Container security was top of mind this week as Kubernetes announced the results of its first security audit. The review looked at Kubernetes 1.13.4 and found 37 vulnerability issues, including five high-severity issues and 17 medium-severity issues. We are happy to report that fixes for these issues have already been deployed.
Container security was also top of mind for McAfee who said this week it has acquired NanoSec, a California container security startup. This as the Cloud Security Alliance introduced its Egregious Eleven, the top salient threats, risks and vulnerabilities in cloud environments identified in its Fourth Annual Top Threats survey. Two key themes that emerged this year are a maturation in the understanding of the cloud and respondent’s desire to address security issues higher up the technology stack that are the result of senior management decisions. While you can check out the report yourself, the top concerns are: Data Breaches, Misconfiguration and Inadequate Change Control, Lack of Cloud Security Architecture and Strategy and Insufficient Identity, Credential, Access and Key Management.
To stay up-to-date on DevOps security, CI/CD and IT Modernization, subscribe to our blog here:
- This past week HashiCorp released an official Helm Chart for Vault. Operators can reduce the complexity of running Vault on Kubernetes with the new Helm Chart as it provides a repeatable deployment process in less time. For example, HashiCorp reports that using the Helm Chart, allows operators to start a Vault cluster running on Kubernetes in just minutes. The Helm chart allows you to run Vault directly on Kubernetes, so in addition to the native integrations provided by Vault itself, any other tool built for Kubernetes can choose to leverage Vault. Note that a Helm Chart for Vault Enterprise will be available in the future.
- In response to feedback, GitHub is bringing CI/CD support to GitHub Actions. Available November 13, the new support will allow users to easily automate how they build, test, and deploy projects across platforms -- Linux, macOS, and Windows -- in containers or virtual machines, and across languages and frameworks such as Node.js, Python, Java, PHP, Ruby, C/C++, .NET, Android, and iOS. GitHub Actions is an API that orchestrates workflows, based on any event, while GitHub manages the execution, provides rich feedback and secures every step along the way.
- Jenkins monitoring got a boost this week as Instana announced the addition of Jenkins monitoring to its automatic Application Performance Management (APM) solution as part of its focus on adding performance management for systems in other steps of the application delivery process. According to Peter Abrams, the company COO, and co-founder, “A common theme amongst Instana customers is the need to deliver and deploy quality applications faster, and Jenkins is a critical component of that delivery process.” The new capabilities include providing performance visibility of individual builds and deployments, and health monitoring of the Jenkins tool stack.
- The long-awaited AWS Lake Formation is now generally available. Introduced at re:Invent last fall, Lake Formation makes it easy to ingest, clean, catalog, transform, and secure data, making it available for analytics and machine learning. Operators work from a central console to manage their data lake and are able to configure the right access permissions and secure access to metadata in the Glue Data Catalog and data stored in S3 using a single set of granular data access policies defined in Lake Formation. AWS Lake Formation notably works with data already in S3, allowing operators to easily register their existing data with Lake Formation.
- In related news, it was announced that Amazon Redshift Spectrum now supports column-level access control for data stored in Amazon S3 and managed by AWS Lake Formation. This column-level access control helps limit access to only specific columns of a table rather than allowing access to all columns of a table, a key part of data governance and security needs of many enterprises.
- Our AWS Consulting team enjoyed these two AWS blogs. The first, Auto-populate instance details by integrating AWS Config with your ServiceNow CMDB, shares how to ensure CMDB accuracy by integrating AWS Config and ServiceNow so that a notification creates a server record in the CMDB and tests the setup.
- Focused on security by design, we are always interested in how to securely share keys. Therefore, this blog, How to deploy CloudHSM to securely share your keys with your SaaS provider caught our attention. In it, Vinod Madabushi shares two options for deploying and managing a CloudHSM cluster to secure keys, while still allowing trusted third-party SaaS providers to securely access the HSM cluster to perform cryptographic operations.
- Amazon announced that operators can now use AWS PrivateLink in the AWS GovCloud (US-East) Region. Already available in several other regions, AWS PrivateLink allows operators to privately access services hosted on AWS without using public IPs and without requiring the traffic to traverse the internet.
- Read our latest AWS Case Study, the story of how Flux7 DevOps consultants teamed with a global retailer to create a platform for scalable innovation. To accelerate its cloud migration and standardize its development efforts, the joint client-Flux7 team identified a solution: a DevOps Dashboard that would automatically apply the company’s various standards as cloud infrastructure is deployed.
- For CIOs and technology leaders looking to lead the transition to an Agile Enterprise, Flux7 has published a new paper on How CIOs Can Prepare an IT Platform for the Agile Enterprise. Download it today to learn how a technology platform that supports agility with IT automation and DevOps best practices can be a key lever to helping IT engage with and improve the business.