before we turned it on by default for new tailnets. So didn't even turn it on for existing folks. It's called Magic DNS.We don't want to touch your configuration or your network. We know people will freak out when that happens. Knowing, to your point, that you can leave something for a year and come back, and it's going to be the same is really important. For everyone, but for an enterprise customer as well. Actually, one other thing to mention there. We have a bunch of really old versions of clients that are running in production, and we want them to keep working, so we try to be as backward compatible as possible.I think the… I think we still have clients from 2019 that are running and connecting to corp that nobody's updated. And like, it'd be great if they would update them, but like, who knows what situation they're in and if they can connect to them, and all that kind of stuff, but they still work. And the point is that you can have set it up four years ago, and it should still work, and you should still be able to connect to it, and leave it alone and come back to it in a year from now, and it should still work and [laugh] still connect without anything changing. That's a very hard guarantee to be able to make.Corey: And yet, somehow you've been able to do that, just from the perspective of not—I've never yet seen you folks make a security-oriented decision that I'm looking at and rolling my eyes and amazed that you didn't make the decision the other way. There are a lot of companies that while intending very well have done, frankly, very dumb things. I've been keeping an eye on you folks for a long time, and I would have caught that in public. I just haven't seen anything like that. It's kind of amazing.Last year, I finally took the extraordinary step of disabling SSH access anywhere except the tailnet to a number of my things. It lets my logs fill up a lot less, and you've built to that level of utility-like reliability over the series of longtime experimentation. I have yet to regret having Tailscale in the mix, which is, frankly, not something I can say about almost any product.Maya: Yeah. I'm very proud to hear that. And like, maintaining that trust—back to a lot of the conversation about security and reliability and stuff—is incredibly important to us, and we put a lot of effort into it.Corey: I really appreciate your taking the time to talk to me about how things continue to evolve over there. Anything that's new and exciting that might have gotten missed? Like, what has come out in, I guess, the last six months or so that are relevant to the business and might be useful for people looking to use it themselves?Maya: I was hoping you're going to ask me what came out in the last, you know, 20 minutes while we were talking, and the answer is probably nothing, but you never know. But [laugh]—Corey: With you folks, I wouldn't doubt it. Like, “Oh, yeah, by the way, we had to do a brand treatment redo refresh,” or something on the website? Why not? It now uses telepathy just because.Maya: It could, that'd be pretty cool. No, I mean, lots has gone on in the last six months. I think some of the things that might be more interesting to your listeners, we're now in the AWS Marketplace, so if you want to purchase Tailscale through AWS Marketplace, you can. We have a Kubernetes operator that we've released, which lets you both ingress and egress from a Kubernetes cluster to things that are elsewhere in the world on other infrastructure, and also access the Kubernetes control plane and the API server via Tailscale. I mentioned auto-updates. You mentioned the VS Code extension. That's amazing, the fact that you can kind of connect directly from within VS Code to things on your tailnet. That's a lot of the exciting stuff that we've been doing. And there's boring stuff, you know, like audit log streaming, and that kind of stuff. But it's good.Corey: Yeah, that stuff is super boring until suddenly, it's very, very exciting. And those are not generally good days.Maya: [laugh]. Yeah, agreed. It's important, but boring. But important.Corey: [laugh]. Well, thank you so much for taking the time to talk through all the stuff that you folks are up to. If people want to learn more, where's the best place for them to go to get started?Maya: tailscale.com is the best place to go. You can download Tailscale from there, get access to our documentation, all that kind of stuff.Corey: Yeah, I also just want to highlight that you can buy my attention but never my opinion on things and my opinion on Tailscale remains stratospherically high, so thank you for not making me look like a fool, by like, “Yes. And now we're pivoting to something horrifying is a business model and your data.” Thank you for not doing exactly that.Maya: Yeah, we'll keep doing that. No, no, blockchains in our future.Corey: [laugh]. Maya Kaczorowski, Chief Product Officer at Tailscale. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. This episode has been brought to us by our friends at Tailscale. If you enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment that will never actually make it back to us because someone screwed up a firewall rule somewhere on their legacy connection.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
