A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

The 10 Best Practices in Cloud Data Security (Cloud Security Alliance, Nov 03 2020)
Cloud security varies, and the best way to ensure everything is protected usually begins by understanding the combination of cloud location and cloud service your organization has.

Cybersecurity Awareness Month—New security announcements for Google Cloud (Google Cloud Blog, Oct 29 2020)
“The Google Cloud Security Showcase is a video resource that’s focused on solving security problems and helping you create a safer cloud deployment. With more than 50 step-by-step videos on specific security challenges or use cases, complete with actionable information to help you solve that specific issue, there’s something for every security professional. We’ve added 2 new use-case based videos this month”

Who’s selling SASE and what do you get? (Network World Security, Oct 30 2020)
Secure access service edge (SASE) architecture rolls networking and security into a cloud service, making it easier for enterprises to provide simple, secure access to corporate resources, but it’s still in its infancy. Vendors and service providers sell offerings that they call SASE, but what they actually provide and how they provide it varies widely.
SASE—pronounced “sassy”- is a term coined last year by Gartner, and it combines software-defined WAN (SD-WAN) with access control and security…

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads (Help Net Security, Oct 29 2020)
Amazon Web Services announced the general availability of AWS Nitro Enclaves, a new Amazon EC2 capability that makes it easier for customers to securely process highly sensitive data. AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing.

Containers for Data Analysis Are Rife With Vulnerabilities (Dark Reading, Nov 04 2020)
Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.

CSA Moves to Redefine Cloud-Based Intelligence (Dark Reading, Nov 04 2020)
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn’t require significant investment or more personnel.

Google says it’s “committed” to Nest Secure but won’t ship any new features (Ars Technica, Oct 29 2020)
The Nest Secure is dead, so how much longer will Google support it?

Unpacking the WordPress 5.5.2/5.5.3 Security Release (Wordfence, Nov 03 2020)
On Thursday, October 29, the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet. There was a subsequent 5.5.3 release one day later; you can read about the emergency WP 5.5.3 release here.