Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Amazon famously promotes a shared responsibility model for cloud security.
The short version:
Amazon is responsible for security of the cloud.
The customer is responsible for security in the cloud.
AWS has cloud-native security features to help with this. But it's kind of on the customer to figure out how to best apply them alongside the rest of their security stack.
This is a fairly defensible way to approach things. But I do think it opens up opportunities for other cloud players to do more to show customers the way.
Google is making an interesting play on this front. I was a bit dismissive when they first announced their Siemplicity acquisition. But now that they've dropped another $5.4 billion on Mandiant, there's a clear story coming into focus.
They now have:
A substantive vision around Zero Trust and proactive risk mitigation.
The combined capabilities of their Chronicle offering and Siemplicity to help customers detect threats and execute sophisticated response playbooks.
A premium set of research, advisory, and response services from Mandiant that also sets them up to be a leading industry voice and resource when large-scale security incidents break.
These are still disparate pieces that need to come together more cohesively. But if they can bring it together into a more prescriptive cloud security blueprint – backed by cloud-native tools and experts on demand – it will be a compelling point of differentiation.
-Doug
Amazon famously promotes a shared responsibility model for cloud security.
The short version:
Amazon is responsible for security of the cloud.
The customer is responsible for security in the cloud.
AWS has cloud-native security features to help with this. But it's kind of on the customer to figure out how to best apply them alongside the rest of their security stack.
This is a fairly defensible way to approach things. But I do think it opens up opportunities for other cloud players to do more to show customers the way.
Google is making an interesting play on this front. I was a bit dismissive when they first announced their Siemplicity acquisition. But now that they've dropped another $5.4 billion on Mandiant, there's a clear story coming into focus.
They now have:
A substantive vision around Zero Trust and proactive risk mitigation.
The combined capabilities of their Chronicle offering and Siemplicity to help customers detect threats and execute sophisticated response playbooks.
A premium set of research, advisory, and response services from Mandiant that also sets them up to be a leading industry voice and resource when large-scale security incidents break.
These are still disparate pieces that need to come together more cohesively. But if they can bring it together into a more prescriptive cloud security blueprint – backed by cloud-native tools and experts on demand – it will be a compelling point of differentiation.
-Doug
No activity yet