What happens when ransomware strikes a big corporation like Clorox? Imagine the chaos and the panic that ensues - not to mention, the significant impact on revenue and leadership. That's where we kick off our conversation with Sean Gerber, who delves deep into the Clorox ransomware attack and why having a strong resiliency plan is imperative. We also shed light on the importance of authorization and discretionary access controls in maintaining organizational security.We navigate the complex world of role-based access controls (RBAC), discussing how it can efficiently handle access permissions and even prevent fraud within an organization. But it's not a bed of roses; role explosion and initial setup overhead are just a couple of issues when adopting RBAC. Moving forward, we unpack different types of access controls, their advantages, and challenges - think attribute-based, mandatory, and risk-based controls. You'll be surprised by their impact on enterprise security.Wrapping up, our attention shifts towards CISSP cyber training and how it bolsters your chances of acing the CISSP exam. We share stories of triumph, tips, and tools to help you succeed. Whether you're a cybersecurity professional or just interested in staying one step ahead of cyber threats, this episode is bursting with insights and discussions that you simply can't ignore. So, forget your regular playlist; it's time to plug into some serious cyber talks!Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
When sitting down years ago to decide on how to do a podcast, it never crossed my mind that conversations like today's would be possible. I had the pleasure of sitting down with Robert Brooks, Founder and chairman, of RBAC, to cover the global LNG and natural gas markets.Wow we had a great talk, and you can tell from the timeline that we covered the entire global market. RBAC is the leading Energy Market Simulation System to help in M&A, risk analysis, planning, and commodity trading. In order to understand the modeling tools, you have to understand the complex supply, demand, and geopolitical issues. Their tools are critical, but how do you put a price on energy security? Thank you Dr. Brooks for stopping by the podcast again! This was a great discussion, and I can't wait to get another update. - Stu00:00 - Intro01:08 - Dr. Robert Brooks discusses his optimism for African self-empowerment, acknowledging challenges like corrupt leadership and poverty but emphasizing the potential to utilize abundant resources for development.05:47 - Tell us a little bit about what you do and the importance of your global market.10:29 - Dr. Brooks shares insights from his presentation at a DMG conference in China, focusing on energy security. Highlights include China's substantial natural gas production, extensive use of LNG import terminals, challenges in massive cities, and transportation systems.16:04 - Description of Beijing's cleanliness, green spaces, and cultural emphasis on aesthetics. Positive experiences with considerate people are mentioned, along with the evolving nature of China's natural gas markets despite top-down control.21:36 - How much are they trying to put in for natural gas versus coal in their mix? Do you know?23:14 - China's approach to energy security, highlighting their reliance on coal for domestic production, slow development of local gas resources, and a diversified strategy involving Central Asian pipelines, Russian gas deals, and LNG imports to mitigate challenges and ensure energy stability.26:10 - Doesn't Egypt have spare capacity to export out?30:20 - Mention of France's long-term natural gas contracts with Norway and considerations of LNG storage and transportation logistics, including the strategic use of tankers as floating storage.32:39 - The logistics and cost considerations of LNG storage and transportation, noting the strategic use of tankers as floating storage to minimize costs and maximize profits based on market conditions.35:48 - Don't long term contracts go to more stable geopolitical scenarios?37:36 - Is determining the viability of contracts, especially through pricing models, a core function of RBAC's software for companies?39:59 - Do you factor in if the country buys in a ton of LNG tankers, does that matter?43:09 - How does a model take into consideration the the shifting of effort may go to natural gas as the princess at the ball if you would.46:52 - Dr. Brooks discusses liquefied petroleum gas (LPG) as an energy solution, emphasizing its benefits in developing countries due to lower costs and job creation in the supply chain. The conversation touches on the humanitarian aspect of providing reliable energy sources, particularly in rural areas.52:35 - Tell us any thoughts that you have. It can be wide open. Tell me what you're thinking on the last thoughts here.56:06 - Where people can find you?5:21 - OutroFollow Dr. Brooks on LinkedIn HERE: https://www.linkedin.com/in/robert-brooks-ph-d-8081231/More information on RBAC HERE: https://rbac.com/Dr. Robert Brooks first interview: ENB #132 Robert Brooks Ph.D, Founder & Chairman, RBAC, Inc. – Insights to the global natural gas, LNG and geopolitical impacts on the energy market.
