Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

Many people deceive themselves when moving systems to the cloud, thinking the same precautions used for an on-premises system can be used in the cloud.

Neil Carpenter from Orca Security dispels that notion right out of the box. He details that when a system is moved to the cloud, it operates under a shared responsibility model. While the Cloud Service Provider may be able to serve a solid infrastructure, that does not mean the applications and data are protected as well.

Further, the popularity of virtual systems means that workloads can spin up and down rapidly. This means a one-time scan is just that: a photograph of a moment; only continuous monitoring can provide the reassurance that federal systems managers demand.

While we know that cloud systems can scale rapidly, many do not understand that scaling also widens the attack surface. Michael Hylton from Orca Security recommends investing in a system that can provide continuous scanning in a dynamic environment.

How is this accomplished? During the interview, Neil Carpenter defines agent vs. agent-less systems. When Orca Security established an agent-less system, it allows them to scan, speeding deployment and reducing the risk of coverage gaps.