Release Date: 02/10/2022 | Issue: 157
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

State of Cloud Security Report 2022
Cloud computing has transformed the IT landscape and enabled organizations to innovate faster than in the data center. But the complexity of cloud environments is creating new challenges - is your team prepared?
41% of the 400 cloud security and engineering professionals surveyed by Snyk say cloud native services increase complexity. Yet, nearly half of the organizations find that deployment is faster with improved cloud security. Surprising?
Read the full 2022 State of Cloud Security report to learn more, and see how millions of developers are building securely with Snyk.

This week's articles

Best practices on rolling out code scanning at enterprise scale   #build, #ci/cd
Some best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.

26 AWS Security Best Practices to Adopt in Production   #aws, #defend, #explain
There are many things you must set up if you want your solution to be operative, secure, reliable, performant, and cost effective. And, first things first, the best time to do that is now - right from the beginning, before you start to design and engineer.

Vulnerability Scanning at Palantir   #strategy
Effective vulnerability management is a cornerstone of any security program. This post explains how Palantir streamlines and automates vulnerability remediation efforts.

Our Application Security Journey   #containers, #strategy
A 2 part series on the state of Application Security at Wise, describing their integration of security in the Software Development Lifecycle (part 1, part 2).

Executive Order on Secure Supply Chain - in Plain English   #explain, #supply-chain
You may have heard about EO 14028, the "Executive Order on Improving the Nation's Cybersecurity", which mandates the establishment of minimum supply chain security standards for all software consumed by the US government. This post tries to lay it out in plain English and share steps to help you get ready to meet the timelines.

Introducing workerd: the Open Source Workers runtime   #announcement, #cloudflare, #containers
workerd is the JavaScript/Wasm runtime code that powers Cloudflare Workers, now open source under the Apache 2.0 license.

Kubernetes Multi-tenancy   #explain, #kubernetes
An overview of available configuration options and best practices for cluster multi-tenancy.

Vulnerable GitHub Actions Workflows: Privilege Escalation Inside Your CI/CD Pipeline   #attack, #ci/cd
Post walking through the risks of using the workflow_run GitHub trigger, with concrete examples.

Using Kyverno To Enforce AWS Load Balancer Annotations For Centralized Logging To S3   #aws, #build
Post covering the steps to take in order to use Kyverno to automatically configure the annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket.

Run a Tailscale VPN relay on ECS/Fargate   #aws, #build
A step by step tutorial on how to run Tailscale in ECS.


Chainguard Images
Chainguard Images is a collection of container images designed for minimalism and security.

Badrobot is a Kubernetes Operator audit tool. It statically analyses manifests for high risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.

View a GCP project's API/service endpoint configurations.

Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW.


Pod Security Standards
A short primer on Kubernetes Pod Security Standards.

From the cloud providers

AWS Icon  Best practices for setting up Amazon Macie with AWS Organizations
Some best practices to implement before you enable Amazon Macie across all of your AWS accounts within AWS Organizations.

AWS Icon  How to automatically build forensic kernel modules for Amazon Linux EC2 instances
Post walking through the EC2 forensic module factory solution to deploy automation to build forensic kernel modules that are required for EC2 incident response automation.

GCP Icon  View policy enforcement metrics for ACM Policy Controller
Policy Controller enables the enforcement of programmable policies for Anthos clusters. It is now easier to export and visualize these metrics.

GCP Icon  Introducing Cloud Logging's Log Analytics powered by Big Query
Announcing Log Analytics, a new set of features in Cloud Logging, powered by BigQuery that allows you to gain even more insights from your logs.

GCP Icon  Google Cloud Deploy adds Cloud Run and deployment verification support
In the latest release, Google Cloud Deploy add supports for Cloud Run deployment and deployment verification in Preview.

GCP Icon  Best Kept Security Secrets: Harness the power of Organization Policy Service
Organization Policy Service is a powerful tool for creating broad security guardrails in the cloud. Learn more about how this Best Kept Security Secret works.

Azure Icon  Forensic artifacts in Office 365 and where to find them
Post providing some explanations and tips for investigators so to be able to easily understand, in any situation, what data is available, and in which portal.

Azure Icon  Introducing the Microsoft Defender for Office 365 Security Operations Guide
Microsoft announced the release of the Microsoft Defender for Office 365 Security Operations Guide, which gives an overview of the requirements and tasks for successfully operating Microsoft Defender for Office 365.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.