InfoQ Homepage Cloud Security Content on InfoQ
-
Google's Network-Based Threat Detection Service Cloud IDS is Now Generally Available
Recently, Google announced the general availability of its Cloud IDS for network-based threat detection. This core network security offering helps detect network-based threats and helps organizations meet compliance standards that call for an intrusion detection system.
-
Amazon CloudFront Supports Configurable CORS and Custom HTTP Response Headers
Amazon CloudFront recently added support for response headers policies, removing the need of custom Lambda@Edge and CloudFront functions to insert response headers. The new feature allows developers to add cross-origin resource sharing (CORS), security, and custom headers to HTTP responses.
-
CNCF Publishes Latest Technology Radar Focused on DevSecOps
CNCF published the sixth edition of the end-user Technology Radar. The theme for this edition was DevSecOps, the integration of security at every step of the software development lifecycle. The radar highlighted there are many DevSecOps tools today and the space is growing and changing rapidly.
-
Dynamic Process Isolation Helps Cloud System to Defend Against Spectre
Dynamic process isolation, a technique developed at Cloudflare to safeguard their systems from Spectre-like attacks, provides effective protection and fully mitigates Spectre attacks between multiple tenants, a Cloudflare-Graz University joint research has recently shown.
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
Armo Releases Kubescape K8s Security Testing Tool: Q&A with VP Jonathan Kaftzan
Armo announced the release of Kubescape last month, a tool for testing if a Kubernetes environment is secure according to the Kubernetes hardening guidance published by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency(CISA).
-
NSA and CISA Publish Kubernetes Hardening Guidance
The National Security Agency(NSA) in partnership with the Cybersecurity and Infrastructure Security Agency(CISA) recently published the Kubernetes Hardening Guidance, a technical report focused on securing Kubernetes environments. The report identifies the common areas of Kubernetes security risks: supply chain, malicious actors, and insider threats.
-
Cloud Providers Publish Ransomware Mitigation Strategies
In the last few weeks AWS, Azure and Google Cloud have posted articles and documentation with suggestions on ransomware mitigation techniques on the cloud, highlighting the main protections and recovery preparation actions.
-
AWS Introduces Backup Audit Manager for Compliance Requirements
Amazon recently announced the availability of AWS Backup Audit Manager, a new feature of AWS Backup to monitor the compliance status of backups and generate reports to meet business and regulatory requirements.
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
-
AWS Introduces Security Analytics Bootstrap to Perform Security Investigations
AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.
-
Is CVE the Solution for Cloud Vulnerabilities?
At the recent Black Hat USA 2021, security experts from cloud infrastructure company Wiz argued that a CVE database for cloud vulnerabilities is needed, starting a debate in the cloud and cybersecurity communities.
-
Google Releases Its Certificate Authority Service into General Availability
The Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates via automation and managing public key infrastructure (PKI). And last month, Google announced the general availability (GA) of this service.
-
Microsoft Announces Public Preview of Bastion Standard SKU
Azure Bastion is a fully-managed Platform as a Service (PaaS) solution providing customers a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second Stock Keeping-Unit (SKU) called Standard.
-
AWS Key Management Service Introduces Multi-Region Keys
AWS has recently announced the availability of KMS multi-region keys, a new feature for client-side applications that makes encrypted data portable across regions.