A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Google Launches OpenTitan Project to Open Source Chip Security (Dark Reading, Nov 05 2019)
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
Microsoft Unveils New Security Tools for Azure (SecurityWeek, Nov 04 2019)
…at its Ignite 2019 conference, Microsoft announced a series of tools to expand the security capabilities of its Azure and Microsoft 365 platforms.
AWS re:Invent 2019 security guide: sessions, workshops, and chalk talks (AWS Security Blog, Nov 01 2019)
With re:Invent 2019 just weeks away, the excitement is building and we’re looking forward to seeing you all soon! If you’re attending re:Invent with the goal of improving your organization’s cloud security operations, here are some highlights from the re:Invent 2019 session catalog. Reserved seating is now open, so get your seats in advance for your favorite sessions.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Container usage has grown in complexity, specific security controls are needed (Help Net Security, Oct 31 2019)
This is a dramatic change from last year, when only 20% of containers lived less than five minutes. Many containers need to only live long enough to execute a function and then terminate when complete.
To Secure Multicloud Environments, First Acknowledge You Have a Problem (Dark Reading, Nov 04 2019)
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy. Simply using the security framework you built in your legacy or hybrid environment won’t suffice.
50% of apps will not be migrated to the cloud (Help Net Security, Nov 05 2019)
66% of businesses face difficulty in integrating and managing apps across third-party environments, while IT leaders also claim that over the next three years 50% of application workloads will not be migrated into public cloud environments, according to Kemp report.
Security Pros Fear Insider Attacks Stem from Cloud Apps (Dark Reading, Oct 30 2019)
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Exploring container security: Use your own keys to protect your data on GKE (Google Cloud Blog, Oct 31 2019)
…releasing two features to help you protect and control your GKE environment and support regulatory requirements: the general availability of GKE application-layer Secrets encryption, so you can protect your Kubernetes Secrets with envelope encryption; and customer-managed encryption keys (CMEK) for GKE persistent disks in beta, giving you more control over encryption of persistent disks.
Traders exploit ‘infinite money cheat code’ bug on Robinhood Markets system (SC Magazine, Nov 05 2019)
Traders are exploiting a glitch in the Robinhood Markets Inc. system – referred to as an “infinite money cheat code” by users in the WallStreetBets forum on Reddit – to excessively tap borrowed funds to trade stocks