We’re discussing security operations on the podcast this week with your hosts Priyanka Vergadia and Mark Mirchandani. They’re joined by Elliott Abraham and Jason Bisson who start the interview explaining that they created the CLAM framework to help customers use Google Cloud security features to their fullest potential to create safe projects and relaxed clients.

The CLAM (Cloud Logging Alerting and Monitoring) framework came about specifically to help customers transition products to, and run products securely in, the cloud. Using the Mitre GCP Matrix, the security team addressed each element with GCP product solutions, from initial access to persistence and beyond. CLAM is GCP specific, taking into account the default security measures GCP already provides and supplementing these measures with appropriate procedures for each client. Once the framework is in place and things are secure, clients can build on that with operational controls, such as SRE best practices.

Elliott explains the shared security model and how clients can shift more of the security responsibility to the cloud service provider by employing more managed services. Jason tells us about VPC Service Controls and how they allow clients to set specific security rules such as from where data can be accessed. They go on to describe the GCP Security Command Center and the tools available there.

We wrap up the interview with some tips from our guests, including what to do if you are compromised.