From the cloud providers
Amazon Detective
Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
AWS IAM Access Analyzer
IAM Access Analyzer mathematically analyzes access control policies attached to resources and determines which resources can be accessed publicly or from other accounts. It continuously monitors all policies for Amazon Simple Storage Service (S3) buckets, IAM roles, AWS Key Management Service (KMS) keys, AWS Lambda functions, and Amazon Simple Queue Service (SQS) queues. With IAM Access Analyzer, you have visibility into the aggregate impact of your access controls, so you can be confident your resources are protected from unintended access from outside of your account.
Introducing EC2 Image Builder
AWS announced the availability of EC2 Image Builder, a service that makes it easier and faster to build and maintain secure images. Image Builder simplifies the creation, patching, testing, distribution, and sharing of Linux or Windows Server images.
Help secure software supply chains on Google Kubernetes Engine
This article shows how to ensure that your software supply chain follows a known and secure path before your code is deployed in a Google Kubernetes Engine (GKE) cluster. The article reviews how binary authorization works, then explains how to best implement and use it with GCP to ensure that your deployment pipeline can provide the most information possible to help you enforce approvals at each of your required stages.
Google Groups for GKE
Previously, you could only grant roles to GCP user accounts or Cloud IAM service accounts. Google Groups for GKE (Beta) allows you to grant roles to the members of a GSuite Google Group. With this mechanism, the users and groups themselves are maintained by GSuite administrators, completely outside of Kubernetes or GCP Console, so cluster administrators do not need detailed information about your users. Another benefit is integration with your existing user account management practices, such as revoking access when someone leaves your organization.
|