VSHN.timer #106: Cloud Security Basics
Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.
This week we’re going to talk about resources to help everyone understand the importance of cloud security these days.
1. Cloud security has (sadly) become the most important topic in IT. From private companies to governments, all network systems can be exposed to attacks and subject to theft, ransom, privacy breaches, legal liabilities, and whatnot. Even if not cybersecurity experts, managers and CXOs must learn all they can about this subject, and this guide can be a good starting point.
https://www.informationweek.com/cloud/cloud-security-basics-cios-and-ctos-should-know/a/d-id/1341578
2. Kubernetes is one of the most important cloud platforms in the world today, but not all teams are prepared to handle DevSecOps tasks properly. Red Hat has prepared a DevSecOps Kubernetes Security Whitepaper for them, summarizing the most important aspects and strategies to follow.
https://www.redhat.com/en/resources/devsecops-kubernetes-security-whitepaper
3. Let’s Encrypt has radically democratized the access to security certificates on the web, to the point that most browsers these days warn users connecting through unencrypted HTTP connections. But just one company is not enough to secure the whole web, so here’s Scott Helme telling us about another option in this market.
https://scotthelme.co.uk/heres-another-free-ca-as-an-alternative-to-lets-encrypt/
4. The Square team has a lot to worry about security – after all, they handle electronic payments for thousands of merchants around the globe. As their engineering squads are moving their infrastructure to a serverless solution such as AWS Lambda, they figured a way to tackle the pesky problem of managing secrets, and they shared their sauce with us.
https://developer.squareup.com/blog/expanding-secrets-infrastructure-to-aws-lambda/
5. Remember NSA’s hardening guide for Kubernetes we mentioned in VSHN.timer #104? Well, somebody made a tool that automatically checks your cluster for conformity to those guidelines. No more excuses not to harden your infrastructure to government-approved levels.
https://github.com/armosec/kubescape
6. Bonus item: don’t miss the Security Awareness Day 2021 organized by our friends at SWITCH October 5th!
Does your management team have basic knowledge of cybersecurity? How do you manage your certificate infrastructure? Would you like to share tips and tricks about hardening Kubernetes clusters? Get in touch with us, and see you next week for another edition of VSHN.timer.
PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.
PS2: check out our previous VSHN.timer editions about security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, and #93.
Adrian Kosmaczewski
Adrian Kosmaczewski is in charge of Developer Relations at VSHN. He is a software developer since 1996, a trainer, and a published author. Adrian holds a Master in Information Technology from the University of Liverpool.