A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
macOS Catalina: Security and privacy improvements (Help Net Security, Oct 08 2019)
First things first: starting with Catalina, the system runs on its own dedicated, read-only APFS volume and – Apple claims – “nothing can accidentally overwrite critical operating system files.” Another big change that starts with Catalina is the deprecation of kernel extensions (“kexts”).
Global Study Finds Orgs Are Failing to Protect Data in the Cloud (Infosecurity Magazine, Oct 08 2019)
Just 32% of orgs think securing data in the cloud is their own responsibility
Google Cloud Worth $225 Billion, Deutsche Bank Says (IT Pro, Oct 03 2019)
The value ascribed by Deutsche Bank to Google Cloud is nearly twice the market value of IBM.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Take charge of your data: Scan for sensitive data in just a few clicks (Cloud Blog, Oct 07 2019)
Originally released as an API, Cloud DLP now includes a user interface (UI), which helps extend these capabilities to security, privacy, and compliance teams. Using the Cloud DLP UI, now generally available in the Google Cloud Console, you can discover, inspect, and classify sensitive data in just a few clicks by creating jobs, job triggers, and configuration templates.
The (security-focused) 2019 State of DevOps Report is here (Puppet Blog, Sep 25 2019)
Analysis of survey results from nearly 3,000 technical professionals and executives reveals that organizations which have evolved their DevOps practices to a high level have also achieved a high level of security.
Cloud-native applications need a unified continuous security approach (Help Net Security, Oct 07 2019)
As a starting point, DevSecOps teams should implement the best practices recommended by the leader in container orchestration, Kubernetes, and mesh contenders Istio and AWS Service Mesh. These best practices provide a foundation upon which DevSecOps can build a more expansive security program.
Cloud is Creating Security and Network Convergence (SecurityWeek, Oct 08 2019)
Network Security Expertise is Needed More Than Ever Inside Security Operations Centers and on DevOps Teams
Email Attacks Using Cloud Services are Increasing (SecurityWeek, Oct 08 2019)
An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers.
Updated whitepaper available: “Navigating GDPR Compliance on AWS” (AWS Security Blog, Oct 08 2019)
“The updated version of our Navigating GDPR Compliance on AWS whitepaper (.pdf) explains the role that AWS plays in your GDPR compliance process and shows how AWS can help your organization accelerate the process of aligning your compliance programs to the GDPR by using AWS cloud services.”
Organizations need tools that support DevOps security (Help Net Security, Oct 08 2019)
Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro.
Cybersecurity Firms Partner on Open Source Security Technology Development (SecurityWeek, Oct 09 2019)
A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies.
Flash Is Responsible for the Internet’s Most Creative Era (VICE US – undefined US, Oct 09 2019)
A new book highlighting the visual evolution of web design paints a picture of a risk-taking creative culture that hasn’t been quite the same since Steve Jobs stuck a knife into Flash.