This podcast and interview follow the African Energy Week interviews with Cyrus Brooks and Dr. Ibrahim, the Secretary-General for the African Petroleum Producers Organization. This single interview was critical when discussing the energy humanity aspect of energy poverty.Cyrus Brooks, Author and Humanitarian at RBAC, and I had a podcast the day before we recorded this episode that had just been released, and we talked about many of these issues that he was seeing while he was in South Africa in the meetings.Run of Show01:09: Can you tell our listeners some of the main points that you're talking about at the African Energy Conference? 05:52: African reserves need to elevate all of that humanity out of energy poverty and get them to a quality of life. 07:10: What do you see for the role of of natural gas as a bit of a cleaner fuel for Africa's own use? 13:35: what happens at this conference because this story needs to get out because the energy hypocrisy around the world needs to be changed to humanity and get Africa first. 15:24: European Parliament wrote to the criticism of the ECA and Uganda's pipeline. They mentioned specifically they were concerned about Russia and China.18:42: How do we get to that last mile but yet incorporate it into the natural gas and of the cities? 22:26: I think natural gas has it opens the way it seems to open the way to to better economics. And it also is is cleaner than many other other fuels.25:50: If the West was greedy and they really wanted to sell more. You think that we would want to help you guys? 28:30: On your organization with the African Petroleum Producers Organization. What is your goal? Please follow Cyrus Brooks at his LinkedIn: https://www.linkedin.com/in/cyrus-brooks-03274713/and the African Petroleum Producers Organization https://www.linkedin.com/company/african-petroleum-producers%E2%80%99-oganization/Real Estate Investor Pulse -https://realestateinvestorpulse.com/1031 Exchange E-Book https://alternativeinvestments.sandstone-group.com/en-us/tax-benefits-sandstone-group-0-1-1ENB Top News https://energynewsbeat.co/top-news/ENB https://energynewsbeat.co/Energy Dashboard https://dashboard.energynewsbeat.com/ENB Podcast https://energynewsbeat.co/industry-insights-2/ENB Substack https://theenergynewsbeat.substack.com/Other Great Resources from the Sandstone GroupReal Estate Investor Pulse -https://realestateinvestorpulse.com/1031 Exchange E-Book https://alternativeinvestments.sandstone-group.com/en-us/tax-benefits-sandstone-group-0-1-1ENB Top News https://energynewsbeat.co/top-news/ENB https://energynewsbeat.co/Energy Dashboard https://dashboard.energynewsbeat.com/ENB Podcast https://energynewsbeat.co/industry-insights-2/ENB Substack https://theenergynewsbeat.substack.com/
In this episode of the Energy News Beat Daily Standup - Weekly Recap, Stuart Turley and Michael Tanner discuss various energy-related topics. They delve into the impact of the climate crisis on Africa, highlighting the disparity between Western and African energy consumption. They emphasize the importance of helping African nations access reliable energy sources to improve their living conditions, reduce pollution-related deaths, and stimulate economic growth. The conversation also touches on the challenges and high costs associated with hydrogen production and storage, particularly in the context of renewable energy. Additionally, they discuss Chevron's acquisition of Hess Corporation and the strategic considerations behind the move, with a focus on the potential future mergers and acquisitions in the oil and gas industry. Jamie Dimon's skepticism regarding the Federal Reserve's ability to control inflation is also mentioned, along with the widening gap between European and U.S. oil and gas majors, largely influenced by ESG (Environmental, Social, and Governance) considerations.Highlights of the Podcast00:00 - Intro00:14 - Why is the Climate Crisis racist where Africa is concerned? The West policies towards Africa are like environmental racism. – Alex Epstien03:57 - Bidenomics at Work: ‘Green' Hydrogen Is a Very Expensive Waste of