#defend, #design, #kubernetes

The Kubernetes Hardening Guidance from NSA everyone has been talking about for the past week. It includes hardening strategies to avoid common misconfigurations and guides on how to deploy Kubernetes, with example configurations for the recommended hardening measures and mitigations.

#aws, #build, #defend

Post from SummitRoute discussing options for ensuring the durability of data stored on S3, through protections in place and backup strategies.

#aws, #build

What you should do when setting up a new AWS Organization from scratch.

#kubernetes, #monitor

Post from Square going through the basics of Kubernetes audit logs, and how we can use these audit logs effectively to hunt for attackers in our Kubernetes clusters.

#design, #iac, #strategy

An article from McKinsey analysing how embedding cloud security in code can reduce risk without slowing down the business.

#ci/cd, #defend

How dependency confusion works, how Twilio is defending against it, and how you can protect your own codebase.

#attack, #aws

Blog focusing on a new Pacu module on cloud malware using resource injection in CloudFormation templates.

#defend

A checklist of practices for organizations dealing with account takeover threats.

#build, #explain, #kubernetes

Multi-part series exploring Kyverno, a Kubernetes-native policy engine.

#announcement, #gsuite

Google launched a new family of Identity APIs called Google Identity Services, which consolidates multiple identity offerings under one software development kit (SDK). This SDK includes the Sign in with Google button as well as One Tap, a new low-friction authentication prompt. Sign in with Google and One Tap use secure tokens, rather than passwords, to sign users into partner websites and apps.

#announcement, #vault

HashiCorp announced a new fully managed Vault offering called "Starter" for AWS environments on the HashiCorp Cloud Platform (HCP). The new Starter cluster is a production-grade, 3-node cluster.

A collection of Prometheus alerting rules.

CLI tool to generate terraform files from existing infrastructure (reverse Terraform).

Lens Resource Map is an extension for Lens - The Kubernetes IDE that displays Kubernetes resources and their relations as a real-time force-directed graph.

Many organizations want to create in AWS the same kind of perimeter protections they use in on-premises environments. This paper outlines the best practices and available services for creating a perimeter around your identities, resources, and networks in AWS.

How to conform to the principle of least privilege while still allowing users to use CloudFormation to create the resources they need.

How to perform fraud detection on a batch of many events using Amazon Fraud Detector.

How the integration of IoT security findings into Security Hub works, and you can download AWS CloudFormation templates to implement the solution.

Increased SLA, geo-expansion, new certifications, Customer-Managed Encryption Keys and more come to Google Cloud Secret Manager.

GCP IAM Recommender now generates lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project.

Risk Management and Compliance is as important in the cloud as it is in conventional on-premises environments. To help organizations in regulated industries meet their compliance requirements, Google Cloud offers automated capabilities that ensure the effectiveness of productionalization processes.

Private Service Connect lets you create private and secure connections to Google Cloud and third-party services with service endpoints in your VPCs.

Security Log Scoping Tool is an interactive form to help customers discover, evaluate and enable their security-relevant logs across Google Cloud.