Keeping Governments Secure in the Cloud
07/13/21 • 40 min
Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices.
Acronyms
- ATO = Authority to Operate
- POAM = Plan of Action and Milestones
- CDM = Continuous Diagnostics and Mitigation
- OCM = Organizational Change Management
Tweetables:
“Over the next few years, we will see a lot of traction and we will see accelerated workload migration to the cloud. It's not just one cloud but multiple clouds, and multi-cloud is becoming the new norm.” — Ravi Raghava [0:04:55]
“We are very strong advocates of OCM, and we work with our government customers to have a well thought-through strategy, providing the right skills, the right training, right medium of training to people.” — Ravi Raghava [0:25:43]
“Having those security frameworks in place, testing infrastructure, having those security tools in place nicely help you automate the entire thing because automation is key.” — Ravi Raghava [0:31:20]
Links Mentioned in Today’s Episode:
Ravi Raghava on LinkedIn
GDIT
JFrog
Prisma Cloud
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices.
Acronyms
- ATO = Authority to Operate
- POAM = Plan of Action and Milestones
- CDM = Continuous Diagnostics and Mitigation
- OCM = Organizational Change Management
Tweetables:
“Over the next few years, we will see a lot of traction and we will see accelerated workload migration to the cloud. It's not just one cloud but multiple clouds, and multi-cloud is becoming the new norm.” — Ravi Raghava [0:04:55]
“We are very strong advocates of OCM, and we work with our government customers to have a well thought-through strategy, providing the right skills, the right training, right medium of training to people.” — Ravi Raghava [0:25:43]
“Having those security frameworks in place, testing infrastructure, having those security tools in place nicely help you automate the entire thing because automation is key.” — Ravi Raghava [0:31:20]
Links Mentioned in Today’s Episode:
Ravi Raghava on LinkedIn
GDIT
JFrog
Prisma Cloud
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Previous Episode
How COVID-19 Impacted Cloud Security
In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world.
In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-)
Key Points From This Episode:
- Cloud security incidents grew, on average, 188% pre vs. post COVID-19 discovery.
- Retail organizations saw the greatest increase in security incidents at 402%.
- The cloud is no longer for low-impact data: 69% of data is PII.
Tweetables:
“We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26]
“Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02]
Links Mentioned in Today’s Episode:
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Next Episode
Putting the Sec in DevOps
Today’s guest is Guy Eisenkot and he joins us to talk about how culture is a critical aspect of shift-left security and DevOps. Guy is the Co-Founder of Bridgecrew, a tool that solves the talent shortage gap for building secure infrastructure in the public cloud. Our conversation begins with Guy giving some insight about his path into development and security, and he details his training in the Israeli military and subsequent experience building security tools for the civil market. In today’s discussion, Guy gets into how the security responsibilities of platform and infrastructure teams have changed as well as what security teams are missing when it comes to DevOps security. He shares his insights about how security and DevOps teams have been able to synchronize and also gets into some of the biggest pitfalls in DevOps as far as cybersecurity best practices. We explore how infrastructure as code could be the driver of two paths, one leading to a dangerous amount of freedom, and the other, to the standardization necessary for automation. Toward the end of our conversation, Guy weighs in on the parts of the industry that show maturity as far as DevSecOps versus those that don’t, and he also talks about how the OpenSource tool Checkov helps solve poor security configurations during resource deployment. Tune in today and get ready to take some notes!
Tweetables:
“We were learning what are the limitations of these orchestration capabilities, and how we can take legacy infrastructure and promote it into a modern stack. And that's where we saw DevOps is practically everywhere.” — @guysenkot [0:06:28]
“Bridgecrew essentially builds developer tools that help people from engineering organizations build secure infrastructure in the public cloud.” — @guysenkot [0:12:19]
“Where both security and DevOps come together for me is when you realize that in the cloud both of these buckets of initiatives are sitting on the same infrastructure.” — @guysenkot [0:20:38]
Links Mentioned in Today’s Episode:
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Cloud Security Today - Keeping Governments Secure in the Cloud
Transcript
**Note: Transcript is automatically generated. Expect typos and crazy stuff that a poorly written ML algorithm thought was said but probably wasn’t! :) **
Thanks for joining us for today's podcast. My name is Matt Chiodi, and today we have Ravi Raghava from GDIT on to really talk about cloud security, cloud deployments from a federal perspective. We haven't talked about this topic, so I'm really excited to have Ravi on to chat about it. Ravi, thanks for joining u
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cloud-security-today-215519/keeping-governments-secure-in-the-cloud-24120979"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to keeping governments secure in the cloud on goodpods" style="width: 225px" /> </a>
Copy