InfoQ Homepage Cloud Security Content on InfoQ
-
Amazon Releases the Multi-Account Management Service AWS Control Tower to General Availability
Recently, Amazon announced the general availability of AWS Control Tower, a service that automates the process of setting up a new baseline multi-account AWS environment that is secure, and well-architected. With AWS Control Tower, cloud administrators can consistently set-up security and compliance for multi-account AWS environments.
-
Benefits of Microsoft’s New Versions of Azure Application Gateway and the Web Application Firewall
In a recent blog post, Microsoft discusses the benefits of the generally available releases of Azure Application Gateway V2 Standard SKU and Web Application Firewall (WAF) V2 SKU's. Microsoft fully supports them with a 99.95% SLA, significant improvements and capabilities.
-
Open Policy Agent Accepted as CNCF Incubation Level Project
The Cloud Native Computing Foundation (CNCF) accepted the Open Policy Agent (OPA) as an incubation-level hosted project on April 2nd. OPA is an open source, general-purpose policy engine. OPA targets cloud-based enterprise technology companies with a solution that offloads service level policy management to a unified, context-aware policy management solution.
-
Microsoft Introduces Azure Front Door, a Scalable Service for Protecting Web Applications
In a recent blog post, Microsoft introduced the general availability (GA) of Azure Front Door (AFD), a scalable and secure entry point for web applications. The underlying technology in Azure Front Door, has been in place inside of Microsoft for the past five years where it has enabled scaling and protection for many popular Microsoft services including Office 365, Xbox, and Microsoft Teams.
-
Google's New Cloud Security Services for Better Threat Detection and Protection in Enterprises
Google announced three new services for better threat detection and protection in enterprises: Web Risk API, Cloud Armor, and Cloud HSM. All these security services will offer Google Cloud Platform (GCP) customers advanced security functionalities.
-
Making Security More Intelligent, Microsoft Releases Azure Sentinel
In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers and switches.
-
Tomcat and Kafka Selected for EU Bug Bounty Programme
The European Union recently launched a bug bounty program for critical infrastructure projects, offering financial compensation to anyone who finds and reports a new security flaw. The bug bounty is offered as part of FOSSA, the “Free and Open Source Software Audit” project. The FOSSA list includes two notable Java projects: Apache Tomcat and Kafka.
-
RunC Bug Enables Malicious Containers to Gain Root Access on Hosts
Security researchers have discovered a critical bug in runC - a lightweight CLI tool for spawning containers according to the OCI specification - which allows the attackers to escape the container and gain administrative privileges on the host, rendering it vulnerable.
-
Amazon Adds Three New Threat Detections to Its GuardDuty Service in AWS
Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection.
-
Q&A on Cloud Discovery Tool for Multi-Cloud Environments
Cloud Discovery is an open-source tool from Twistlock that connects to cloud providers and gets an inventory of all the various infrastructure resources deployed. Cloud Discovery gathers and reports resources metadata in an aggregated way. Furthermore, application security holes can be identified when there’s more visibility across environments, such as which resources are missing a firewall rule.
-
AWS Identity and Access Management Gains Tags and Attribute-Based Access Control
Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".
-
Google Releases New Security Features for Compute Engine: Resource-Level IAM and IAM Conditions
Google announced two new Cloud Identity and Access Management (IAM) features to help customers manage their security and access control in the Google Compute Engine better. These features are the resource-level IAM to set policies on individual resources, and IAM conditions to grant access based on predefined conditions.
-
Azure Virtual WAN and Azure Firewall Now in Public Preview
With Azure Virtual WAN and Azure Firewall, Microsoft will provide two new services to help customers modernise their network. The Azure Virtual WAN service will simplify large-scale branch connectivity, while with the Azure Firewall enterprises can enforce their security policies in the cloud. Both services are currently in public preview.
-
OpenID Loses Major Proponent, StackOverflow
OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.
-
Amazon Launches a New Cloud Security Service: AWS Firewall Manager
Amazon has launched a new service called AWS Firewall Manager, providing AWS customers a way to configure AWS Web Application Firewall rules across multiple accounts centrally. The AWS Firewall Manager is a part of Amazon’s recent launch of several services for security and compliance.