I've been going through the Cluster Setup topics for the #CKS. I learned about the #Kubernetes CIS Benchmark by the Center for Internet Security, which is a catalogue of best practices for securing Kubernetes clusters. I also explored kube-bench, a tool by Aqua Security that can be run as a job on the cluster to scan nodes and check if they adhere to the recommended practices mentioned in the CIS benchmark. Additionally, I learned how to create an Ingress with TLS termination for better security. #k8s #devops #cloud #cloudnative #security #IaC

Over the next few days, I'd like to highlight the Cloud Security Alliance's collaboration with SAFECode.org in developing "The Six Pillars of the DevSecOps Series" Pillar 1: Collective Responsibility In summary, security is not its' own entity - when introducing security into devops, it should be noted and understood that an organization's security stance is, in fact, everyone's responsibility. #CSA #CloudSecurity

Excited to give my first conference talk this Monday @ 2pm EST. It’ll also be live-streamed and recorded. If you’re attending in person please come say hi! I’ll be covering prior methodologies I’ve found, going in-depth on my personal AWS pentest methodology, and what I think the future of cloud pentest methodology could look like if it were open sourced. The methodology is for an assumed breach perspective and deals with testing the customer side of Shared Responsibility Model. https://lnkd.in/g2hVu9pu

🔒 Enhancing Cloud Security with DevSecOps 🔓 Security should never be an afterthought. With DevSecOps, integrate security into every stage of your development pipeline. Restack helps you build secure cloud environments. 💻 ✅ DevSecOps Advantages: 1️⃣ Continuous security integration 2️⃣ Proactive threat detection 3️⃣ Secure development practices Secure your cloud journey with Restack. Let's get started! #Restack #DevSecOps #CloudSecurity #SecureDevelopment

😱 Struggling to keep your Kubernetes deployments secure? Improve the security posture of your Kubernetes deployments thanks to Datadog Cloud Security management’s new KSPM (Kubernetes Security Posture Management) capabilities: 💯 KSPM offers a set of 100+ new Kubernetes misconfiguration detection rules covering both managed (EKS and AKS) and unmanaged Kubernetes deployments. These rules offer clear descriptions of the problems surfaced and simple remediation guidelines. 🗄 Comes packaged in real-time compliance reports such as CIS EKS, CIS AKS, or CIS Kubernetes, with Google Cloud GKE support coming later this year. ✍ Offers users the ability to write Kubernetes custom rules for supported resources. Check out our KSPM documentation to get started, or head to the Frameworks page in Datadog CSM. 👇 You'll find links to both in the comments below 👇 #kubernetes #security #posturemanagement #cloudsecurity #observability

🔐 Boost Your Pipeline Security with Workload Identity Federation (WIF)! 🔐 Static credentials are becoming a thing of the past! In our latest blog, Baran Hocaoglu and Zeyd Bora, explain how to enhance the security of your CI/CD pipelines using Workload Identity Federation (WIF). Say goodbye to long-lived keys and the hassle of constant rotation. 💡 Discover how WIF can safeguard your cloud services and streamline your processes. Learn more by reading the full article 👉 https://lnkd.in/dRAn6qHP #Oredata #BitbucketPipelines #CloudSecurity #WIF #DevOps #GoogleCloud #SoftwareDevelopment #CloudComputing

One of my favorite cloud security tools is Amazon CloudWatch. It's a powerful service that helps you monitor and get insights into your applications, keeping you informed about their performance and security. 💡 With CloudWatch Logs, you can keep track of log files from your AWS resources in near real-time. It allows you to create alarms based on your log data, which can trigger notifications when something needs your attention. 🚥 As a Agile Champion, I enjoy understanding where my team's security posture stands. Tools like CloudWatch are essential for maintaining a secure and efficient workflow. ⚡ #CloudSecurity #ScrumMaster #BuildingLeaders #Agile

How do you limit AWS Lambda access to other services and cloud resources? The principle of least privilege in access control is one of the most important when discussing security. I have recently written Lambda to query various EC2-related resources. I discovered a catch when I wanted to limit my resource access. The conditional expression in IAM helps to do this. However, there are different prefixes: 'ec2' and 'aws'. There are also others. I still need to fully understand the principle of dividing between them. Even with the incorrect condition, all IaC tools will deploy the IAM policy. One issue you get is that the user is not authorized to perform an action. On the screenshot, there are two which I have discovered in the case of EC2 and images. #devops #awscommunity #iam #security

Adoption of containerized applications requires risk and vulnerability management fit for cloud environments ☁️ Our upcoming webinar exploring Tanium Cloud Workloads will demonstrate… ✔️ Thorough vulnerability scanning ✔️ Kubernetes control with runtime policy enforcement ✔️ Identification and alerts of unauthorized or rogue containers ✔️ And more! Register today: https://bit.ly/3B10vp6

In cloud environments, managing secrets securely is paramount. Sensitive information like database credentials stored as plain text poses significant security risks. Static secrets, once compromised, can be exploited indefinitely. This is where Vault, a secure secrets management tool, comes into play. Vault centralizes and encrypts secrets, offering dynamic credentials that automatically rotate, significantly improving your security posture. This article guides you through setting up dynamic secrets for Postgres access using Vault and a Spring Boot application deployed on Kubernetes. Read More: https://lnkd.in/eH3gTFdH #cloudcomputing #cloudsecurity #kubernetes #vault #springboot #dynamicsecrets #devops #secretsmanagement #databaseaccess #securitybestpractices