🔶Tracking the Effectiveness of Cloud Adoption

AWS’s Nurani Parasuraman discusses how best to track the effectiveness of a company’s cloud adoption.

https://aws.amazon.com/ru/blogs/enterprise-strategy/tracking-effectiveness-of-cloud-adoption

#aws

🔷 Azure’s Security Vulnerabilities Are Out of Control

Azure's multiple security vulnerabilities are highly concerning, for both customer data and the cloud's reputation. It's time we put public pressure on Azure.

https://www.lastweekinaws.com/blog/azures_vulnerabilities_are_quack

#azure

🔶 Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service

A comprehensive backup strategy is a cornerstone of any DR plan. But how would you distinguish between legitimate backup activity and malicious data exfiltration?

https://www.vectra.ai/blogpost/abusing-the-replicator-silently-exfiltrating-data-with-the-aws-s3-replication-service

#aws

🔴 How to overcome 5 common SecOps challenges

Here are 5 common issues that many SecOps teams struggle with, and how to fix them.

https://cloud.google.com/blog/products/identity-security/how-to-overcome-5-common-secops-challenges

#gcp

(in Russian)

Встречайте наше первое небольшое, но полноценное мероприятие по облачной безопасности в гибридном формате в уютном (но пока еще тайном) месте в центре летней Москвы.

Ждем с нетерпением инженеров по безопасности, директоров по ИБ, специалистов по DevSecOps, security инженеров и всех, кто интересуется этой тематикой.

На офлайн-мероприятие приглашаем участников нашего чата по безопасности, которые зарегистрируются в форме ниже. Мероприятие бесплатное.

Для тех, кто не сможет посетить нас очно, мы организуем трансляцию мероприятия.

Подробнее о мероприятии →
Творческое объединение WIP, Яузский бул., 11, стр. 1

#advertising

🔶 Best Practices for AWS Organizations Service Control Policies in a Multi-Account Environment

AWS’s Rajeswari Malladi and People’s United Bank’s Jim Kozlowski provide a representative organization unit (OU) structure for a financial services industry customer, and also best practice guidance and starter service control policies (SCPs) to consider in a multi-account AWS environment to establish governance and control.

https://aws.amazon.com/ru/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment

#aws

🔴 Protecting GCP Services with VPC Service Controls and Terraform

Post exploring VPC Service Controls through an example of a common use case of VPC Service Control perimeters, deep dive on some key concepts, and learn how to automate administration with Terraform.

https://blog.scalesec.com/protecting-gcp-services-with-vpc-service-controls-and-terraform-858019d8b4ff

#gcp

🔶 Hacking an AWS hosted Kubernetes backed product, and failing

Tales from a recent pentest of a product hosted on the AWS cloud backed by Kubernetes (EKS) and a whole lot of secure design goodness that withstood attack attempts.

https://blog.appsecco.com/hacking-an-aws-hosted-kubernetes-backed-product-and-failing-904cbe0b7c0d

#aws

🔶 Security best practices in IAM

An updated list of 14 IAM best practices by AWS.

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

#aws

🔶 IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation

Palo Alto Networks Jay Chen describes IAM-Deescalate, a tool to mitigate privilege escalation risks in AWS. It first identifies the users and roles with privilege escalation risks using PMapper.

For each risky principal, IAM-Deescalate calculates a minimal set of permissions granted to this principal that can be revoked to eliminate the risks. IAM-Deescalate inserts an inline policy to explicitly deny the risky permissions that could allow the principal to escalate to administrator privilege.

https://unit42.paloaltonetworks.com/iam-deescalate

#aws

🔶 AWS glossary and fwd:cloudsec 2022

Hundreds of AWS product names and terms, described in a sentence or two, by Amazon.

https://docs.aws.amazon.com/general/latest/gr/glos-chap.html

Also a nice YouTube playlist is now live! Some excellent talks, as always.

https://www.youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy

#aws

🔶 Dependency confusion in AWS CodeArtifact

At the time of the finding Code Artifact did not have any features to specify which packages were internal and therefore should not be pulled from public repositories.

https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d?gi=eb56bfabbd85

#aws

🔶 AWS Security by Dylan Shields

An excellent book by software engineer working on Quantum Computing at Amazon Dylan Shields describing that running your systems in the cloud doesn’t automatically make them secure. Learn the tools and new management approaches you need to create secure apps and infrastructure on AWS.

#aws

🔶 Uncomplicate Security for developers using Reference Architectures

Post walking through some of the salient features of a meaningful security reference architecture and the process required to develop one, as well as looking at the challenges that one might expect to face.

https://anunay-bhatt.medium.com/embedding-security-into-sdlc-using-reference-architectures-for-developers-29403c00fb3d

#aws

🔶 Setup GitHub Codespaces with AWS IAM Roles Anywhere

Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces.

https://devopstar.com/2022/08/01/github-codespaces-and-iam-roles-anywhere

#aws

🔶🔷🔴 HashiCorp State of Cloud Strategy Survey

Insights from HashiCorp’s 2022 State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting. Forrester surveyed more than 1,000 technology practitioners and decision makers from around the world, drawn from random samplings as well as the HashiCorp opt-in contact database.

Some stats that stuck out to us:

1️⃣ 81% of companies are or are planning to use multiple cloud providers
2️⃣ 86% have a centralized function or group responsible for cloud operations or strategy

https://www.hashicorp.com/state-of-the-cloud

#aws #azure #gcp

🔷🔴 The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.

https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities

#azure #gcp

🔶 AWS Account Setup and Root User

A guide through the introductory steps to configure contacts for an AWS account & secure the root user.

https://wellarchitectedlabs.com/security/100_labs/100_aws_account_and_root_user

#aws

🔶 How to manage Route53 hosted zones in a multi-account environment

How to manage Route53 hosted zones in a multi-account environment so each account has full authority over its subdomain.

https://theburningmonk.com/2021/05/how-to-manage-route53-hosted-zones-in-a-multi-account-environment

#aws

🔶Granted Approvals - an Open Source Permission Management Framework

"We’ve designed Approvals so that it only has the ability to assign roles to existing users, rather than create new roles or new users. By design, the blast radius of Granted Approvals being compromised is that existing users in your directory could be granted access to roles, rather than external users being created. Better yet — Approvals is deployed as a serverless application which runs in your own AWS account, so Common Fate won’t have access to any data in your Granted Approvals deployment."

https://commonfate.io/blog/granted-approvals-release

#aws