If you break down your cloud program into three core functions (development, security, and finance), you can see how each manages an aspect of your cloud: cost, risk and agility.

This piece explains DOMA (Domain-Oriented Microservice Architecture), the concerns that led to the adoption of this architecture for Uber, its benefits for platform and product teams, and some advice for teams who want to adopt this architecture.

In-depth post from the BanzaiCloud team discussing Istio's access control model, AuthorizationPolicies.

How to do a full deployment of Pod Security Policies from Square, with everything locked down and how to grant exceptions.

An in-depth look at the security of Cloudflare Workers.

Interesting behind the scenes in the Expel SOC, as they went from alert-to-fix in AWS.

Third and last post in a series about container breakouts, which shows container breakout techniques that can be performed if a container is started with a mounted Docker socket.

Detailed blog post on how to create and interact with custom CRDs.

Post discussing how automated policy enforcement using OPA can help secure any kind of infrastructures, including Red Team Architectures.

HashiCorp announced new Custom Workspace Permissions for Terraform Cloud. Terraform Cloud Organization owners can now specify custom permissions for each workspace using a newly designed UI.

Someone managed to figure a way out to make CloudWatch Alarms not confusing by ignoring the AWS Documentation and describing it in their own words.

A walkthrough on how to integrate an OpenID Connect provider (Auth0) with Azure Functions.

A collection of SCPs that you can use to protect all accounts under your Organization.

This project explores useful CloudTrail events that support incident response and detection of misconfigurations.

The AKS Checklist is a (tentatively) exhaustive list of all elements you need to think of when preparing a cluster for production. It is based on all common best practices agreed around Kubernetes or documented in the AKS Best Practices from Microsoft.

Stash is a cloud native data backup and recovery solution for Kubernetes workloads.

AWS Security Hub has released 7 new automated security controls for the AWS Foundational Security Best Practices standard and 12 new controls for PCI DSS.

Amazon Fraud Detector is a fully managed service that makes it easy to identify potentially fraudulent online activities such as online payment fraud and the creation of fake accounts.

AWS Secrets Manager now allows to create and manage resource-based policies using the Secrets Manager console. At the same time, Secrets Manager is now able to identify and prevent creation of resource policies that grant overly broad access to secrets across AWS accounts.

How to automate the deletion and recreation of HSMs when you do not have a requirement for high availability. Using this approach of deleting HSMs and restoring them from backups on a predefined schedule can help lower your monthly CloudHSM costs.

Google announced Private Service Connect in alpha, which allows you to create service endpoints in consumer VPCs that provide private connectivity and policy enforcement, allowing to connect services across different networks and organizations. With Private Service Connect, traffic stays private and secure over Google's global network.

This article illustrates how to secure each REST operation exposed by services running on Cloud Run.

Free Kubernetes O'Reilly e-book on the basics and getting started with Kubernetes.

Security best practices to use when designing, deploying, and managing cloud solutions by using Azure.