A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Launch – Hello Amazon Macie: Automatically Discover, Classify, and Secure Content at Scale (Amazon Web Services, Aug 23 2017)
Amazon Macie is a service powered by machine learning that can automatically discover and classify your data stored in Amazon S3…once your data has been classified by Macie, it assigns each data item a business value, and then continuously monitors the data in order to detect any suspicious activity based upon access patterns…

Source Code Management Tools Affected by Severe Vulnerability (BleepingComputer, Aug 16 2017)
Three of the most popular version control systems (VCSs) used in managing source code projects are vulnerable to a flaw that allows an attacker to run code on a victim’s platform, potentially leading to the theft of source code or the hijacking of the underlying machine…

Identifying Security Weak Points in a Docker Environment (Container Journal, Aug 16 2017)
As Docker adoption increases, so does visibility into Docker containers’ security weaknesses. Here’s an overview of the types of security and privacy vulnerabilities that have been discovered in Docker containers so far. Docker environments are complicated, more so than environments built using virtual machines or bare-metal servers…


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Alert Logic Releases 2017 Cloud Security Report (Alert Logic Press, Aug 15 2017)
Compared to public cloud platforms security incidents over an 18-month period, on-premises customers experienced a 51% higher rate of security incident escalations, hosted private cloud 69% higher, and hybrid cloud 141% higher…

70% of DevOps Pros Say They Didn’t Get Proper Security Training in College (Dark Reading, Aug 21 2017)
Veracode survey shows majority of DevOps pros mostly learn on the job about security…

Some Advanced SSH Tricks on Linux (100TB Blog, Aug 23 2017)
While these features of SSH don’t fully replace the use case for a VPN, they do provide a number of features for which a VPN may be used to access server clusters where some of the servers may not have their own public internet connections. Thus potentially enabling the cluster to be accessed without the need to create a VPN endpoint…

Ensuring Security of Your Code in a Cross-Region/Cross-Account Deployment Solution (AWS DevOps Blog, Aug 16 2017)
There are multiple ways you can protect your data while it is in transit and at rest. You can protect your data in transit by using SSL or by using client-side encryption. AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create, control, rotate, and use your encryption…

From Waterfall Incident Management to Collaborative IT Operations (Blogs – DevOps.com, Aug 16 2017)
A big part of the cause of the alert fatigue on the IT side is the proliferation of specialist monitoring tools. In the poll, 66.67 percent of people we surveyed have five to 10 monitoring tools in place, and yet 61.90 percent of them are still struggling with that problem of alert noise/fatigue/volume…

GDPR for Application Delivery Pipeline (Chef Blog, Aug 22 2017)
With the changes in EU regulation that GDPR introduces, specifically relating to the processing of EU citizens’ personal data, organisations are facing fresh challenges in how they prove compliance. GDPR brings particular burdens with the ‘Privacy by Design’ mandate, that requires data privacy be part of the system design process from day one…