A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Google to Bring HTTPS-First Mode to Chrome Browser (Dark Reading, Jul 14 2021)
Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS.
Application security tools ineffective against new and growing threats (Help Net Security, Jul 19 2021)
A study by Fastly and ESG, based on insights from information security and IT professionals representing hundreds of organizations globally, revealed growing concerns around adequately securing the rapidly rising number of mission-critical cloud services and API-centric applications. Outdated offerings, false positives, and ineffective blocking are among the main causes driving this global concern.
Most financial services mobile apps still rely on passwords, even with added friction (Help Net Security, Jul 20 2021)
Incognia announced a report which highlights results from their most recent study focusing on authentication and friction at login and the password reset process. The study was conducted to provide banking, financial services, and investing/trading mobile apps with insights on the state of mobile app login authentication and the friction when a user resets their password.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Multi-cloud environments creating additional security challenges (Help Net Security, Jul 15 2021)
Tripwire announced the results of a research report that evaluated cloud security practices across enterprise environments in 2021. Conducted by Dimensional Research, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organization.
Modernizing SOC … Introducing Autonomic Security Operations (Google Cloud Blog, Jul 21 2021)
Modernizing your Security Operations practice to protect against today’s and tomorrow’s threats is a significant undertaking that involves transforming how people approach security challenges, how workflows are engineered to achieve secure outcomes, and how technologies can be leveraged to maximize their value.
New Google Cloud Security offerings, just announced in the Government Security Summit keynote (Google Cloud Blog, Jul 20 2021)
This morning, Thomas Kurian, CEO of Google Cloud, and I kicked off the Google Cloud Government Security Summit with a keynote address that announced a set of offerings to help federal, state, and local government organizations implement Zero Trust architecture in accordance with the White House’s Executive Order on Improving the Nation’s Cybersecurity, and in alignment with National Institute of Standards and Technology (NIST) standards.
The What and Why of Cloud-Native Security (Container Journal, Jul 19 2021)
On the road to embracing DevOps, many IT organizations still depend on traditional security practices, policies and tools that were not built to withstand the modern cloud-native approaches of scaling and complexity. With less attention paid to security, organizations fail to transform themselves in this rapidly-changing digital world.
Next-generation firewall capabilities with Azure Firewall Premium (Microsoft Azure Blog, Jul 19 2021)
Following the preview release announced in February 2021, we are announcing the general availability release of Azure Firewall Premium. Key features in this release include: TLS Inspection, IDPS, Web Categories, and URL Filtering.
The rise of the Developer Experience Engineer, and why it matters (Help Net Security, Jul 16 2021)
In a world that increasingly relies on digital products, software development is becoming the catalyst for value creation and achieving top-line business results. At each level of industry, innovation is driving productivity. This is particularly true for firms on the technological frontier looking to innovate in response to competition. In many cases, this means developing new software at pace.