DevSecOps and securing the container. [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 1 May 2022

⏱️ 32 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The move to cloud has great potential to improve security, but the required process and cultural changes can be daunting. There are a vast number of critical vulnerabilities that make it to production and demand more effective mitigations. Although “shifting security left” should help, organizations are not able to achieve this quickly enough, and “shifting left” does not account for runtime threats. Organizations must strive to improve the prioritization of vulnerabilities to ensure the most dangerous flaws are fixed early. But even then, some risk will be accepted, and a threat detection and response program is required for full security coverage. On this episode of CyberWire-X, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores how to secure your software development lifecycle, how to use a maturity model like BSIM, where do containers fit in that process, and the Sysdig 2022 Cloud-Native Security and Usage report. Joining Rick on this episode are Tom Quinn, CISO at T. Rowe Price and CyberWire Hash Table member, and from episode sponsor Sysdig is their Director of Thought Leadership, Anna Belak, to discuss their experiences and real world data, as well as practical approaches to managing cloud risk. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X, a series of specials where we highlight important security topics
0:25.6	affecting security professionals worldwide.
0:28.5	I'm Rick Howard, the chief security officer, chief analyst, and senior fellow at the
0:32.4	CyberWire.
0:33.6	In today's episode is titled DevSek Ops and SecCops and Securing the container.
0:37.8	Now we all know that the move to the cloud had great potential to improve security, but the required process and cultural changes can be daunting.
0:46.2	There are a vast number of critical vulnerabilities that make it into production and demand more effective mitigations.
0:54.0	Although shifting security left should help, organizations are not able to achieve this quickly
0:58.8	enough and shifting left does not account for runtime threats.
1:03.0	Organizations must strive to improve the prioritization of vulnerabilities to ensure the most dangerous
1:08.1	flaws are fixed early.
1:09.6	But even then, some risk will be accepted and a threat detection and response program is required for full security coverage.
1:17.0	So on this show we will be discussing how to secure your software development life cycle,
1:21.0	how to use a maturity model like the Building Security and
1:24.2	Maturity model or B-SIM? Where do containers fit in that process and the CISDIG
1:29.7	2022 Cloud Native Security and Usage Report.
1:34.1	A programming note, each CyberWire X Special features two segments.
1:38.3	In the first part of the show, we will hear from industry experts on the topic at hand.
1:42.4	And in the second part, we will hear from our show's
1:44.6	sponsor for their point of view.
1:46.5	And since I brought it up,
1:47.6	here's a word from today's sponsor,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.