InfoQ Homepage Cloud Security Content on InfoQ
-
AWS Launches Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS KMS
Recently AWS launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.
-
GitHub Push Protection Moved to General Availability
GitHub has moved push protection into general availability and made it free for all public repositories. Push protection helps detect secrets in code as changes are pushed. As part of the GA release, push protection is also available to all private repositories with a GitHub Advanced Security (GHAS) license.
-
Amazon Security Lake for Centralized Security Data Management Now GA
AWS recently announced the general availability of Security Lake, a managed service to automate the sourcing, aggregation, normalization, and data management of security data. The new service centralizes data from AWS environments, SaaS providers, on-premises, and cloud sources into a data lake stored in an AWS account.
-
AWS Announces the General Availability of Private Access to the Management Console
AWS recently announced the general availability (GA) of private access to the AWS management console. Private access is a new security feature that allows customers to limit access to the AWS Management Console from their Virtual Private Cloud (VPC) or connected networks to a set of trusted AWS accounts and organizations.
-
AWS Verified Access Now GA with Support for WAF and Signed Identity Context
AWS recently announced the general availability of Verified Access, a managed service that provides secure access to corporate applications without relying on a VPN. With the GA, the cloud provider introduced support for AWS WAF and the ability to pass signed identity context to end applications.
-
How to Build a Successful Cloud Capability on a Heavily Regulated Organization
Ana Sirvent, AWS practice lead at KPMG UK, shared her experience at QCon London on how to work with public cloud on heavily regulated organizations. Sirvent explained how to build trust with security, compliance, and client risk teams while delivering quickly and leveraging cloud services.
-
Google Announces Machine Learning Powered API Abuse Detection
Google recently announced an API abuse detection dashboard powered by machine learning algorithms.
-
Google Introduces Digital Sovereignty Explorer for European Organizations
Google Cloud recently released the Digital Sovereignty Explorer, a free online and interactive tool to determine a digital sovereignty strategy on the cloud using a multiple-choice format. The tool currently focuses on European organizations and deployments.
-
Amazon VPC Lattice Now GA with New Capabilities for Service-to-Service Connectivity
Announced in preview at the latest re:Invent conference, Amazon VPC Lattice is now generally available, with new capabilities for service-to-service connectivity, security, and monitoring. The pricing model raised some concerns in the community.
-
Amazon GuardDuty Adds EKS Runtime Monitoring and RDS Protection
Amazon GuardDuty added Amazon EKS Runtime Monitoring and RDS Protection for Amazon Aurora. EKS Runtime Monitoring can detect runtime threats from over 30 different security findings. RDS Protection adds support for profiling and monitoring access activity to Aurora databases.
-
Amazon OpenSearch Service Introduces Security Analytics
Amazon recently announced the general availability of security analytics for OpenSearch Service. The new capability of the successor of ElasticSearch Service provides threat monitoring, detection, and alerting features to help manage security threats.
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller, chief information security officer of EpiqGlobal, presented at QCon London about the lessons learned from three major open-source security events, the Equifax breach via Struts, the Log4j vulnerabilities, and the Spring4Shell exploit.
-
Survey on Supply Chain Practices Finds Perceived Usefulness of Practice Correlates with Adoption
A recent survey on supply chain security practices found that some practices are widely adopted but key practices are lagging behind. Key practices, such as generating provenance, were noted for lagging behind in adoption. The survey also found that the perceived usefulness of a practice is highly correlated with the adoption of that practice.
-
Microsoft Adds Support for Pod Sandboxing to Azure Kubernetes Service
Microsoft has released, in preview, support for pod sandboxing in the Azure Kubernetes Service (AKS). Available within all Azure regions for a subset of Azure VM sizes, pod sandboxing provides an isolation boundary between the container application and the shared kernel and compute resources of the container host.
-
AWS Introduces Global Condition Context Keys to Improve EC2 Security
AWS recently introduced global condition context keys to restrict the usage of EC2 instance credentials to the instance itself. The new keys allow the creation of policies that can limit the use of role credentials to only the location from where they originated, reducing the risk of credential exfiltration.