Some insights into Temporal's strategy for securing their cloud environment, as well as a call for attention to an unexpected facet of AWS access policies encountered along the way.

Post covering the differences between cloud forensics and forensics in on-premises systems.

An interesting post covering some limitations and use-cases for SCPs and auto-remediation tools.

Github open sourced their Identity and Access Management solution (called "Entitlements"), which uses a Git repository for the source-of-truth, declarative authorizations, and seamless integration with GitHub.com for approvals and audits.

With MongoDB releasing client-side field level encryption with KMIP support, Vault users can now use its KMIP secrets engine to supply the encryption keys. This allows to be in full control of the keys.

This project contains cloud middleware (i.e. agents installed by cloud security providers) used across the major cloud service providers (Azure, AWS and GCP).

A collection of resources, tools and more for penetration testing and securing Microsoft's cloud platform.

A three part blog series exploring attack paths that emerge out of Managed Identity assignments in three Azure services.

Post explaining the limitations of eBPF security enforcement tools and demonstrates bypass techniques with Tetragon.

How to utilize the AWS CloudTrail service to discover other AWS accounts that you could pivot to.

The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms.

A pentest write up describing how it was possible to compromise a hybrid GCP hosted infrastructure using native GCP tools.

Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks.

End-to-end modular samples for Terraform on GCP.

An universal solution for delivering your software updates securely from a trusted The Update Framework (TUF) repository.

kubectl plugin to browse Kubernetes object hierarchies as a tree.

Walkthrough of different techniques that you can use to get more out of AWS Organizations service control policies (SCPs) in a multi-account environment.

Content to help software architects and tech leaders explore new ideas, case studies, and technical approaches to help you support production implementations for large-scale migrations.

How to detect when unintended access has been granted to sensitive data in S3 buckets.

AWS Security Hub now automatically receives AWS Config managed and custom rule evaluation results as security findings.

After a reported vulnerability, Google will soon limit access to GKE-related services and block access from Cloud Run and Cloud Functions.

How to create a dynamic membership group that can contain members of other groups in Azure Active Directory.

One of the most popular options for organizations who want to offer remote work options is virtual desktop infrastructure or VDI. In this blog, get an overview of VDI and learn security best practices.

You can now use Azure Bastion to connect to on-premises resources over ExpressRoute and Site-to-Site VPN.