InfoQ Homepage Cloud Security Content on InfoQ
-
AWS Announces Clean Rooms for Secure Collaboration with Analytics Data
During the recent re:Invent conference, AWS announced the preview of Clean Rooms for analytics data. The new service provides safe environments where multiple customers can securely share and analyze data with control of how the data is used, reducing the risk of sharing personal data.
-
AWS Announces Preview Release of Amazon Security Lake
At re:Invent, AWS announced the preview release of Amazon Security Lake. This managed service automatically centralizes an organization’s security data from the cloud and on-premises sources into a purpose-built data lake stored in their account.
-
Critical Vulnerability in VM2 Sandbox Found Affecting Spotify Portal Platform Backstage
Spotify Backstage, an open-source platform used to build developer portals and in use at a number of large companies, has been found vulnerable to a critical remote code execution vulnerability. Confirming that most vulnerabilities are found in indirect dependencies, the Backstage vulnerability is enabled by another vulnerability found in its JavaScript VM2 sandbox dependency.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.
-
AWS Opens New Region in Spain
AWS recently opened a new region in Spain to offer cloud services in the Iberian Peninsula and address in-country data residency and compliance requirements. The new eu-south-2 region is based in Aragón and has three availability zones.
-
HashiCorp's Boundary Now Generally Available on HCP
Following a successful beta trial, HashiCorp has announced the general availability of Boundary on their cloud platform HCP. This adds a key new aspect to HashiCorp's managed solution for zero-trust security.
-
OpenSSL Hit by Two High Severity Vulnerabilities, Recently Patched
Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification.
-
AWS Adds Container Lens to Well-Architected Framework
AWS has added a new container lens to its Well-Architected Framework. This new technical paper outlines best practices sourced from the community, AWS partners, and AWS's internal container technology specialists. These best practices provide guidance for running high-performance, reliable, and secure container workloads. The paper also includes reference architectures for a few common use cases.
-
AWS Introduces AWS Parameters and Secrets Lambda Extension to Improve Performances and Security
AWS recently announced the Parameters and Secrets Lambda Extension, a new way for developers to retrieve parameters from Systems Manager Parameter Store and secrets from Secrets Manager. The Lambda extension caches parameters and secrets, reducing latency and costs.
-
Programming Your Policies: Justin Cormack at QCon San Francisco 2022
At QCon San Francisco 2022, Justin Cormack, CTO at Docker, presented on Programming your policies. The talk is part of one of the editorial tracks called "Languages of Infra: Beyond YAML."
-
Orca Security Report Finds Critical Assets Vulnerable within Three Steps
A report from Orca Security found security gaps within the assessed cloud environments. These include unencrypted sensitive data, S3 buckets with public READ access, root accounts without multi-factor authentication enabled, and publically accessible Kubernetes API servers. In addition, they found that the average attack path only requires three steps to reach business-critical data or assets.
-
HashiCorp Vault Enhances Plugin Framework, Adds New Secrets Engines
HashiCorp has released a number of new features and improved core workflows for Vault, their secrets and identity management platform. The improvements include a new PKCS#11 provider, support for Redis and Amazon ElasticCache as secrets engines, improvements to the Transform secrets engine, and a better user experience for working with plugins.
-
DataDog Publishes AWS Security Report
DataDog has published their State of AWS Security report, an overview of practices based on data analysis from over 600 organizations. The report compares intersection and divergence between actual usage against industry best practices and the cause of breaches/data leaks.
-
Threat Operations and Research Team Cloudforce One Generally Available
Cloudflare recently announced that the threat operations and research team Cloudforce One began conducting briefings and is now generally available. Available as an add-on subscription, Cloudforce One includes threat data and briefings, security tools, and the ability to make requests for information (RFIs) to the team.
-
Microsoft Previews Azure Firewall Basic for Small-Medium Businesses
Microsoft recently released the public preview of Azure Firewall Basic for small-medium businesses (SMBs), providing enterprise-grade security at an affordable price. The company offers the Basic SKU as it sees SMBs as particularly vulnerable to budget constraints and gaps in specialized security skills.