Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by...
Centralized VPC Endpoints - Why It Works for AWS Networking
In this episode, Meg Ashby, a senior cloud security engineer shares how her team tackled AWS’s centralized VPC interface endpoints, a design often seen as an anti-pattern. She explains how they turned this unconventional approach into a cost-efficient and scalable solution, all while maintaining granular controls and network visibility. She shares why centralized VPC endpoints are considered an AWS anti-pattern, how to implement granular IAM controls in a centralized model and the challenges of monitoring and detecting VPC endpoint traffic.
Guest Socials: Meg's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:48) A bit about Meg Ashby
(03:44) What is VPC interface endpoints?
(05:26) Egress and Ingress for Private Networks
(08:21) Reason for using VPC endpoints
(14:22) Limitations when using centralised endpoint VPCs
(19:01) Marrying VPC endpoint and IAM policy
(21:34) VPC endpoint specific conditions
(27:52) Is this solution for everyone?
(38:16) Does VPC endpoint have logging?
(41:24) Improvements for the next phase
Thank you to our episode sponsor Wiz. Cloud Security Podcast listeners can also get a free cloud security health scan by going to wiz.io/csp
--------
48:41
What is CADR?
In this episode, recorded at Kubecon NA in Salt Lake City, we spoke about about Kubernetes security with Shauli Rozen, co-founder and CEO of ARMO Security. From the challenges of runtime protection to the potential of CADR (Cloud Application Detection and Response), Shauli breaks down the gaps in traditional CSPM tools and how Kubernetes plays a central role in cloud security strategy. The episode gets into the "Four C's" of cloud security: Cloud, Cluster, Container, Code, why runtime data, powered by eBPF, is critical for modern security solutions, the rise of CADR and how Kubernetes is reshaping the landscape of DevOps and security collaboration.
Guest Socials: Shauli's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:46) A bit about Shauli and ARMO
(02:26) Bit about open source project Kubescape
(03:59) What is Runtime Security in Kubernetes?
(06:50) CDR and Application Security
(08:57) What is ADR and CADR?
(09:55) How is CADR different to ASPM + DAST?
(12:18) Kubernetes Usage and eBPF
(15:35) Does your CSPM do coverage for Kubernetes?
(16:24) What to include in 2025 Cybersecurity Roadmap?
(19:09) Does everyone need CADR?
(21:35) Who is looking at the Kubernetes Security Logs?
(23:17) The future of Kubernetes Security
(25:26) The Fun Section
--------
29:04
Building Platforms in Regulated Industries
At HashiConf 2024 in Boston, our host Ashish Rajan had a great chat over some cannolis and a game of Jenga with AJ Oller, AVP of Engineering at The Hartford about how automation, mainframes, and compliance intersect to drive innovation in regulated industries like insurance. They spoke about why regulations aren't barriers but frameworks to prevent failure, the human side of engineering and how to manage change fatigue during transformations and how automation enhances security, disaster recovery, and operational efficiency.
Guest Socials: AJ' s Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:53) A bit about AJ Oller
(02:17) The Cannoli taste test
(04:38) Technology in the Insurance industry
(10:19)What is a platform?
(11:46) What skillsets do you need in platform team?
(14:19) Maturity for building platform teams
(19:5)8 Business case for investing in Automation
(24:49) Does Automation help with security regulations?
(28:10) Leaders communicating automation value to business
(30:37) Cheerleading for digital transformation
(32:32) The Fun Section
--------
36:32
Dynamic Permission Boundaries: A New Approach to Cloud Security
In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model.
They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy.
Guest Socials: Kushagra's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:31) A bit about Kushagra
(03:29) How large can the scale of AWS accounts be?
(03:49) IAM Challenges at scale
(06:50) What is a permission boundary?
(07:53) Permission Boundary at Scale
(13:07) Creating dynamic permission boundaries
(18:34) Cultural challenges of building dev friendly security
(23:05) How has the shared responsibility model changed?
(25:22) Different levels of customer shared responsibility
(29:28) Shared Responsibility for MultiCloud
(34:05) Making service enablement work at scale
(43:07) The Fun Section
--------
46:05
Building a Resilient Cloud Security Program after Merger and Acquisition
In this episode, host Ashish Rajan sits down with Prahathess Rengasamy, a cloud security expert with extensive experience at companies like Credit Karma, Block, and Apple. Together, they explore the challenges and best practices for scaling cloud security, especially in the complex scenarios of mergers and acquisitions.
Starting with foundational elements like CSPMs and security policies, Prahathess breaks down the evolution of cloud security strategies. He explains why cloud security cannot succeed in isolation and emphasizes the need for collaboration with platform and infrastructure engineering teams. The conversation delves into real-world examples, including managing AWS and GCP security post-acquisition and navigating the cultural and technical challenges that come with multi-cloud environments.
Guest Socials: Prahathess's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:02) A bit about Prahathess
(02:36) How does Cloud Security Scale?
(07:51) Where do we see just in time provisioning?
(10:05) Cloud Security for Mergers and Acquisitions
(14:31) Should people become MultiCloud Experts?
(15:28) The need for data insights
(16:54) Data sources to have as part of data insights
(21:06) Benefits of Data insights for Cloud Security Teams
(21:30) How to bring the new team along the cloud security journey?
(24:29) How to learn about data insights?
(26:35) How to maximize security efforts with data?
(36:21) The Fun Section
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
France