We explore the certificate issue in which secure boot is potentially compromised because of certificates that have been compromised in ways they could be easily used as for an attack vector. This is a very significant flaw and something that should be on your purview and radar to fix.
We’re going to talk about what the issue is, why it’s important, how secure boot works, and what you can do to mitigate this problem in your own infrastructure. This is a really important episode for anybody running or managing desktops, data centers or infrastructure of any type.
In this episode, we dive deep into a recent and highly sophisticated SSH intrusion attack that was discovered in the Linux kernel. We’ll discuss how the attackers were able to inject a backdoor into a critical compression library, leveraging social engineering tactics to become a trusted maintainer over several years.
We explore the UEFI certificate issue in which secure boot is potentially compromised. Certificates that are included in most UEFI BIOSes have been compromised in ways that could easily be used as an attack vector, a very significant flaw and something that should be on your purview and radar to fix and patch.
We’re going to talk about what the issue is, why it’s important, how secure boot works, and what you can do to mitigate this problem in your own infrastructure. An important episode for anybody running or managing desktops, data centers or any infrastructure of any type.
How can digital identity be used to build better trust and systems in our daily transactions? There are really significant challenges and consequences to having a national guaranteed identity – a single identity provider.
Knowing who you’re interacting with, in every form, in every situation is not as simple as you might think. There’s a lot of analogues to physical identity that are worth considering.
What would it mean for us to not have privacy? Does identity mean we don’t have privacy in our interactions? Who can we trust and what authority do they have?
What actually is used to describe the provenance and information that comes with our data? Today we discuss metadata and the governance, security, hint, domains, date that accompany data in ways that in some senses are more important than data.
How can we move, change and transform data? We had a really robust conversation about how access to data is so critical in actually understanding how data is used.
This is a topic we struggle with: figuring out the naming, how things work, and the context. More than anything else, the context makes things challenging. As you listen to this, think through how challenging it is to define data, data governance, and using data effectively.
A dense and thoughtful book, it is straight up the alley of the type of conversations of the2030.cloud has. Our analysis of the book and the challenges it provides – the data compliance governance, the legality, the threat, and broader implications of what Dr. Lambda lays out – are all really important.
Today’s podcast is understandable and interesting without having had to go through and read the book, but I still recommend that you do.
How can you execute on a zero trust strategy and what do you need to keep in mind while building it? Today covers the 101 and 201 levels on zero trust.
We had a really good conversation about how it works, what doesn’t work, what you need to be prepared for. Even if you think you understand zero trust, you will get something out of this conversation. And if it’s a new topic for you, you can also benefit from this pragmatic discussion of zero trust, security and application architects.
Data comes from many different places, sources, and ways. Some data we call dark data, which is data not accessible to you, and all of it relevant. Today we talk about metadata as part of the governance control management exposure of data.
An important layer beyond the data itself is the governance intent, how people access it, and how you combine data. We discuss exactly what that is, but still only touch the surface.
In the Cloud 2030 Podcast episode on metadata and building a data control plane, Rob Hirschfeld emphasizes the challenge of controlling data egress due to its diverse sources and destinations. He contends that rather than attempting to create a locked box for all data, the focus should be on embedding information, particularly metadata, to control data consumption. Hirschfeld envisions a distributed system for a data control plane, involving multiple parties managing and providing consistent rules for data use, acknowledging the complexity of data storage across various locations. He encourages listeners to explore the insightful February 2nd episode and engage in ongoing conversations at the2030.cloud.
We continue our Governance as Code discussions in today’s episode.
We started by very broadly looking at Governance as Code generally, but quickly drilled down into Infrastructure as Code meets Governance as Code focused discussion. Understanding that intersection is critical to building something that is both automated and governable.
The topic explored how we audit controls for systems. We also need to make sure that when we build infrastructure, it’s following our policies. The challenge here is making sure that what we’ve automated is conforming to our governance.
How do authorization systems need to be built and made resilient for distributed infrastructure? We discuss how having a single centralized authorization system is incredibly fragile compared to distributed edge infrastructure.
Everything we build has some element of distributed component tree and resiliency in it, and we need to make sure that the authorization systems are included in that analysis.
We explored how you can make MFA more resilient and how you can improve the security of authentication by building additional layers of trust based on behaviors.
In the April 28th Cloud 2030 Podcast, Rob Hirschfeld delves into the challenges of implementing two-factor authentication (2FA) in distributed infrastructures with centralized authentication. The critical problem revolves around creating resilient systems that don’t solely rely on external factors for authentication, considering the potential impact on every service and component in the infrastructure. The discussion emphasizes the importance of behavioral analysis in authentication, scrutinizing user behavior to ensure trustworthiness, especially in scenarios where full authentication is not available. The full conversation explores these aspects in depth, providing valuable insights for building resilient infrastructure. Join future discussions at the2030.cloud.
