Security Access as Code

Tim Prendergast (@auxome, CEO strongDM) talks about security access as code, the latest security trends including Zero Trust and taking a modern approach to security.SHOW: 596CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:CloudZero - Cloud Cost Intelligence for Engineering TeamsDatadog Application Monitoring: Modern Application Performance MonitoringGet started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.BMC Wants to Know if your business is on it's A-GameBMC Autonomous Digital EnterpriseSHOW NOTES:strongDM (homepage)strongDM raises $54M (VentureBeat)Year of Access Infographic (strongDM)Year of Access Full Report (strongDM)Topic 1 - Welcome back to the show! For those that don’t know, you were on the Cloudcast show #151 way back in the day and one of our first security guests. Hard to believe it has been almost 8 years since we’ve had you on the show. For those that don’t know, give everyone a brief introduction and what you’ve been up to since your evident.io days.Topic 2 - You introduced our listeners to the concepts of Continuous Security Monitoring and Shared Responsibility in the public cloud. Bring folks up to date, how have security models and concepts evolved?Topic 3 - Leading question for you Tim… as we know strongDM recently published some great reports on this, go check out the Infographic and Year of Access Reports linked in the show notes. Where do developers and more specifically where does DevOps or even DevSecOps fit into all of this? How do we “air gap” developers in public cloud while maintaining access to the tools and workflows they need. (i.e. ssh keys, AWS IAM keys, RDP logins, and database credentials)Topic 4 - Security to me has always been a tradeoff of convenience. But, we also have the rise of automation, which I would expect to be a big convenience vs. risk trade off, especially at scale.  Is this still true? Where does Zero Trust fit in?Topic 5 - Lets talk about strongDM specifically quickly. I’ve heard the term “access as code” thrown around. Is this a proxy, a VPN, tell us a bit about the tech and the implementation and use case and what changes.FEEDBACK?Email: show at the cloudcast dot netTwitter: FEEDBACK?Email: show @ the enterprise ai show dot comeBluesky: @EntAIShow.bsky.socialTwitter/X: @TheEntAIShowInstagram: @TheEntAIShow