Secure Software Supply Chain with Nikhil Kaul and Victor Szalvay

Google Cloud Platform Podcast

Episode | Podcast

Date: Wed, 21 Jul 2021 00:00:00 +0000

<p>This week on the podcast, hosts <a href="https://twitter.com/stephr_wong">Stephanie Wong</a> and Bukola Ayodele speak with <a href="https://twitter.com/kaulnikhil">Nikhil Kaul</a> and Victor Szalvay about security in the software supply chain. Cloud OnAir will be offering a <a href="https://cloudonair.withgoogle.com/events/container-security?utm_source=google&amp;utm_medium=blog&amp;utm_campaign=FY21-Q3-northam-NA1102-onlineevent-er-container_security&amp;utm_content=gc_podcast"> virtual event</a> on supply chain software security on July 29th, and our guests start the show by telling us more about it.</p> <p>The recent cyber attacks on US companies have brought to light the importance of cyber security. A new set of guidelines for securing these components and software as a whole will be released soon, impacting not just software developers but the users as well. The Cloud OnAir event will breakdown these new guidelines and educate attendees on steps to take to ensure more secure software and software components. Internally, Google has been optimizing their software supply chain security for years with solutions like BeyondCorp and internally developed solutions that Google has since adapted for their clients. These solutions will be discussed in detail in the Cloud OnAir event.</p> <p>Victor goes on to explain the three areas of supply chain security and how they fit into the overall security of online platforms. Software projects are often built using many small pieces of software sourced from third parties, which can create vulnerabilities. The new guidelines will help ensure quality and security at all levels of development for software and its pieces, thus strengthening security at every level of the supply chain. Nikhil and Victor talk about issues that contribute to supply chain security, including the risks that a microservices architecture can introduce and the use of open source software and their dependencies. We hear about Google’s contributions to the supply chain security effort, like OpenSSF that strives to bring the open source community together toward the goal of cyber security. Our guests give listeners tips on starting the supply chain security journey.</p> <p>Join the Cloud OnAir talk to learn more!</p> <h5 id="nikhil-kaul">Nikhil Kaul</h5> <p><a href="https://twitter.com/kaulnikhil">Nikhil</a> leads a team of product marketers focused on driving and building messaging, positioning, and go-to-market strategy for Google Cloud’s DevOps portfolio.</p> <h5 id="victor-szalvay">Victor Szalvay</h5> <p>Victor is an Outbound Product Manager with Google Cloud focused on helping customers get the most from the cloud. Previously he has been a tech entrepreneur and leader, with a concentration on DevOps and app dev team productivity.</p> <h5 id="cool-things-of-the-week">Cool things of the week</h5> <ul> <li>Helping you pick the greenest region for your Google Cloud resources <a href="https://cloud.google.com/blog/topics/sustainability/pick-the-google-cloud-region-with-the-lowest-co2"> blog</a></li> <li>Optimizing your Google Cloud spend with BigQuery and Looker <a href="https://cloud.google.com/blog/topics/developers-practitioners/optimizing-your-google-cloud-spend-bigquery-and-looker"> blog</a></li> </ul> <h5 id="interview">Interview</h5> <ul> <li>Container Security: Building trust in your software supply chain <a href="https://cloudonair.withgoogle.com/events/container-security?utm_source=google&amp;utm_medium=blog&amp;utm_campaign=FY21-Q3-northam-NA1102-onlineevent-er-container_security&amp;utm_content=gc_podcast"> site</a></li> <li>OpenSSF <a href="https://openssf.org">site</a></li> <li>Deps <a href="https://deps.dev">site</a></li> <li>SLSA <a href="https://slsa.dev">site</a></li> <li>Cloud Build <a href="https://cloud.google.com/build">site</a></li> <li>BeyondCorp <a href="https://cloud.google.com/beyondcorp">site</a></li> <li>Binary Authorization for Borg <a href="https://cloud.google.com/security/binary-authorization-for-borg">docs</a></li> <li>GKE Autopilot <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview"> docs</a></li> <li>GCP Podcast Episode 251: BeyondCorp with Kiran Nair and Ameet Jani <a href="https://www.gcppodcast.com/post/episode-251-beyondcorp-with-kiran-nair-and-ameet-jani/"> podcast</a></li> </ul> <h5 id="what-s-something-cool-you-re-working-on">What’s something cool you’re working on?</h5> <p>Bukola is working on the new season of <a href="https://www.youtube.com/watch?v=Q-fzz2P6omQ&amp;list=PLIivdWyY5sqKd-Cu1HZ7v5RiYE8gVsM7P"> Security Command Center</a> set to be released next month!</p>