This workshop takes you through some of the best practices and available AWS services and features for creating a boundary around your resources in AWS.

This workshop explores how to codify a set of rules that make up a policy, use a DevSecOps workflow to quickly address policy issues, and redeploy a policy compliant workload.

How IAM and Kubernetes work together allowing you to call AWS services from your pods with no hussle.

How Azure API Permissions can be abused to escalate to Global Admin.

Sloop monitors Kubernetes, recording histories of events and resource state changes, and providing visualizations to aid in debugging past events.

A new Terraform module that allows you to provision and customize AWS accounts through Terraform using a deployment pipeline.

You can now use AWS Control Tower to deploy data residency preventive and detective controls, referred to as guardrails. These guardrails will prevent provisioning resources in unwanted AWS Regions by restricting access to AWS APIs through service control policies (SCPs) built and managed by AWS Control Tower.

The new Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

AWS announced the public preview of AWS Backup for Amazon S3. You can now create a single policy in AWS Backup to automate the protection of application data stored in S3.

Amazon S3 introduces a new S3 Object Ownership setting that disables access control lists (ACLs), simplifying access management for data stored in S3.

AWS announced a new set of capabilities automatically mitigates malicious web traffic that threatens to impact application availability.

The new Amazon VPC Network Access Analyzer helps you identify network configurations that lead to unintended network access.

Amazon VPC IP Address Manager (IPAM) is a new feature that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. With IPAM's automated workflows, network administrators can more efficiently manage IP addresses.

You can now provide one-click login access to Amazon EC2 Windows instances using identities from AWS SSO, or AWS SSO supported identity providers such as Okta, Ping & OneLogin.

In the Autonomic Security Operations - 10X Transformation of the Security Operations Center paper, Google outlined their approach to modernizing Security Operations.

The security foundations blueprint automation repo contains Terraform code that implements the best practices discussed in the security foundations guide.

Azure Monitor logs is announcing a new capability to collect audit logs about query execution.

Disable local accounts for AKS cluster and use AAD only for more secure cluster access.

Microsoft announced the public preview of a Microsoft managed service that lets you use AKV as secrets management solution for Azure Arc enabled Kubernetes cluster.

Microsoft announced the public preview of Microsoft Azure Active Directory (Azure AD) custom security attributes and user attributes in ABAC (Attribute Based Access Control).