In April 2021, an attack vector was discovered that could allow a malicious Pull Request to a Github repository to gain access to Teleport's production environment. Open source companies, or anyone else who accepts external contributions, are especially vulnerable to this.

A great benefit of building Lambda-based applications is that the security best practice of least privilege can be applied at a very granular level, the individual Lambda function.

An interesting article describing how SAP Artificial Intelligence implements GitOps in their large-scale project spanning multiple environments.

Even as a user and somewhat of a fan of the Azure technology, it is proving increasing difficult to recommend.

Post exploring a Go-based application deployed to Kubernetes using Amazon EKS. The microservices that comprise the application communicate asynchronously by producing and consuming events from Amazon Managed Streaming for Apache Kafka (Amazon MSK).

Connaisseur is a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster. Version 2.0 adds support for multiple keys and signature solutions.

How to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds.

An overview of modern data protection and encryption methods, their tradeoffs, and how to achieve them with HashiCorp Vault.

A new provider for Terraform, built around the AWS Cloud Control API, is designed to bring new services to Terraform faster.

Interactive Terraform visualization. State and configuration explorer.

A CoreDNS plugin to resolve all types of external Kubernetes resources.

A command line tool that takes a CloudFormation template, parses the IAM policies attached to IAM roles, users, groups, and resources then runs them through IAM Access Analyzer validation checks.

AWS Organization Formation is an Infrastructure as Code (IaC) tool for AWS Organizations.

Benefits of using a multi-account strategy for a digital bank and the important factors a digital bank should look at while defining an AWS account structure.

Amazon announced the availability of AWS Cloud Control API, a set of common application programming interfaces (APIs) that are designed to make it easy for developers to manage their AWS and third-party services.

Amazon launched a new capability making it easier for you to manage the alternate contacts (billing, operations, and security) on your member accounts managed in AWS Organizations. You can now programmatically manage your account alternate contact information in addition to managing this with the AWS Management Console.

A solution that can be used to customize the configuration and deployment of the PCI DSS standard compliance standard using AWS Security Hub across multiple AWS accounts and AWS Regions managed by AWS Organizations.

AWS Security Hub has released 18 new controls for its Foundational Security Best Practice standard to enhance customers' cloud security posture monitoring. These controls conduct fully-automatic checks against security best practices for API Gateway, EC2, ECS, Elastic Load Balancing, Elasticsearch, RDS, Redshift, and SQS.

Encryption enhancements include Cloud Key Management performance improvements and support for customer-managed encryption keys (CMEK) for object composition.

Google introduced a new module within Firewall Insights called "Overly Permissive Firewall Rule Insights", which allows customers to rely on GCP to automatically analyze massive amounts of firewall logs and generate easy-to-understand insights and recommendations to help them optimize their firewall configurations and improve their network security posture.

Use delegated role grants to implement fine-grained control over which services users are allowed to use in GCP.

Microsoft announced the General availability (GA) of Azure Sentinel Threat Intelligence in Public cloud and Azure Government cloud.

How to automatically deploy a research lab environment with Azure Sentinel , a few Linux virtual machines and the Microsoft Audit Collection Tool (AUOMS) set up to understand the underlying behavior of the exploitation of the OMI vulnerability.

Microsoft announced that Azure Purview is generally available. Every organization can now build a unified data governance solution to maximize the value of their data in the cloud.