InfoQ Homepage Cloud Security Content on InfoQ
-
SBOM Quality and Availability Varies Greatly across Projects
A recent assessment of the quality and availability of SBOMs in open-source repositories found the availability and implementation to vary widely. The OpenSSF's Open Source Software Security Mobilization Plan has a dedicated stream to improving the availability, generation, and consumption of SBOMs.
-
Report Finds Heavy Use of Open-Source Solutions for Kubernetes Security
A recent survey by Armo on the use of security software solutions with Kubernetes found that over half of respondents leverage open-source tooling. Companies using open-source tooling use on average 3.6 different tools. These open-source tools were predominately used for service mesh, network policy and micro-segmentation, and misconfiguration scanning.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
AWS Announces Upcoming Security Changes in April 2023 for Amazon S3
Recently AWS announced it would make two changes to Amazon Simple Storage Service (Amazon S3): all buckets in a region will have S3 Block Public Access enabled and access control lists (ACLs) disabled by default. These changes will take effect in April 2023 and will be rolled out by the company in all AWS regions within weeks.
-
AWS Key Management Service Now Supports External Key Stores
AWS recently announced the availability of AWS Key Management Service (AWS KMS) External Key Store (XKS), allowing organizations to store and manage their encryption keys outside the AWS KMS service.
-
GitLab Releases Single-Tenant SaaS Offering for Strict Security and Compliance
GitLab has released a new product - GitLab Dedicated - for customers in industries with strict security and compliance requirements wishing to move their DevOps software solutions from on-premise to the cloud.
-
AWS Announces Clean Rooms for Secure Collaboration with Analytics Data
During the recent re:Invent conference, AWS announced the preview of Clean Rooms for analytics data. The new service provides safe environments where multiple customers can securely share and analyze data with control of how the data is used, reducing the risk of sharing personal data.
-
AWS Announces Preview Release of Amazon Security Lake
At re:Invent, AWS announced the preview release of Amazon Security Lake. This managed service automatically centralizes an organization’s security data from the cloud and on-premises sources into a purpose-built data lake stored in their account.
-
Critical Vulnerability in VM2 Sandbox Found Affecting Spotify Portal Platform Backstage
Spotify Backstage, an open-source platform used to build developer portals and in use at a number of large companies, has been found vulnerable to a critical remote code execution vulnerability. Confirming that most vulnerabilities are found in indirect dependencies, the Backstage vulnerability is enabled by another vulnerability found in its JavaScript VM2 sandbox dependency.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.
-
HashiCorp's Boundary Now Generally Available on HCP
Following a successful beta trial, HashiCorp has announced the general availability of Boundary on their cloud platform HCP. This adds a key new aspect to HashiCorp's managed solution for zero-trust security.
-
OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched
Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification.
-
AWS Adds Container Lens to Well-Architected Framework
AWS has added a new container lens to its Well-Architected Framework. This new technical paper outlines best practices sourced from the community, AWS partners, and AWS's internal container technology specialists. These best practices provide guidance for running high-performance, reliable, and secure container workloads. The paper also includes reference architectures for a few common use cases.
-
AWS Introduces AWS Parameters and Secrets Lambda Extension to Improve Performances and Security
AWS recently announced the Parameters and Secrets Lambda Extension, a new way for developers to retrieve parameters from Systems Manager Parameter Store and secrets from Secrets Manager. The Lambda extension caches parameters and secrets, reducing latency and costs.
-
Orca Security Report Finds Critical Assets Vulnerable within Three Steps
A report from Orca Security found security gaps within the assessed cloud environments. These include unencrypted sensitive data, S3 buckets with public READ access, root accounts without multi-factor authentication enabled, and publically accessible Kubernetes API servers. In addition, they found that the average attack path only requires three steps to reach business-critical data or assets.