Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by Azure Private Link) both promote network security by allowing VNet traffic to communicate with service resources without going over the internet, but there are some differences. This three-part blog series goes into detail about both services.
At Fugue, we’re pretty fond of Open Policy Agent (OPA), and we’ve written a lot of Rego code to keep cloud resources secure. So we’ve put together the most valuable lessons we’ve learned in the process.
Microsoft Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by Azure Private Link) both promote network security by allowing VNet traffic to communicate with service resources without going over the internet, but there are some differences.
Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly simple cloud service to use, but adequately securing your S3 resources is anything but simple, as too many organizations have discovered.
Zim is a caching build system that is ideal for software development teams using monorepos that contain many components and dependencies. Zim provides for fast incremental, parallel builds across a team and is entirely language agnostic with built-in support for cross-platform builds via Docker. Zim is available as an open source project hosted on GitHub.
“The cloud has radically changed the IT security landscape. The vulnerability surface is different. Attackers operate differently. And how you go about keeping your data safe needs to be different.”
If you’re running a workload in the cloud, take a moment to look at the activity logs for your public-facing resources. There’s bad guys there, and they’re probing your cloud infrastructure looking for misconfigurations they can exploit.
We’re excited to announce the Cloud Security Masterclass program to help increase awareness of advanced cloud misconfiguration risks and how malicious actors exploit them. We held the first free live Cloud Security Masterclass last month—a deep dive session into the complex layers of Amazon S3 security, which has been at the center of a number of recent high profile data breaches.
The COVID-19 crisis has a profound impact on just about every business, and for cloud engineering and security teams, the rapid and near universal transition to 100% work-from-home has created significant new cloud security risks. Our State of Cloud Security Report, based on our industry survey conducted in late March, showed that 84% of IT professionals are worried about new cloud security vulnerabilities created during the pandemic.
When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reliable, and easy to use. But getting the security of S3 right—and making sure it stays that way—continues to confound many AWS customers.
