InfoQ Homepage Compliance Content on InfoQ
-
AWS Open-Sources CloudFormation Compliance Analyzer
AWS has announced the preview release of CloudFormation Guard, an open-source CLI tool to enforce compliance policies against CloudFormation templates. cfn-guard provides a lightweight, declarative syntax for defining rules. It supports lists, wildcards, regex,and declaration of variables, and can work with CloudFormation intrinsic functions.
-
Alcide's New sKan Command Line Tool Scans Kubernetes Deployment Files
Alcide, a Kubernetes security platform, has announced the release of sKan, a command line tool that allows developers, DevOps and Kubernetes application builders access to the Alcide Security Platform. sKan enables developers to scan Kubernetes configuration and deployment files as part of their application development lifecycle including CI pipelines.
-
Compliance and the California Privacy Act - the Empire Strikes Back
On January 1, 2020, the California Privacy Act came into effect. Many companies have not complied with the law, and the long term effects of the legislation are unclear.
-
Enabling Single Tenant Workloads in the Cloud, Microsoft Introduces Azure Dedicated Host
In a recent blog post, Microsoft announced Azure Dedicated Hosts, a service that allows organizations to run Linux and Windows virtual machines on single-tenant physical servers. This service was introduced to address customer compliance and regulatory requirements. Organizations can also take advantage of Azure Hybrid Benefits which allows them to leverage existing software investments.
-
Amazon Releases the Multi-Account Management Service AWS Control Tower to General Availability
Recently, Amazon announced the general availability of AWS Control Tower, a service that automates the process of setting up a new baseline multi-account AWS environment that is secure, and well-architected. With AWS Control Tower, cloud administrators can consistently set-up security and compliance for multi-account AWS environments.
-
A Single Pane of Glass for Compliance and Security with AWS Security Hub GA
Recently, Amazon announced the general availability (GA) of AWS Security Hub, a new security service that provides customers with a central place to manage security and compliance across their AWS environment.
-
Reconciling Kubernetes and PCI DSS for a Modern and Compliant Payment System
Ana Calin, systems engineer at Paybase, gave an experience report at QCon London [slides PDF] on how the end-to-end payments service provider solution managed to achieve PCI DSS level 1 compliance (the highest) with 50+ Node.js microservices running on Google Cloud Kubernetes Engine (GKE), and using Terraform for infrastructure provisioning and Helm for service deployment.
-
AWS Identity and Access Management Gains Tags and Attribute-Based Access Control
Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".
-
XebiaLabs DevOps Platform Provides New Risk and Compliance Capability for Software Releases
XebiaLabs, a provider of DevOps and continuous delivery software tools, has launched new capabilities for custody, security and compliance risk assessment tracking for software releases via their DevOps Platform.
-
Microsoft Announces the General Availability of the Immutable Storage Functionality in Azure Storage
With the immutable storage, feature blobs will be non-erasable and non-modifiable for a specific retention interval. Now Microsoft announced that this new feature is generally available in all public Azure regions after its preview since June of this year.
-
Compliance in an Agile World
Compliance is about making sure that you are doing the right thing and being able to prove it. With agile and frequent deliveries, you need to build compliance into the process of delivery. Making compliance obligation part of the thing that DevOps teams own increases the likelihood of success.
-
AWS Config Gains Cross-Account, Cross-Region Data Aggregation
Amazon Web Services (AWS) recently added the capability to aggregate compliance data produced by AWS Config rules across multiple accounts and/or regions to enable centralized auditing and governance of AWS resources. A new aggregated dashboard view displays non-compliant rules across the organization. Users can then drill down to view details about resources that are violating any rules.
-
Chef Extends OpsWorks Capabilities in AWS
Chef has announced new capabilities to address application lifecycle control concerns in containers in AWS. New functionality includes Chef Automate with integrated compliance and builds on AWS OpsWorks for Chef Automate announced in 2016. OpsWorks for Chef Automate provides a managed Chef server and suite of automation tools.
-
Creating and Enforcing "Policy as Code" with HashiCorp Sentinel
HashiCorp have released Sentinel, an embedded “policy as code” framework that is integrated within the HashiCorp Enterprise products. Sentinel enables “fine-grained, logic-based policy decisions” that can be used to automatically audit and enforce organisational, compliance or security policies when working with Infrastructure as Code and other HashiCorp platform tooling.
-
Q&A With Robert Scherrer: DevOps on the Backbone of the Swiss Financial Center
Starting with a small core team, and a DevOps approach around 5 + 1 dimensions - skills, organization, process, infrastructure, architecture + mindset & attitude - SIX has been transforming how IT and the business work together to break the silos and align themselves along value streams. InfoQ took the opportunity to talk with Robert Scherrer, head of software dev at SIX, about this journey.