Release Date: 07/08/2022 | Issue: 149
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Key Cloud Security Take-Aways from AWS re:Inforce
Listen to Cloud Security Podcast hosts Ashish Rajan & Shilpi Bhattacharjee cover top Cloud Security highlights from AWS re:Inforce. From baking security into the beginning of the development process, to AWS’s Security Guardians program. Learn all about all things AWS Cloud Security, from where cloud security is going, to important points the keynote missed.
The Cloud Security Podcast [powered by Snyk] is a weekly podcast that brings in-depth security knowledge from the best & brightest cloud security experts.
Check it out!

This week's articles

Cloud DNS Security - How to protect DNS in the Cloud   #aws, #defend, #explain, #gcp
For cloud architects interested in learning about deployment, security best practices, and the advantages of a cloud approach for DNS including performance, security, and reliability.

Uncomplicate Security for developers using Reference Architectures   #aws, #defend, #strategy
Post walking through some of the salient features of a meaningful security reference architecture and the process required to develop one, as well as looking at the challenges that one might expect to face.

Exploring the Kubernetes Operator Pattern   #explain, #kubernetes
A nice intro to Kubernetes operators.

Adopting Sigstore Incrementally   #build, #strategy
Post outlining strategies to ease adoption of Sigstore while still using existing signing approaches.

Why you should avoid Sealed Secrets in your GitOps deployment   #build, #containers
Eschew sealed secrets, start your GitOps practice right, and use a managed key service.

Dependency confusion in AWS CodeArtifact   #attack, #aws
At the time of the finding Code Artifact did not have any features to specify which packages were internal and therefore should not be pulled from public repositories.

Setup GitHub Codespaces with AWS IAM Roles Anywhere   #aws, #build, #iam
Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces.

How to secure Kubernetes deployment with signature verification   #build, #defend, #kubernetes
How to set up a solution ensuring nothing runs in your cluster without a signature verification by a known authority and verified by an admission controller.


A Privileged Access Management framework. You can also refer to the companion blog post.

Elastic released 1000+ yara rules and 200+ endpoint behavior rules.

Terralist is a private Terraform registry for providers and modules.

A command line tool to test Azure Policy relying on Terraform + Golang.


The Top 5 Risks of Cloud Native Development
Modern defenses for cloud native development start with recognizing the most common risks, then understanding best practices for developing a strategic plan to protect against them across the full development lifecycle. Get your copy of the latest research from Prisma Cloud by Palo Alto Networks in partnership with TechStrong Research so your organization can mitigate the most critical risks associated with cloud native development. Short on time?
Start with the summary blog post

From the cloud providers

AWS Icon  Welcoming the AWS Customer Incident Response Team
Amazon announced the AWS Customer Incident Response Team (CIRT), a specialized 24/7 global team that provides support to customers during active security events on the customer side of the AWS Shared Responsibility Model.

AWS Icon  New AWS Skill Builder Subscription
Amazon announced the AWS Skill Builder Individual and Team subscriptions. This is a new way to learn about cloud technologies and get practical experience with hands-on training.

AWS Icon  Cloud Audit Academy
Cloud Audit Academy (CAA) is an AWS Security Auditing Learning Path designed for those that are in auditing, risk, and compliance roles and are involved in assessing regulated workloads in the cloud.

AWS Icon  AWS Control Tower adopts AWS CloudTrail Organization logging
AWS Control Tower now includes AWS CloudTrail organization logging as part of landing zone version 3.0. With this new feature, an organization-level AWS CloudTrail trail will be deployed in your organization's management account to automatically log the actions of all member accounts in your organizations.

AWS Icon  Build AWS Config rules using AWS CloudFormation Guard
AWS Config now supports an easier way to author custom AWS Config rules using AWS CloudFormation Guard (cfn-guard). With this release, users with limited programming experience can use Guard to define and review custom policies that check your resources have desired configurations.

GCP Icon  Introducing Cloud Analytics by MITRE Engenuity Center in collaboration with Google Cloud
To better analyze the growing volumes of heterogeneous security data, Google has partnered with MITRE to create the Cloud Analytics project.

GCP Icon  5 must-know security and compliance features in Cloud Logging
These Cloud Logging security and compliance features can help Google Cloud customers meet their regulatory obligations and keep their log data secure.

GCP Icon  How Google Cloud can help stop credential stuffing attacks
By using a layered approach with Google Cloud Armor, customers can limit and often prevent credential stuffing attacks.

Azure Icon  Microsoft announces new solutions for threat intelligence and attack surface management
Microsoft announced the general availability (GA) of Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.

Azure Icon  Track adversaries and improve posture with Microsoft threat intelligence solutions
Microsoft announced two new security products driven by their acquisition of RiskIQ.

Azure Icon  Use KMS etcd encryption in Azure Kubernetes Service (AKS)
You can now use the KMS provider for Azure Key Vault with AKS to encrypt Kubernetes secrets in etcd.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.