InfoQ Homepage Cloud Security Content on InfoQ
-
Amazon Launches AWS Secrets Manager to Securely Store, Distribute, and Rotate Credentials
Amazon announced the launch of the AWS Secrets Manager, which makes it easy for customers to store and retrieve secrets using an API or the AWS Command Line Interface (CLI). Furthermore, customers can rotate their credentials with built-in or custom Lambda functions. The AWS Secrets Manager enables users to centralize the management of secrets of distributed services and applications.
-
Chef Enhances Cloud Security Automation in InSpec 2.0
Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.
-
Xen Hypervisor 4.10 Focuses on Security and Better ARM Support
The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, better support for ARM processor hardware updates, and changes to schedulers and the user interface.
-
NIST Publishes Guidelines on Application Container Security
The National Institute of Standards and Technology (NIST) published a bulletin on application container technology and its most notable security challenges. The report is a summary of two previous bulletins outlining vulnerability areas including image, registry, orchestrator, container, host OS, and hardware, and their countermeasures.
-
Amazon GuardDuty: A Zero-Footprint Managed Threat Detection Service for AWS Accounts and Resources
At the AWS re:invent conference, the release of Amazon GuardDuty was announced - a managed threat detection service that continuously monitors for malicious or unauthorised behaviour. The service can be centrally managed, is “zero footprint”, and remediation scripts or AWS Lambda functions can be configured to trigger automatically based on GuardDuty findings.
-
Spotify and Google Release Forseti GCP Security Tools
Google has opened up Forseti Security, a set open source tools for Google Cloud Platform (GCP) security, to all GCP users. The project is the result of a collaborative effort from both Spotify and Google, combining what was originally separate work together into a single toolkit. It aims to automate security processes for developers in order for them to develop more freely.
-
Java EE Security API (JSR-375) Approved
The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.
-
Amazon CloudWatch Events Gains Cross-Account Event Delivery
Amazon Web Services (AWS) recently added cross-account event delivery to Amazon CloudWatch Events to support use cases such as the tracking of events across an entire organization and the handling of events in separate accounts to implement advanced security schemes.
-
Twistlock 2.1 Container Security Suite Released
Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.
-
Apache Metron Graduates to Top-Level Project
Hortonworks and Apache announce graduation of Metron, a realtime big data security platform to top-level project at the ASF.
-
AWS Organizations Offers Centralized Policy-Based Account Management
After a three month preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersede the formerly separate consolidated billing feature.
-
Bitbucket Introduces Required Two-Factor Authentication and IP Whitelisting
Atlassian has announced two new features aimed to make Bitbucket more secure: IP whitelisting and required two-factor verification.
-
Cloudbleed - Cloudflare Proxies Memory Leak
A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy.
-
Google Expands Audit Logging Capability to Majority of Cloud Services
Tracking "who did what" in a self-service public cloud can be challenging. With Google Cloud Audit Logging, Google captures log streams for seventeen services in Google Cloud Platform (GCP) .
-
Running Docker Containers Securely in Production
Hardening Docker containers in production involves a combination of techniques including making them immutable, minimizing the attack surface and applying both standard Linux hardening procedures as well as ones that are specific to a container environment.