EP193 Inherited a Cloud? Now What? How Do I Secure It?

This interview-style podcast episode focuses on addressing cloud security challenges in inherited or unexpectedly acquired cloud environments. The hosts discuss the common scenario of a security team inheriting a cloud environment lacking initial security integration, interviewing Taylor Lehmann and Luis Urena from Google Cloud. They explore the immediate risks, such as unknown vulnerabilities and identity management issues, and debunk the common "burn it down" approach, advocating for a phased approach prioritizing gaining control, isolating workloads, and then implementing security measures. Specific advice includes focusing on identity and access management (IAM), implementing multi-factor authentication (MFA) strategically, and conducting a compromise assessment to identify existing threats. The episode concludes with practical tips for security leaders, emphasizing the importance of proactive planning, incident response practice, and leveraging tools like IAM Recommender to efficiently manage inherited cloud environments.