Money08:38 - Dutch Energy Minister Admits That Wind Power Agenda Is Pricier Than Anticipated11:32 - Chevron to buy Hess Corp for $53 billion in all-stock deal15:39 - Jamie Dimon says central banks got forecasts ‘100% dead wrong' — and it doesn't matter if Fed hikes rates again18:14 - Value gap between European, U.S. oil majors “stubbornly wide” amidst Exxon, Chevron megadeals20:01 - OutroPlease see the links below for articles that we discuss in the podcast.Why is the Climate Crisis racist where Africa is concerned? The West policies towards Africa are like environmental racism. – Alex EpstienSometimes we must stand up and point out hypocrisy and apparent racism. This interview with Cyrus Brooks, with RBAC, Public Speaker, Writer, and Humanitarian, was a great conversation covering just that. While I was live […]Bidenomics at Work: ‘Green' Hydrogen Is a Very Expensive Waste of MoneyMaking green hydrogen suffers from the very problem it is supposed to cure. The part-time, weather dependent, unreliability of wind and solar energy. Hydrogen storage is supposed to function as a sort of battery at […]Dutch Energy Minister Admits That Wind Power Agenda Is Pricier Than AnticipatedDutch Minister of Climate and Energy Rob Jetten admits that wind power is facing serious financial headwinds. Jetten: consumers should expect substantially higher electricity prices than initially anticipated. The increased costs are not primarily linked […]Chevron to buy Hess Corp for $53 billion in all-stock dealHOUSTON, Oct 23 (Reuters) – Chevron (CVX.N) agreed to buy U.S. rival Hess (HES.N) for $53 billion in stock in a deal that reflects top U.S. energy companies drive for oil and gas assets in a world seeking lower-risk future fossil […]Jamie Dimon says central banks got forecasts ‘100% dead wrong' — and it doesn't matter if Fed hikes rates againJamie Dimon said central banks 18 months ago got their economic forecasts “100% dead wrong” — and said it doesn't matter whether the Fed hikes rates again this year. The outspoken JPMorgan Chase CEO blasted […]Value gap between European, U.S. oil majors “stubbornly wide” amidst Exxon, Chevron megadealsWorld Oil (Bloomberg) – Europe's oil majors seem to finally be winning back investors by refocusing on their core business, yet the valuation gap with their dealmaking U.S. peers remains stubbornly wide. After companies such […]Follow Stuart On LinkedIn and TwitterFollow Michael On LinkedIn and TwitterENB Top NewsENBEnergy DashboardENB PodcastENB Substack– Get in Contact With The Show –
In Episode 357, Ben and Scott run through the recently announced Community gallery capability that has been added to the Azure Compute Gallery service. They also take a few minutes to discuss the public preview of table-level RBAC read-access controls for your Log Analytics workspaces. Like what you hear and want to support the show? Check out our membership options. Show Notes Microsoft Ignite Share images using a community gallery Create a VM from a generalized image version Direct shared gallery Manage access to Log Analytics workspaces Set table-level read access About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.
Howdy, y'all, and welcome to The Cyber Ranch Podcast! Joining Allan this week is Ron Nissim, CEO @ Entitle. Yes, this is one of our rare shows with a vendor as a guest. Why? Because in this case, the vendor was more highly informed than any of Allan's practitioner friends he was able to query about the subject. And what is that subject? Permissions Management. One that we've never done a deep dive into on this show, and one that's overdue. So without further ado, enjoy hearing Ron chat with Allan. What are the fundamental tenants of proper permissions management? What are the goals? What does the tech stack look like? different categories you're going to pursue? What are the differences between mid-market and enterprise when it comes to permissions management? What is missing still in permissions management? What does next 3-5 years look like? How does permissions lifecycle tie into identity lifecycle? What is broken with RBAC?
