Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering. And the roadmap template can be found at: roadmap.cloudsecdocs.com.

CNCF announced a new paper, Software Supply Chain Security Best Practices, designed to provide a holistic approach to supply chain security by highlighting the importance of layered defensive practices.

The protection layers Kubernetes offers to protect Secrets in your cluster.

Kubernetes alone does not help achieve PCI DSS compliance. This article covers the 12 requirements of how fintech businesses can make it more compliant.

A new obfuscation technique using AWS VPC features: attackers could change the IP address written to AWS CloudTrail logs.

Check Point researchers detected several SSM (Systems Manager) documents that led to the discovery of over five million Personally Identifiable Information (PII) records and credit card transactions for several companies.

In the modern world of networking, where do bastion hosts fit in? Even in a perfect world of Zero Trust with extremely robust user and device identity based authentication, it would still be risky to have all of your infrastructure publicly accessible.

How to deploy Sysmon on endpoints and how to push logs to Azure Sentinel.

The Getting Started collection on HashiCorp Learn provides a jump-start for installing and running Boundary in a dev environment and getting a sense for how Boundary enables access based on user identity.

iamlive as a Lambda extension to help you quickly achieve least privilege with your deployed Lambda functions.

Assumed role session chaining (with credential refreshing) for boto3.

A Kubernetes operator to sync secrets from AWS Secrets Manager.

Production-grade, airgapped Kubernetes installer combining upstream k8s with overlays and popular components.

plumber is a CLI devtool for inspecting, piping, massaging and redirecting data in message systems like Kafka, RabbitMQ , GCP PubSub and many more.

Kubectl plugin to find and report outdated images running in a Kubernetes cluster.

Guard is a simple, open-source way for you to define constraints (e.g. is volume encrypted). With 2.0, AWS added a number of features to make it much easier to write guard rules -- better validation and testing, more concise and simple rules, a new IN operator, filtering, named rules, and making guard more general purpose (e.g. can be run on Terraform and Kubernetes configurations as well).

AWS App Runner makes it easier to deploy web apps and APIs to the cloud, regardless of the language they are written in. It has AWS operational and security best practices built-it and automatically scale up or down.

How to customize your landing zone to align with your business needs using an AWS Solution called Customizations for AWS Control Tower.

A delegated authorization use case, to illustrate how to use KMS to sign the data, while the verification is performed in independent, distributed environments.

Amazon Macie now allows you to define a run-time criteria to determine which S3 buckets should be included in a sensitive data discovery job.

How to deploy a unified export pipeline that uses Cloud Pub/Sub and Dataflow to aggregate and stream logs from Cloud Logging, security findings from Security Command Center, and asset changes from Cloud Asset Inventory.

Firewall Insights creates visibility into your firewall rule set by providing a single console for managing Google Cloud network visibility, monitoring and troubleshooting.

Google introduced OS configuration management, which uses OS policies to automate and centralize the deployment, configuration, maintenance, and reporting of software configurations on your virtual machine (VM) instances.

Google added new security capabilities into Google Workspace, including Alert Center enrichment with VirusTotal threat context, restricted access to resources, and user blocking in Drive.