Segment's journey towards designing a scalable IAM architecture.

Many useful insights from Dino Dai Zovi on how to properly harden your CI infrastructure to make supply chain attacks more difficult to pull off.

Blog, walking through the importance of managing your network, and presenting a network structure for full control over your cloud resources.

In AWS IAM, even if a group has an explicit "Deny", this will only impact Group actions, and not User actions, opening organizations up to misconfiguration and vulnerabilities.

Walkthrough on how to automate, validate and monitor AWS IAM Security best practices with CloudQuery.

Cheatsheet taking a look at the various "securityContext" settings, explore what they mean and how you should use them.

How to setup a Github Action to build and sign an image with Cosign.

Blog looking at Kafka authorization using Open Policy Agent. It explains the advantages and disadvantages of using it, compare it with other supported authorization methods and look at some interesting ways it can be used.

How to connect services running in multiple, isolated, Kubernetes clusters spread across cloud providers or running on-premises with Inlets.

The Argoproj team announced the first release candidate for Argo CD v2.0. This post explains the new Argo CD user interface features, Kubernetes resource syncing and diffing enhancements.

Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups.

Find the account ID an S3 bucket belongs too. You can also read the companion blog post.

Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale.

Tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD. In a nutshell, it will track image versions specified by annotations on the Argo CD Application resources and update them by setting parameter overrides using the Argo CD API. You can also check the companion blog post.

Magpie is a free, open-source framework and a collection of community developed plugins that can be used to build complete end-to-end security tools such as a Cloud Security Posture Manager.

A collection of tools useful for secrets management, as well as hooks and scanners handy for preventing and detecting leaked secrets.

In-depth guide on how to set up an AWS multi-account environment, full of advice and examples from AWS engineers and customer experts.

Post aiming to help you decide which approach is best to securely connect your applications, either residing on premises or hosted outside of AWS, to your AWS environment when no human interaction comes into play. The post goes through the various alternatives available and highlights the pros and cons of each.

Now you can use AWS CloudTrail to log data-plane API activity to monitor, alarm, and archive item-level activity in your Amazon DynamoDB tables. You can use this information about item-level activity as part of an audit, to help address compliance requirements, and monitor which IAM users, roles, and permissions are being used to access your table data.

AWS Security Hub is now integrated with Amazon Macie to automatically ingest sensitive data findings from Macie. Security Hub previously ingested policy findings from Macie, and this integration adds sensitive data findings.

How to automate OpenSCAP's STIG testing and integrate the findings with AWS Security Hub to improve your view of your IT systems' compliance status.

With Network Connectivity Center, you can connect and manage VPNs, interconnects, third-party routers and SD-WAN across on-prem and cloud networks.

It is now possible to run Google Cloud Build builds locally on your laptop with: "$ cloud-build-local --dryrun=false --config=cloudbuild.yaml".

Policy Simulator lets you see how an IAM policy change might impact a member's access before you commit to making the change. You can use Policy Simulator ensure that the changes you're making won't cause a member to lose access that they need.

Once you've got your data into Cloud Storage, it's time for an important conversation about authentication. This post reviews some critical components for determining who has access to that data.

The Regulatory Compliance dashboard in Azure Security Center is an excellent tool for helping organizations understand their compliance posture relative to industry standards.