My time with Dr. Brooks was an absolute blast. We covered everything from RBAC, geopolitical issues around Russia, China, the Middle East, and financial modeling for global natural gas markets. Robert was an absolute saint for keeping me on task as I would ask 17 questions, and he would go through them with second and third-order-of-magnitude impacting issues.When you look at RBAC's mission, it is clear that its corporate culture is focused on delivering sustainable energy to humanity.Robert will go to China soon and have a direct pulse on critical market data. We are staying in touch to help get the word out about his trip and any information they can publicly release.Also I highly recommend signing up for their news letters and following Cyrus Brooks on LinkedIn for great energy industry thought leadership. Thank you Dr. Brooks for stopping by the podcast, and I am looking forward to visiting with you again and following RBAC for critical market updates. - Stu Please follow Dr. Brooks on his LinkedIn HERE:Check out the RBAC Website HERE: RBAC is the market leading supplier of global and regional gas and LNG market simulation systems. These systems provide industry analysts powerful tools for supporting investment and M&A strategy, environmental and sustainability goals, credible risk analysis, trading strategy and policy development and assessment. Our products and expertise help companies go beyond the narratives and hype to identify the opportunities and define the risks inherent in the uncertainties of energy transition using reality and fact based fundamentals and analysis.
Darren Guccione, CEO and Co-founder of Keeper Security, continues his talk with Don Witt of the Channel Daily News, a TR publication in Part 2 where Darren continues his discussion about Privileged Access Solutions (PAM). He describes how traditional PAM solutions are falling short, and what IT pros need to do when it comes to Privileged Access Management. Darren also describes how Keeper Security excels at PAM. Darren Guccione Darren provides advice to organizations struggling with identity and access security. He finishes with future goals and what the company is currently focused on for release soon. If you are concerned about security, lock down the corporate and enterprise passwords. By doing this alone, 80% of the threats will be neutralized. Keeper Security is one powerful platform that protects every user on every device. Deploys in just minutes. Protecting millions of people and thousands of companies globally as the trusted and proven cybersecurity leader. An easy-to-use platform that unifies critical components of Identity and Access Management and enables zero-trust transformation. Visibility, security and control - Keeper's platform gives administrators the power to fine tune their organization's access levels to critical data and credentials across individuals and teams. Keeper uses role-based access control (RBAC) to support least-privileged access and tracks all user activity from every location and on every device. For more information, go to: https://www.keepersecurity.com
Welcome to the newest episode of The Cloud Pod podcast! Justin, Ryan, Jonathan, Matthew are your hosts this week. Join us as we discuss all things cloud, AI, the upcoming Google AI Conference, AWS Console, and Duet AI for Google cloud. Titles we almost went with this week:
In this episode I talk with Rishi Bhargava who is the Co-Founder of Descope, a company that is revolutionizing how authentication is done within applications. If you enjoy this episode please share it & review the podcast!We are now live on Youtube! If you want to watch the video of this interview then go to the links below!LinkedIn: https://www.linkedin.com/in/bhargavarishi/Website: https://www.descope.com/The Imposter Syndrome Network PodcastThe Imposter Syndrome Network (ISN) is a community of technology professionals who...Listen on: Apple Podcasts SpotifySupport the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
Jim and Jeff brought the podcast to the Carolinas Identity Roundtable and discussed role-based access control (RBAC) with Beth Goins, Information Security IAM and Governance Manager at Arvest Bank, Prince Jones, Senior Manager at Trane Technologies, and Ashley Rouse, Lead Information Security Analyst at Lowes. Connect with Beth: https://www.linkedin.com/in/elizabeth-goins-cism-903a638/ Connect with Prince: https://www.linkedin.com/in/princejones/ Connect with Ashley: https://www.linkedin.com/in/ashley-r-1241a5a2/ Connect with Tom: https://www.linkedin.com/in/tom-lennon-02321b1/ Carolinas Identity Roundtable: https://www.linkedin.com/groups/8985340/ Learn more about Identiverse: https://events.identiverse.com/identiverse2023/begin?code=IDV23-ICEN20 Use our discount code for 20% off your Identiverse registration: IDV23-ICEN20 Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
