ConsoleMe is a central control plane for AWS that provides an easier way to manage AWS permissions and access across multiple accounts.

Interesting post describing how Netflix provisions the so called "Netflix Workstations", which are remote workstations that allow content creators to get to work wherever they are.

An attacker can take advantage of the CNI in a misconfigured and unsecured Kubernetes cluster to execute attacks and bypass various mitigation methods.

How Morgan Stanley overcame multiple challenges while migrating to Terraform, while complying with strict security regulations.

An in-depth look at detection techniques through cloud API logs analysis, as well as exploring two real-world incidents in order to better understand how threats can slip through conventional detection methods.

Should you consider Amazon Cognito in your project? This post got the pros & cons for you, and many of the painpoints you need to consider.

Helm has now completed a second security audit, funded by the CNCF. The first audit focused on the source code for the Helm client along with the process Helm uses to handle security. The second audit, performed by Trail of Bits, looked at the source code for the Helm client along with a threat model for the use of Helm.

Checklist from PaloAlto offering best practices that can help an organization develop a comprehensive cloud native security strategy.

Did you create resources in GCP via gcloud or the console but want to turn it into Terraform? Now you can export the config with: "gcloud alpha resource-config bulk-export --resource-format=terraform".

The OpenPolicyAgent roadmap has been updated. Delta bundles, persistent store, type checking, policy metadata and a new Go SDK just a few of many planned improvements.

This container contains three scripts to demonstrate resource exhaustion from within a Kubernetes clusters: allocate all remaining RAM, allocate all remaining disk space, and fork bomb.

Collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.

A GitHub App that enforces approval policies on pull requests.

A collection of resources discussing logging strategies in AWS.

How to select the right AWS cryptographic services and tools for your application using KMS keys, custom key store, and ciphertext portability.

IAM Access Analyzer now allows to preview and validate public and cross-account access before deploying permission changes. For example, you can validate whether your S3 bucket would allow public access before deploying your bucket permissions.

AWS Security Hub has released 25 new controls for its Foundational Security Best Practice standard. These controls conduct fully automatic checks against security best practices for API Gateway, Cloudfront, DynamoDB, EC2, EFS, ES, RDS, RedShift, SNS, ELB, and KMS.

AWS Secrets Manager now allows to replicate secrets across multiple AWS Regions. This post shows how to automatically replicate a secret and access it from the recovery Region to support a disaster recovery plan.

Storage and backup administrators have a key role to play in cloud adoption, and Google Cloud has developed a number of data protection offerings to help administrators excel in their role and meet operational and compliance requirements.

Secret Manager is a Google Cloud service that provides a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Integrating Cloud Code with secret manager brings the powerful capabilities of both these tools together. Cloud Code makes it easy to create and manage your secrets right from within your preferred IDE, whether that be VS Code, IntelliJ, or Cloud Shell Editor.

Some of the key metrics to monitor when testing failover to optimize your application's performance, including the number of database connections, queries per second, CPU and memory utilization of the instance, read/write IOPS, and peak replication lag.

Microsoft released a deeper integration between Azure Sentinel and Microsoft 365 Defender, making it easier to harness the breadth of SIEM alongside the depth of XDR.

Microsoft introduced Azure Trusted Launch, which allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy that leverages the Trusted Launch Virtual Trusted Platform Module (vTPM) to measure and attest to whether the boot was compromised.

Alibaba Cloud Security Center is an all-in-one security management platform that can centrally-manage all of the security systems associated with your Alibaba Cloud account. The Security Center can identify and analyze security threats on the fly. If a threat is detected, the Security Center automatically sends an alert to the administrator.

This article explains the Alibaba Cloud Data Encryption Service and its usage scenarios.