A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

VMware Cloud on AWS – Now Available (AWS Blog, Aug 30 2017)
VMware and Amazon announced the initial availability of VMware Cloud on AWS. This service is initially available in the US West (Oregon) region through VMware and members of the VMware Partner Network. It is designed to support use cases such as data center extension, application development & testing, and application migration….

The State of SDN (Gartner Blog Network, Aug 29 2017)
Software-defined networking (SDN) remains a widely used and misused term that means everything and nothing at the same time. In fact, most of the networking products today marketed as SDN do not quality as SDN…

The TLS 1.3 Controversy, and Why We Need to Choose Stronger Security (Securosis Blog, Aug 25 2017)
“Transport Layer Security (TLS) is fundamental to the security of the Internet. Proposed changes to the protocol are generating extensive controversy within and outside the security industry. Rather than getting into cryptographic specifics, this post focuses on the root of the controversy, and why we believe TLS 1.3 should proceed with the full support of technical professionals.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Google’s App Engine gets a firewall (TechCrunch, Aug 24 2017)
Until now, developers couldn’t easily restrict access to their applications on the service to only a small set of IP addresses or address ranges for testing, for example. Instead, they had to hard-code a similar solution into their applications…

Continuous Compliance and Effective Audit Preparation for the Cloud (Dark Reading, Aug 25 2017)
Why audits are a necessary evil, and how they can actually help you improve your brand value.

How Quantum Computing Will Change Browser Encryption (Dark Reading, Aug 24 2017)
From a protocol point of view, we’re closer to a large-scale quantum computer than many people think. Here’s why that’s an important milestone…

Docker brings containers to mainframes (Network World Security, Aug 22 2017)
With Docker Enterprise Edition 17.06, containers can now run on IBM z Systems mainframes running Linux…

VMware Puts Security at the Heart of its Software (Fortune, Aug 27 2017)
“AppDefense lets the virtual machine learn good behavior and any time it sees behavior that deviates from that it can take action…Based on the software profiles learned by AppDefense, legitimate packages get a green light to run in the VM; but software that deviates from what the VM expects will get a yellow light and may be routed to a VM where it can be monitored closely. And really funky-looking software would get a red light to prevent it from running at all.”

The difference between Vulnerability Assessment and Penetration Testing (Web Security Blog – Acunetix, Aug 22 2017)
I’m haven’t heard much confusion on this lately, but here’s an interesting way to describe it: “the fundamental difference between vulnerability assessment and penetration testing is the former being list-oriented and the latter being goal-oriented.”

VMware CEO Pat Gelsinger on building better app defense (Network World Security, Aug 30 2017)
VMware CEO Pat Gelsinger talks about distributed encryption between virtual machines and the concept of app defense…

Google Reminding Admins HTTP Pages Will Be Marked ‘Not Secure’ in October (Threatpost, Aug 29 2017)
Google began sending out notices to site owners this month, reminding those who haven’t yet migrated from HTTP to HTTPS that in October their sites will be marked “NOT SECURE.”

New AWS DevOps Blog Post: How to Help Secure Your Code in a Cross-Region/Cross-Account Deployment Solution on AWS (AWS Security Blog, Aug 27 2017)
You can help to protect your data in a number of ways while it is in transit and at rest, such as by using Secure Sockets Layer (SSL) or client-side encryption. AWS KMS allows you to create custom keys, which you can share with AWS Identity and Access Management users and roles in your AWS account or in an AWS account owned by someone else…

A Closer Look: Securing with Jenkins (Checkmarx, Aug 28 2017)
Acclaimed by the DevOps world and best known as the leading open source automation server for continuous integration (CI) and continuous delivery (CD), Jenkins is a Java-based program designed to monitor a set of executions in a software environment…