Data access control is becoming increasingly important as more and more sensitive data is being stored and processed by businesses and organizations. In this episode, the VP of Developer Experience at lakeFS, Adi Polak, joins to help define data access control and give examples of sensitive data that requires access control. Adi also talks about the concept of role-based access control (RBAC), which differs from traditional access control methods and provides several advantages. The steps involved in implementing RBAC are discussed, as well as best practices and challenges. Real-world examples of RBAC implementation and success stories are provided, and lessons learned from RBAC implementation are shared. We also discuss lakeFS, an open-source platform that provides a Git-like interface for managing data lakes. In particular, we get into the data management controls, the security and privacy features, and the future of the product. Topics: What are some common types of data access controls? Why are these types of controls important? How can RBAC help organizations better manage and secure their data? What are some challenges in implementing effective data access controls? How can organizations balance data security with the need to provide employees with the information they need to do their jobs? What are some best practices for managing data access control? How do you ensure that data access controls remain effective over time as your organization grows and changes? What is lakeFS? What model of data access management does lakeFS support? What are some of the other privacy and security features of lakeFS? What's next for lakeFS? Anything you can share? Where do you see data access control going in the next 5-10 years? Resources: lakeFS Roadmap Scaling Machine Learning with Spark: Distributed ML with MLlib, TensorFlow, and PyTorch
Hey,it's 5:05. Thanks for being here on Friday,April 21st, 2023 from the Sourced podcast Network in Camp Hill, Pennsylvania. This is your host, Bob Bannon. Stories in today's episode, come from Edwin Kwan in Sydney, Australia, Mark Miller in New York, Katy Craig in San Diego, California, and Shannon Lietz in San Diego California. Pokey will be back on Monday, but for now I still have the controls. Let's get to it. LLM Datasets
Summary As with all aspects of technology, security is a critical element of data applications, and the different controls can be at cross purposes with productivity. In this episode Yoav Cohen from Satori shares his experiences as a practitioner in the space of data security and how to align with the needs of engineers and business users. He also explains why data security is distinct from application security and some methods for reducing the challenge of working across different data systems. Announcements Hello and welcome to the Data Engineering Podcast, the show about modern data management Join in with the event for the global data community, Data Council Austin. From March 28-30th 2023, they'll play host to hundreds of attendees, 100 top speakers, and dozens of startups that are advancing data science, engineering and AI. Data Council attendees are amazing founders, data scientists, lead engineers, CTOs, heads of data, investors and community organizers who are all working together to build the future of data. As a listener to the Data Engineering Podcast you can get a special discount of 20% off your ticket by using the promo code dataengpod20. Don't miss out on their only event this year! Visit: dataengineeringpodcast.com/data-council (https://www.dataengineeringpodcast.com/data-council) today RudderStack makes it easy for data teams to build a customer data platform on their own warehouse. Use their state of the art pipelines to collect all of your data, build a complete view of your customer and sync it to every downstream tool. Sign up for free at dataengineeringpodcast.com/rudder (https://www.dataengineeringpodcast.com/rudder) Hey there podcast listener, are you tired of dealing with the headache that is the 'Modern Data Stack'? We feel your pain. It's supposed to make building smarter, faster, and more flexible data infrastructures a breeze. It ends up being anything but that. Setting it up, integrating it, maintaining it—it's all kind of a nightmare. And let's not even get started on all the extra tools you have to buy to get it to do its thing. But don't worry, there is a better way. TimeXtender takes a holistic approach to data integration that focuses on agility rather than fragmentation. By bringing all the layers of the data stack together, TimeXtender helps you build data solutions up to 10 times faster and saves you 70-80% on costs. If you're fed up with the 'Modern Data Stack', give TimeXtender a try. Head over to dataengineeringpodcast.com/timextender (https://www.dataengineeringpodcast.com/timextender) where you can do two things: watch us build a data estate in 15 minutes and start for free today. Your host is Tobias Macey and today I'm interviewing Yoav Cohen about the challenges that data teams face in securing their data platforms and how that impacts the productivity and adoption of data in the organization Interview Introduction How did you get involved in the area of data management? Data security is a very broad term. Can you start by enumerating some of the different concerns that are involved? How has the scope and complexity of implementing security controls on data systems changed in recent years? In your experience, what is a typical number of data