Survey which tried to understand current and estimated future cloud usage, determine the current security concerns during cloud adoption and deployment, identify the security tools organizations are using to address security concerns, and understand occurrences and causes of cloud-related security incidents.

Slides from a KubeCon Cloud Native Security Day 2020 talk discussing Yubico's journey towards automatic policy enforcement with Open Policy Agent.

A common requirement in multi-tenant applications is to support roles within each tenant. These are usually well-defined roles in your application and a user would fall into one of these roles within his/her tenant. So you not only have to isolate data access by the tenant but also restrict access to certain operations by role.

How to leverage GitOps to continuously enforce cloud security guardrails as infrastructure is developed, delivered, and deployed.

How to enhance AWS S3 security and how to enable CloudTrail audit events for this service. The post also explains how to perform AWS Thread Detection with Cloudtrail and introduces a free to use Sysdig Cloud Connector, so you can detect suspicious activity and react as soon as possible.

Part 1 of a series which demonstrates how to use Terraform to provision a Managed Identity resource and authenticate with Azure, as well as showing how Packer can take advantage of Managed Identities.

Post discussing an often overlooked component of building detections: the "when" in time a detection covers.

My personal approach to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular (disclaimer: I did write this post).

Confluent announced that the early access of the KIP-500 code has been committed to trunk and is expected to be included in the upcoming 2.8 release. For the first time, you can run Kafka without ZooKeeper.

How to attack and audit cloud storage services such as AWS S3, Azure, and Google storage/bucket.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.

Terraform module that provisions an Azure Storage account to store the terraform.tfstate file and a Key Vault to store the customer-managed encryption key.

A simple decorator for functions to run them against all AWS accounts in an organization.

This repository encompasses a fully scripted Github workflow to test the transparent use of the runtime for Kata Containers (Katas) on MicroK8s.

A collection of resources and how-tos for Tech Leads and all of those who chose the individual contributor (IC) career track.

You can now enable data plane activity logging for fine-grained monitoring of all DynamoDB item activity within a table by using CloudTrail.

AWS announced the EC2 Serial Console, a simple and secure way to troubleshoot boot and network connectivity issues by establishing a serial connection to your EC2 instances.

AWS announced Route 53 Resolver DNS Firewall, which allows to protect against data exfiltration attempts by defining domain name allowlists that allow resources within your VPC to make outbound DNS requests only for the sites your organization trusts.

You can now use IAM condition keys as part of IAM and Service Control Policies (SCPs) to centrally govern endpoint, authorization, and logging configurations for your APIs in API Gateway.

Scaling certificate management with Google Certificate Authority Service is a new whitepaper which focuses on GCP's Certificate Authority Service (CAS) as a modern certificate authority service and showcases key use cases for it.