InfoQ Homepage Cloud Security Content on InfoQ
-
Policy Enforcement on Kubernetes with Open Policy Agent
Aleks Saul and Jaime Gonzalez Aguilar introduce Rego, the language used to describe OPA policies, recent updates to OPA, and break down sample policies for common use cases.
-
Security and Compliance Theater - The Seventh Deadly Disease
John Willis describes the “Seven Deadly Diseases of DevOps” with a focus on the most costly of them all - Security and Compliance Theater.
-
The Common Pitfalls of Cloud Native Software Supply Chains
Daniel Shapira talks about some of the common security vulnerabilities found in cloud-native environments and why it’s important to take security measures immediately to protect instances in the cloud
-
Mind the Software Gap: How We Can Operationalize Privacy & Compliance
Jean Yang talks about some of the ways GDPR and CCPA can influence software, but also about practical solutions to protecting data privacy and security.
-
Beyond Entitlements for Cloud-native
Chandra Guntur and Hong Liu show how they use Open Policy Agent with Spring Boot and HOCON to produce a responsibility management solution that scales to volume and performance needs.
-
A Continuation of Devops: Policy as Code
Gareth Rushgrove looks at examples of tools that move security controls into code and explores how policy as code can work at the team level.
-
A Journey into Intel’s SGX
Jessie Frazelle discusses Intel's SGX technology. Frazelle also covers an overview of computer architecture, detailing one hardware version, its flaws and changes to come in a future version.
-
Intel's Cloud-Native Transformation
Liel Chayoun and Roi Ezra discuss Intel’s transition to cloud-native and microservices.
-
Building a Cloud-Native Compliance Culture
CeeCee O'Connor, Chuck D'Antonio discuss building a compliance engine with Concourse, keeping their teams focused on their application code and minimizing the effort they put into compliance.
-
Introduction to Compliance Driven Development (CDD) and Security Centric System Design
Dmitry Didovicher introduces CDD and discusses how they used Pivotal and Compliance Automation technologies to receive a certification to run PostgreSQL-As-A-Service.
-
Towards Memory Safety in Intel SGX Enclave
Yu Ding discusses Rust SGX SDK which combines Intel SGX together with Rust. Developers could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.
-
Building Reliability in an Unreliable World
Greg Murphy describes how GameSparks has designed their platform to be tolerant of many things: unreliable and slow internet connectivity, cloud resources that can fail without warning, and more.
