A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

AWS Earns Department of Defense Impact Level 5 Provisional Authorization (AWS Security Blog, Sep 12 2017)
“The Defense Information Systems Agency (DISA) has granted the AWS GovCloud (US) Region an Impact Level 5 (IL5) Department of Defense (DoD) Cloud Computing Security Requirements Guide (CC SRG) Provisional Authorization (PA) for six core services. This means that AWS’s DoD customers and partners can now deploy workloads for Controlled Unclassified Information (CUI) exceeding IL4 and for unclassified National Security Systems (NSS).”

Next Generation Firewall vs. Container Firewall (NeuVector, Sep 11 2017)
“Containers and microservices are revolutionizing computing. But can firewalls help secure these? Next Generation Firewalls (NGFW) were supposed to handle the latest threats and data center designs, but fall short in the new cloud microservices environments. Here’s a comparison of the next generation firewall vs. container firewall.”

The New York Cyber Security Regulation: An Application Security Perspective (WhiteHat Security, Aug 28 2017)
“I was reading through the New York City Department of Financial Services Cybersecurity Regulation…In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

VMware adds whitelist security to the hypervisor (Network World Security, Sep 11 2017)
“In some cases, virtual servers run only one or two apps, so shutting out everything else is simple…AppDefense is currently available only for on-premises data centers, but VMware is planning on a cloud-based version down the road.”

DevOps, Security, AI Convergence on Horizon (DevOps, Sep 07 2017)
“DevOps and security are wed. DevOps and AI are moving closer toward each other. It’s only a matter of time until all three get together.”

Slalom’s approach to breaking down silos between DevOps and Security Teams (Chef Blog, Sep 06 2017)
“Slalom Consulting, a Chef Professional Services Partner, has adopted the CLAMS model (culture, lean, automation, monitoring, and sharing) as a best practice for successfully implementing IT automation tools as part of a DevOps transformation.”

Windows Authentication in Service Fabric and ASP.NET Core 2.0 (Microsoft Azure Blog, Sep 07 2017)
“Recently, I worked on a Service Fabric solution for a customer, where my team had to configure secure communication capabilities to existing reliable (stateless) services, built on top of the ASP.NET Core 2.0 framework. More specifically, we had to configure the Windows Authentication feature on them and choose WebListener as the web server, to process HTTP requests from remote Windows clients.”

The 2017 DevOps Salary Report: Yes, IT titles & salaries are changing (Puppet Blog, Sep 12 2017)
“Since 2016 there have been some serious shifts in the salaries and job titles of IT professionals. We found the salaries of IT managers decreased in the United States, Western Europe and Asia since 2016.”

Secure Multi-Tenancy at Scale with Docker Enterprise Edition (Docker Blog, Sep 13 2017)
“Docker Enterprise Edition now includes the ability to define custom granular Role-based Access Controls (RBAC) down to the API operation level. This latest release also introduces a new resource control model that allows organizations to define resource collections which are granted to specific users, teams or orgs.”