Amazon Launches AWS Secrets Manager to Securely Store, Distribute, and Rotate Credentials
Amazon announced the launch of the AWS Secrets Manager, which makes it easy for customers to store and retrieve secrets using an API or the AWS Command Line Interface (CLI). Furthermore, customers can rotate their credentials with built-in or custom Lambda functions. The AWS Secrets Manager enables users to centralize the management of secrets of distributed services and applications.
Chef Enhances Cloud Security Automation in InSpec 2.0
Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.
Intel Joins the Race for Quantum Supremacy with a 49-Qubit Chip
At CES 2018, Intel CEO Brian Krzanich announced Intel successfully built a 49-qubit chip, which aims to allow researchers to improve error correction techniques and simulate computational problems.
Intel Found That Spectre and Meltdown Fix Has a Performance Hit of 0-21%
Microsoft, Red Hat and Intel have published their performance evaluation of the impact Meltdown and Spectre mitigation has on various systems.
Xen Hypervisor 4.10 Focuses on Security and Better ARM Support
The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, better support for ARM processor hardware updates, and changes to schedulers and the user interface.
Chef Extends OpsWorks Capabilities in AWS
Chef has announced new capabilities to address application lifecycle control concerns in containers in AWS. New functionality includes Chef Automate with integrated compliance and builds on AWS OpsWorks for Chef Automate announced in 2016. OpsWorks for Chef Automate provides a managed Chef server and suite of automation tools.
NIST Publishes Guidelines on Application Container Security
The National Institute of Standards and Technology (NIST) published a bulletin on application container technology and its most notable security challenges. The report is a summary of two previous bulletins outlining vulnerability areas including image, registry, orchestrator, container, host OS, and hardware, and their countermeasures.
Amazon GuardDuty: A Zero-Footprint Managed Threat Detection Service for AWS Accounts and Resources
At the AWS re:invent conference, the release of Amazon GuardDuty was announced - a managed threat detection service that continuously monitors for malicious or unauthorised behaviour. The service can be centrally managed, is “zero footprint”, and remediation scripts or AWS Lambda functions can be configured to trigger automatically based on GuardDuty findings.
Creating and Enforcing "Policy as Code" with HashiCorp Sentinel
HashiCorp have released Sentinel, an embedded “policy as code” framework that is integrated within the HashiCorp Enterprise products. Sentinel enables “fine-grained, logic-based policy decisions” that can be used to automatically audit and enforce organisational, compliance or security policies when working with Infrastructure as Code and other HashiCorp platform tooling.
Spotify and Google Release Forseti GCP Security Tools
Google has opened up Forseti Security, a set open source tools for Google Cloud Platform (GCP) security, to all GCP users. The project is the result of a collaborative effort from both Spotify and Google, combining what was originally separate work together into a single toolkit. It aims to automate security processes for developers in order for them to develop more freely.
Java EE Security API (JSR-375) Approved
The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.
Microsoft Announces Coco Framework for Enterprise Blockchain Networks
In a recent blog post, Microsoft announced a new open framework, called Coco, which targets enterprise consortium networks. The framework sits on top of existing blockchain platforms, such as Ethereum, and focuses on improving network throughput, adding new confidentiality models, network policy management and support for non-deterministic transactions.
Amazon CloudWatch Events Gains Cross-Account Event Delivery
Amazon Web Services (AWS) recently added cross-account event delivery to Amazon CloudWatch Events to support use cases such as the tracking of events across an entire organization and the handling of events in separate accounts to implement advanced security schemes.
Twistlock 2.1 Container Security Suite Released
Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.
Q&A With Robert Scherrer: DevOps on the Backbone of the Swiss Financial Center
Starting with a small core team, and a DevOps approach around 5 + 1 dimensions - skills, organization, process, infrastructure, architecture + mindset & attitude - SIX has been transforming how IT and the business work together to break the silos and align themselves along value streams. InfoQ took the opportunity to talk with Robert Scherrer, head of software dev at SIX, about this journey.
