InfoQ Homepage Cloud Security Content on InfoQ
-
NSA and CISA Publish Kubernetes Hardening Guidance
The National Security Agency(NSA) in partnership with the Cybersecurity and Infrastructure Security Agency(CISA) recently published the Kubernetes Hardening Guidance, a technical report focused on securing Kubernetes environments. The report identifies the common areas of Kubernetes security risks: supply chain, malicious actors, and insider threats.
-
Cloud Providers Publish Ransomware Mitigation Strategies
In the last few weeks AWS, Azure and Google Cloud have posted articles and documentation with suggestions on ransomware mitigation techniques on the cloud, highlighting the main protections and recovery preparation actions.
-
AWS Introduces Backup Audit Manager for Compliance Requirements
Amazon recently announced the availability of AWS Backup Audit Manager, a new feature of AWS Backup to monitor the compliance status of backups and generate reports to meet business and regulatory requirements.
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
-
AWS Introduces Security Analytics Bootstrap to Perform Security Investigations
AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.
-
Is CVE the Solution for Cloud Vulnerabilities?
At the recent Black Hat USA 2021, security experts from cloud infrastructure company Wiz argued that a CVE database for cloud vulnerabilities is needed, starting a debate in the cloud and cybersecurity communities.
-
Google Releases Its Certificate Authority Service into General Availability
The Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates via automation and managing public key infrastructure (PKI). And last month, Google announced the general availability (GA) of this service.
-
Microsoft Announces Public Preview of Bastion Standard SKU
Azure Bastion is a fully-managed Platform as a Service (PaaS) solution providing customers a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second Stock Keeping-Unit (SKU) called Standard.
-
AWS Key Management Service Introduces Multi-Region Keys
AWS has recently announced the availability of KMS multi-region keys, a new feature for client-side applications that makes encrypted data portable across regions.
-
Bridgecrew's Yor Provides Automated Tagging for Infrastructure as Code
Bridgecrew recently released Yor, their open-source tool for automated infrastructure as code tagging. Yor automatically adds tags to infrastructure configurations which are then applied to the running cloud resources, simplifying connecting the active resources back to the code that created them. Yor currently supports Terraform, CloudFormation, and Serverless.
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
Infosec Teams Expand Use of Security Tools to Address Cloud Complexity, Survey Finds
The Cloud Security Alliance (CSA), a non-profit organization, recently published its findings on the state of cloud security practices which shows accelerating cloud adoption, but a need for more sophisticated security approaches.
-
Infrastructure Vulnerability Scanner Checkov Adds Context Aware Assessments
Bridgecrew has announced the first 2.x version of Checkov. Checkov is an open-source scanner for infrastructure as code (IaC). The 2.0 release includes a re-architected backend that is now graph-based allowing for better processing of multi-resource queries. There has also been an increase in coverage with the addition of nearly 250 new policies.
-
Netflix Open Sources ConsoleMe to Manage Permissions and Access on AWS
Netflix has recently open-sourced ConsoleMe, a AWS multi-account management service, and its CLI utility, Weep. The tools provide a central control plane for permissions management across all of AWS accounts of an organization and help to implement the principle of least privilege.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.