Cloud Security
If an attacker compromises a Google Cloud Platform (GCP) user’s device, he can easily steal and abuse cached credentials, even if MFA is enabled. In this blog post, we will demonstrate an attack in real Google Cloud environments, involving: * Hijacking cached OAuth tokens stored on a GCP administrator’s
Cloud Security
For many in the world of data science, distributed training can seem a daunting task. In addition to building and thoughtfully evaluating a high-quality ML model, you have to be aware of how to optimize your model for specific hardware and manage infrastructure. The latter skills are not often included
Cloud Security
Cloud storage enables organizations to reduce costs and operational burden, scale faster, and unlock other cloud computing benefits. At the same time, they must also ensure they meet privacy and security requirements to restrict access and protect sensitive information. Best practices for securing your data with Cloud Storage Securing enterprise
Cloud Security
Here are my views on the “Top Ten” AWS Security, Identity and Compliance updates from AWS re:Invent 2020. 1) AWS Nitro Enclaves – Create isolated compute environments to further protect and securely process highly sensitive data. These environments are provably secure, and are not accessible to other applications, users, or
Cloud Security
In an ideal world HashiCorp Vault is neither the first nor last line of defense against an adversary. Most organizations have multiple layers of security, starting at the perimeter and continuing throughout their infrastructure to establish defense in depth. But we’ve built and architected Vault to stand against adversaries
Cloud Security
Infrastructure as code (IaC) is undoubtedly changing how engineers approach the cloud. IaC, when coupled with dev tools and automation, opens up new avenues for infrastructure performance, scalability, and now security. By embedding IaC security and compliance controls into your version control systems and CI/CD pipelines, you can start
Cloud Security
In terms of AWS security, first the good news: Amazon Web Services offers an impressive collection of security monitoring and logging capabilities. Now the bad news: these tools are entirely too fragmented and complex, with a range of little-known gaps and complications which can be impermeable to even experienced cloud
Cloud Security
Introduction Kubernetes, like any other secure system, supports the following concepts: * Authentication: Verifying and proving identities for users and groups, and service accounts * Authorization: Allowing users to perform specific actions with Kubernetes resources * Accounting: Storing subjects actions, typically for auditing purposes Authorization – the process of handling users’ access to resources
Cloud Security
Log Reality It is very common that an organisation keeps their logs (or a subset of them) whether on premise or on cloud such as AWS, often forwarding them to a Security Incident and Event Management (SIEM) system. There are a few main drivers for doing so: * Log Retention — frameworks
Cloud Security
VIMAGE was first presented in the Paper “Implementing a Clonable Network Stack in the FreeBSD Kernel” by Macro Zec in 2003 and VIMAGE code appeared first in FreeBSD 8.0, however it wasn’t until FreeBSD 12.0 that VIMAGE was built into FreeBSD GENERIC kernels and it is a
Cloud Security
TrueTime’s benefits for Cloud Spanner TrueTime is a highly available, distributed clock that is provided to applications on all Google servers1. TrueTime enables applications to generate monotonically increasing timestamps: an application can compute a timestamp T that is guaranteed to be greater than any timestamp T’ if T’ finished
Cloud Security
This will be part 1 of the series where we cover Google’s Spanner system. This is the system responsible for maintaining everything Google handles, from Gmail, to data, you name it. Petabytes of data are handled, replicated, and efficiently delivered to billions of users daily. This page describes how