InfoQ Homepage Risk Management Content on InfoQ
-
How to Build a Successful Cloud Capability on a Heavily Regulated Organization
Ana Sirvent, AWS practice lead at KPMG UK, shared her experience at QCon London on how to work with public cloud on heavily regulated organizations. Sirvent explained how to build trust with security, compliance, and client risk teams while delivering quickly and leveraging cloud services.
-
Learnings from Measuring Psychological Safety
Asking people how they feel about taking certain types of risks can give insight into the level of psychological safety and help uncover issues. Discussing the answers can strengthen the level of safety of more mature teams and help less mature teams to understand how they could improve.
-
How to Test Low Code Applications
For low code applications there are technical things you don’t have to test, like the integration with the database and the syntax of a screen. But you still have to test functionally, to check if you’re building the right thing. End-to-end testing and non-functional testing can be very important for low code applications.
-
New Microsoft Defender Products: Threat Intelligence and External Attack Surface Management
Microsoft recently announced two security products: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These new products are driven by their acquisition of RiskIQ just over a year ago.
-
The Future is Knowable before it Happens: an Impossible Thing for Developers
In software development there are always things that we don’t know. We can take time to explore knowable unknowns, to learn them and get up to speed with them. To deal with unknowable unknowns, a solution is to be more experimental and hypothesis-driven in our development. Kevlin Henney gave a keynote about Six Impossible Things at QCon London 2022 and at QCon Plus May 10-20, 2022.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
Google Cloud Introduces Community Security Analytics
Google Cloud recently released Community Security Analytics (CSA), a set of open-sourced queries and rules for security analytics designed to help detect common cloud-based threats.
-
How Security by Design Helped to Manage Risks in a Cloud Migration
When a company migrated to the cloud, security issues arose due to difficulties in getting stakeholders on board and involving security from the start. Embedding security assessments as part of the continuous cloud DevOps process and adopting an agile strategy for security risk management throughout the lifecycle of the project helped to increase the governance of security during the migration.
-
New CodeGuru Reviewer Features Detector Library and Security Detectors for Log-Injection Flaws
Amazon CodeGuru Reviewer is a developer tool that leverages machine learning to detect security defects in code (Java and Python) and offers suggestions for code quality improvement. Recently, AWS introduced two new features for the tool, with a new Detector Library and security detectors for Log-Injection Flaws.
-
Google and GitHub Announce OpenSSF Scorecards v4 with New GitHub Actions Workflow
GitHub and Google have announced the version 4 release of the Open Source Security Foundation (OpenSSF)'s Scorecards project. Scorecards is an automated security tool that identifies risky supply chain practices in open source projects. This release includes a new Scorecards GitHub Action, new security checks, and a large increase in the repositories included in the foundations weekly scans.
-
How to Foster Startup-Like Innovation in Established Companies
Startup founders expect uncertainty and failure as part of their innovation process. Leaders in established companies need to make sure that people take on risks to build the next big thing. Adding small improvements to products in a constant manner will create a compounding effect over time, and will help you build the exact thing your users are looking for.
-
AWS Re-Launches Amazon Inspector with New Architecture and Features
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. It was first launched in 2015, and during the recent re:Invent 2021, AWS re-launched it with brand new architecture and a host of new features such as container-based workloads, integration with Amazon Event Bridge, and Security Hub.
-
Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA
Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
-
Microsoft Releases Azure Attestation into General Availability
Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.
-
Airbnb: Using Guardrails to Identify Changes with Negative Impact across Teams
Airbnb rolled out an internal Experiment Guardrails system to identify potentially negative impacts of changes across different teams. Whenever a proposed change does not pass any of the guardrails, it is escalated for further analysis by affected teams and stakeholders, explains Airbnb data scientist Tatiana Xifara.