The Sound of Security
Summary
Security is more than a feature, itβs a pillar of the Well-Architected Framework. In this episode, Carl and Brandon explore how AWS, Azure, and GCP approach security across identity and access, infrastructure defense, data protection, monitoring, governance, and the shared responsibility model.
They compare tools and practices like IAM, RBAC, and conditional access; network firewalls, WAFs, and DDoS protection; encryption at rest and in transit; and incident detection and automated remediation. The conversation also dives into security testing, drift detection with IaC, compliance posture, and how policy enforcement differs across the big three. The episode closes with a reminder that cloud security is always shared, and is never finished.
Links
- AWS: Well-Architected Framework β Security pillar
- AWS: Identity and Access Management (IAM)
- AWS: AWS Shield and WAF
- AWS: Amazon Macie
- AWS: Amazon GuardDuty
- AWS: AWS Config
- Azure: Azure Well-Architected Framework β Security
- Azure: Microsoft Entra ID (Azure AD)
- Azure: Azure Role-Based Access Control (RBAC)
- Azure: Azure Key Vault
- Azure: Defender for Cloud
- Azure: Microsoft Sentinel
- Google Cloud: Google Cloud Architecture Framework β Security
- Google Cloud: IAM overview
- Google Cloud: Cloud Armor
- Google Cloud: Cloud KMS
- Google Cloud: Data Loss Prevention (DLP) API
- Google Cloud: Security Command Center
- Google Cloud: Assured Workloads