InfoQ Homepage Compliance Content on InfoQ
-
CNCF Publishes the Kubernetes Policy Management Whitepaper
The CNCF recently published a new whitepaper about Kubernetes Policy Management. The whitepaper highlights the importance of Kubernetes policy management when it comes to the security and automation of clusters as well as workloads. Also, it goes in-depth into the problems Kubernetes policies solve and the proper implementation of such policies.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
How Meta Uses Privacy-Friendly Credentials in De-Identified Authentication
Meta uses authentication to protect its service’s endpoints against abusive usage. Post-processing access data to remove personally identifiable information is an approach they found too resource-intensive. An article was published recently explaining how Meta leveraged de-identified authentication to protect their services and their user’s privacy at the same time.
-
AWS CloudFormation Hooks Provide Proactive Validation of CloudFormation Operations
AWS has announced the general availability of AWS CloudFormation Hooks which allow for custom logic prior to a create, update, or delete CloudFormation stack operation. CloudFormation hooks support versioning, public and private distribution, and can be published into multiple AWS accounts and regions.
-
Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry
Recently, Microsoft announced the public preview of a bare-metal infrastructure as a service (IaaS) Azure Payment HSM that provides cryptographic key operations for real-time payment transactions in Azure. It uses the Thales payShield 10K payment HSMs, which delivers a suite of payment security functionality proven in critical environments.
-
AWS Releases Fully-Managed Data Lake for CloudTrail Logs
AWS announced the release of CloudTrail Lake, a fully-managed data lake for storing and analyzing CloudTrail logs. CloudTrail Lake can aggregate logs across regions and accounts. Once in the lake, the logs can be queried using SQL syntax.
-
AWS Introduces Backup Audit Manager for Compliance Requirements
Amazon recently announced the availability of AWS Backup Audit Manager, a new feature of AWS Backup to monitor the compliance status of backups and generate reports to meet business and regulatory requirements.
-
Bridgecrew's Yor Provides Automated Tagging for Infrastructure as Code
Bridgecrew recently released Yor, their open-source tool for automated infrastructure as code tagging. Yor automatically adds tags to infrastructure configurations which are then applied to the running cloud resources, simplifying connecting the active resources back to the code that created them. Yor currently supports Terraform, CloudFormation, and Serverless.
-
Google Cloud Releases Its Healthcare Consent Management API to General Availability
Google Cloud recently announced it would release its Healthcare Consent Management API to general availability to provide healthcare application developers and clinical researchers a simple way to manage individuals' consent over health data use. The Healthcare Consent Management API is part of the Cloud Healthcare API offering on the Google Cloud Platform (GCP).
-
AWS Outposts Now Supports Amazon Elastic Block Store Local Snapshots
Recently AWS announced that its Outposts service now supports Amazon Elastic Block Store (ESB) local snapshots. With Amazon EBS Local Snapshots on Outposts, customers can store snapshots of their Amazon EBS volumes locally on Amazon S3 on Outposts to meet their data residency and local data processing needs.
-
Open Policy Agent Graduates at CNCF
The CNCF announced the graduation of the Open Policy Agent (OPA) project. OPA is an open source policy management and enforcement engine that has declarative policies and integrates with various systems including Kubernetes.
-
Microsoft Launches New Data Governance Service Azure Purview in Public Preview
Recently Microsoft announced a new data governance solution in public preview on its cloud platform called Azure Purview. This new service automates the discovery of data and cataloging while minimizing compliance risk and helps customers map all their data, no matter where it resides, to provide an end-to-end view of their data estate.
-
AWS Open-Sources CloudFormation Compliance Analyzer
AWS has announced the preview release of CloudFormation Guard, an open-source CLI tool to enforce compliance policies against CloudFormation templates. cfn-guard provides a lightweight, declarative syntax for defining rules. It supports lists, wildcards, regex,and declaration of variables, and can work with CloudFormation intrinsic functions.
-
Alcide's New sKan Command Line Tool Scans Kubernetes Deployment Files
Alcide, a Kubernetes security platform, has announced the release of sKan, a command line tool that allows developers, DevOps and Kubernetes application builders access to the Alcide Security Platform. sKan enables developers to scan Kubernetes configuration and deployment files as part of their application development lifecycle including CI pipelines.
-
Compliance and the California Privacy Act - the Empire Strikes Back
On January 1, 2020, the California Privacy Act came into effect. Many companies have not complied with the law, and the long term effects of the legislation are unclear.