#0025

The Sound of Security

Published on 2025-09-08

Summary

Security is more than a feature, it’s a pillar of the Well-Architected Framework. In this episode, Carl and Brandon explore how AWS, Azure, and GCP approach security across identity and access, infrastructure defense, data protection, monitoring, governance, and the shared responsibility model.

They compare tools and practices like IAM, RBAC, and conditional access; network firewalls, WAFs, and DDoS protection; encryption at rest and in transit; and incident detection and automated remediation. The conversation also dives into security testing, drift detection with IaC, compliance posture, and how policy enforcement differs across the big three. The episode closes with a reminder that cloud security is always shared, and is never finished.

Links

AWS: Well-Architected Framework – Security pillar
AWS: Identity and Access Management (IAM)
AWS: AWS Shield and WAF
AWS: Amazon Macie
AWS: Amazon GuardDuty
AWS: AWS Config
Azure: Azure Well-Architected Framework – Security
Azure: Microsoft Entra ID (Azure AD)
Azure: Azure Role-Based Access Control (RBAC)
Azure: Azure Key Vault
Azure: Defender for Cloud
Azure: Microsoft Sentinel
Google Cloud: Google Cloud Architecture Framework – Security
Google Cloud: IAM overview
Google Cloud: Cloud Armor
Google Cloud: Cloud KMS
Google Cloud: Data Loss Prevention (DLP) API
Google Cloud: Security Command Center
Google Cloud: Assured Workloads

Permalink

Recent Episodes

Operating Excellently (2025-08-04) : Operational excellence in the cloud requires automation, visibility, process rigor, and a culture of continuous learning to scale with confidence.

What is Cloud Resiliency, Really? (2025-06-02) : Carl and Brandon take a grounded look at what cloud resiliency really means — and how it compares to availability, reliability, and redundancy. They unpack strategies for designing systems that recover gracefully from failure, using real-world examples and architectural patterns that keep your cloud stack steady when it matters most.

The 9 Circles of Dependency Hell 🔥 (2025-05-05) : Carl and Brandon explore the "9 Circles of Dependency Hell," breaking down the most common pitfalls developers face when managing dependencies in cloud environments — and how to escape them. From version conflicts to licensing issues, it’s a survival guide for modern cloud teams.

The 3 M's of Going to the Cloud (2025-04-07) : Gain insights on cloud migration, modernization, and management as Carl and Brandon break down the essentials of planning, evaluating on-prem environments, choosing providers, and preparing for Day 2 Operations, backed by real-world experiences to guide your team's journey.

All Your Data Are Belong to Us (2025-03-03) : Carl and Brandon talk all things data storage in the cloud! With so many options to choose from, how do you know you picked the right one?

We Can Hardly Contain Ourselves! (2025-02-03) : Carl and Brandon deep dive into container technology, covering career paths, best practices, runtime, orchestration, optimization, and security.

The Source is with Us (2025-01-06) : A deep dive into the open-source journey of Brian Munzenmayer, discussing community engagement, project maintenance, and the future of open-source software.

Control All the Things! 🛩️ (2024-12-02) : Carl and Brandon dive into the world of planes… control planes, that is! What is a control plane, why would you want to build one, and what are common examples that you've already used? Learn in this episode of CloudChat!