locations that an organization is trying to manage access/permissions within? What are some of the main challenges that data/compliance teams face in establishing and maintaining security controls? How much of the problem is technical vs. procedural/organizational? As a vendor in the space, how do you think about the broad categories/boundary lines for the different elements of data security? (e.g. masking vs. RBAC, etc.) What are the different layers that are best suited to managing each of those categories? (e.g. masking and encryption in storage layer, RBAC in warehouse, etc.) What are some of the ways that data security and organizational productivity are at odds with each other? What are some of the shortcuts that you see teams and individuals taking to address the productivity hit from security controls? What are some of the methods that you have found to be most effective at mitigating or even improving productivity impacts through security controls? How does up-front design of the security layers improve the final outcome vs. trying to bolt on security after the platform is already in use? How can education about the motivations for different security practices improve compliance and user experience? What are the most interesting, innovative, or unexpected ways that you have seen data teams align data security and productivity? What are the most interesting, unexpected, or challenging lessons that you have learned while working on data security technology? What are the areas of data security that still need improvements? Contact Info Yoav Cohen (https://www.linkedin.com/in/yoav-cohen-7a4ba23/) Parting Question From your perspective, what is the biggest gap in the tooling or technology for data management today? Closing Announcements Thank you for listening! Don't forget to check out our other shows. Podcast.__init__ (https://www.pythonpodcast.com) covers the Python language, its community, and the innovative ways it is being used. The Machine Learning Podcast (https://www.themachinelearningpodcast.com) helps you go from idea to production with machine learning. Visit the site (https://www.dataengineeringpodcast.com) to subscribe to the show, sign up for the mailing list, and read the show notes. If you've learned something or tried out a project from the show then tell us about it! Email hosts@dataengineeringpodcast.com (mailto:hosts@dataengineeringpodcast.com)) with your story. To help other people find the show please leave a review on Apple Podcasts (https://podcasts.apple.com/us/podcast/data-engineering-podcast/id1193040557) and tell your friends and co-workers Links Satori (https://satoricyber.com) Podcast Episode (https://www.dataengineeringpodcast.com/satori-cloud-data-governance-episode-165) Data Masking (https://en.wikipedia.org/wiki/Data_masking) RBAC == Role Based Access Control (https://en.wikipedia.org/wiki/Role-based_access_control) ABAC == Attribute Based Access Control (https://en.wikipedia.org/wiki/Attribute-based_access_control) Gartner Data Security Platform Report (https://www.gartner.com/en/documents/4006252) The intro and outro music is from The Hug (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/Love_death_and_a_drunken_monkey/04_-_The_Hug) by The Freak Fandango Orchestra (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/) / CC BY-SA (http://creativecommons.org/licenses/by-sa/3.0/)
Software Engineering Radio - The Podcast for Professional Software Developers
Nicholas Manson, a SaaS Architect with more than 2 decades of experience building cloud applications, speaks with host Kanchan Shringi about identity and access management requirements for cloud applications. They begin by examining what a digital...
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss.
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss. The post Heavy Networking 656: Embedding Zero Trust Into Applications appeared first on Packet Pushers.
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss.
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss. The post Heavy Networking 656: Embedding Zero Trust Into Applications appeared first on Packet Pushers.
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss. The post Heavy Networking 656: Embedding Zero Trust Into Applications appeared first on Packet Pushers.
On today's Heavy Networking we look at the idea of embedding zero trust into applications. The way we do cyber security these days has failed in significant ways. What if we could extend the AAA or RBAC model to all applications? Better yet, what if we take the RBAC model, make authentication more robust than username & password, assess endpoint security posture constantly, and evaluate each request individually up at layer 7 for all applications? Guest Galeal Zino has opinions on what embedded zero trust looks like. We discuss.
On The Cloud Pod this week, Amazon announces Neptune Serverless, Google introduces Google Blockchain Node Engine, and we get some cost management updates from Microsoft. Thank you to our sponsor, Foghorn Consulting, which provides top notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you're having trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week. General News [1:24]