#aws, #defend, #explain, #gcp

For cloud architects interested in learning about deployment, security best practices, and the advantages of a cloud approach for DNS including performance, security, and reliability.

#aws, #defend, #strategy

Post walking through some of the salient features of a meaningful security reference architecture and the process required to develop one, as well as looking at the challenges that one might expect to face.

#explain, #kubernetes

A nice intro to Kubernetes operators.

#build, #strategy

Post outlining strategies to ease adoption of Sigstore while still using existing signing approaches.

#build, #containers

Eschew sealed secrets, start your GitOps practice right, and use a managed key service.

#attack, #aws

At the time of the finding Code Artifact did not have any features to specify which packages were internal and therefore should not be pulled from public repositories.

#aws, #build, #iam

Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces.

#build, #defend, #kubernetes

How to set up a solution ensuring nothing runs in your cluster without a signature verification by a known authority and verified by an admission controller.

A Privileged Access Management framework. You can also refer to the companion blog post.

Elastic released 1000+ yara rules and 200+ endpoint behavior rules.

Terralist is a private Terraform registry for providers and modules.

A command line tool to test Azure Policy relying on Terraform + Golang.

Amazon announced the AWS Customer Incident Response Team (CIRT), a specialized 24/7 global team that provides support to customers during active security events on the customer side of the AWS Shared Responsibility Model.

Amazon announced the AWS Skill Builder Individual and Team subscriptions. This is a new way to learn about cloud technologies and get practical experience with hands-on training.

Cloud Audit Academy (CAA) is an AWS Security Auditing Learning Path designed for those that are in auditing, risk, and compliance roles and are involved in assessing regulated workloads in the cloud.

AWS Control Tower now includes AWS CloudTrail organization logging as part of landing zone version 3.0. With this new feature, an organization-level AWS CloudTrail trail will be deployed in your organization's management account to automatically log the actions of all member accounts in your organizations.

AWS Config now supports an easier way to author custom AWS Config rules using AWS CloudFormation Guard (cfn-guard). With this release, users with limited programming experience can use Guard to define and review custom policies that check your resources have desired configurations.

To better analyze the growing volumes of heterogeneous security data, Google has partnered with MITRE to create the Cloud Analytics project.

These Cloud Logging security and compliance features can help Google Cloud customers meet their regulatory obligations and keep their log data secure.

By using a layered approach with Google Cloud Armor, customers can limit and often prevent credential stuffing attacks.

Microsoft announced the general availability (GA) of Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.

Microsoft announced two new security products driven by their acquisition of RiskIQ.

You can now use the KMS provider for Azure Key Vault with AKS to encrypt Kubernetes secrets in etcd.