Securing Multi-Cloud from a CISO Perspective, Part 3

Guests:

• Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud
• Dave Hannigan, Director, Financial Services Security & Compliance @ Google Cloud

Topics:

• As a CISO, would you ever decide to use multiple clouds, if it were in your hands?
• How is security typically considered when companies go multi-cloud in their approach?
• Practically, or operationally, how does one think through securing multiple public cloud environments?
• What are the top challenges here? Different controls? Lack of tools? Confusing process? Skills on the team?
• Would you always buy security tools from a 3rd party (not a CSP) if you have to cover more than one cloud provider?
• Anything to add about compliance across multiple clouds?
• What is the best approach for securing multiple SaaS services that your company uses?

Resources:

• "IDC: A multicloud strategy can mitigate regulatory, business risks"
• "Anthos security"
• SANS papers on securing multiple clouds (example)