Weekly Cloud and Security Watch Newsletter - November 9th to 15th, 2020
________________________________________
Full newsletter with links ⇒ CloudSecurityAlliance.fr/go/KBF/
________________________________________
1 - CSA News and Updates - November 9th to 15th, 2020
- CCSK training in French: registration for the 23rd/25 session is still open
- Fill in the CSA survey on Cloud Adoption in 2020
- News: FIRST 2020 Conference, November 16th/18th
- Publication: 'Key Management when using Cloud Services'
- Blog: 'Seven Steps to defining the art of the possible in DevOps
- Blog: 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'
- Blog: 'What is cloud security? How is it different from traditional on-premises network security?'
2 - Cloud and Security News Watch (over 110 links)
- Must read
- State of CSP's Encryption Services
- Kubernetes Maturity Model (Fairwinds)
- Strategies For Remote Collections of Cloud Data(Fairwinds)
- Attacks, Incidents, Leaks, Risks, Threats, Vulnerabilities, Outages
- Attacks: Fake Microsoft Teams updates
- Leaks: Leaky AWS S3 Bucket Leads to Massive Data Leak
- Risks : Identification of Hidden Risks (World Economic Forum)
- Threats: Preventing Exposed Azure Blob Storage (SANS)
- Vulnerabilities: VoltPillager against Intel SGX Enclaves
- Outages: Microsoft Outage Affects OneDrive Users
- Best Practices, and Detection
- Reports, Surveys, Studies, Publications
- Reports: 'Kubernetes (K8s) Data Protection Report' (Zettaset) • '2020 Duo Trusted Access Report' (Duo Security) • 2020 update for 'Cloud-Native: The IaaS Adoption and Risk Report' (MacAfee)
- Cloud Services Providers, Solutions, and Tools
- AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery
- Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall
- GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs
- OVH Cloud: Co-building Cloud Services with Google Cloud
- Kubernetes: Threat Vectors: Part 3 - Persistence (Alcide) • Maturity Model (Fairwinds)
- Tools: Leonidas (Attack Simulation) • OpenCSPM (CSPM)
- Conferences, Podcasts, Weekly 'Cloud and Security' Watch
- Podcasts: 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)
- Newsletters: TL;DR Security #60 • The Cloud Security Reading List #63
- Market, Acquisitions
- Market: Encryption Services
- Acquisitions: CloudAlly by Zix • IDMSense by Ernst & Young
- Miscellaneous
- Framework Improving Efficiency in Disaster-Area Management
3 - Agenda
- November 16th/18th → 32nd FIRST Conference
- November 18th → Google Cloud Security Talks
- November 19th → MSSPs and Cloud Security Services: Who Are the Leaders? webcast
- November 23rd/25th → CCSK / CCSK Plus training in French
- November 30th to December 18th → AWS re:Invent 2020
4 - Link
________________________________________
Newsletter Hebdomadaire Cloud et Sécurité - semaine du 9 au 15 novembre 2020
________________________________________
Newsletter complète avec liens ⇒ CloudSecurityAlliance.fr/go/KBF/
________________________________________
1 - Informations CSA 9 au 15 novembre 2020
- Formation CCSK en Français : il reste des places pour la session des 23, 24 et 25 novembre
- Répondez au sondage CSA sur l'adoption du Cloud en 2020
- Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020
- Publication : 'Key Management when using Cloud Services'
- Blog : 'Seven Steps to defining the art of the possible in DevOps'
- Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'
- Blog : 'What is cloud security? How is it different from traditional on-premises network security?'
2 - Veille Web Cloud et Sécurité (plus de 110 liens)
- À lire
- Panorama des services de chiffrement des fournisseurs
- Modèle de aturité Kubernetes (Fairwinds)
- Principe de collecte de données cloud à distance (Forensics Focus)
- Attaques, Incidents, Fuites de données, Pannes
- Attaques : Fausses notifications de correctifs Teams
- Fuites de données : Buckets AWS S3 encoreà l'origine d'une fuite massive de données
- Pannes : OneDrive affecté
- Risques, Menaces, Vulnérabilités
- Risques : Identification des risques cachés (World Economic Forum)
- Menaces : prévention contre l'exposition de données avec AWS (SANS)
- Vulnérabilités : VoltPillager contre les enclaves Intel SGX
- Bonnes Pratiques et Techniques de Détection
- Rapports, Sondages, Études, Publications
- Rapports : 'Kubernetes (K8s) Data Protection Report' (Zettaset) • '2020 Duo Trusted Access Report' (Duo Security) • mise à jour 2020 pour 'Cloud-Native: The IaaS Adoption and Risk Report' (MacAfee)
- Cloud Services Providers, Solutions et Outils
- AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery
- Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall
- GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs
- OVH Cloud: Co-building Cloud Services with Google Cloud
- Kubernetes : Vecteurs d'attaque : 3ème partie sur la Persistence (Alcide) • Modèle de maturité (Fairwinds)
- Outils : Leonidas (Simulation d'attaques) • OpenCSPM (CSPM)
- Conférences, Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'
- Podcasts : 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)
- Veilles : TL;DR Security #60 • The Cloud Security Reading List #63
- Marché, Acquisitions
- Marché : Services de chiffrement
- Acquisitions : CloudAlly par Zix • IDMSense par Ernst & Young
- Divers
- Référentiel pour optimiser les Plans de Reprise
3 - Agenda
- 16 au 18 novembre → 32ème Conférence FIRST
- 19 novembre → Webinaire MSSPs and Cloud Security Services: Who Are the Leaders?
- 18 novembre → Google Cloud Security Talks
- 23 au 24 / 25 novembre → Formation CCSK / CCSK Plus en français
- 30 novembre au 18 décembre → AWS re:Invent 2020 en webcast
4 - Lien direct
________________________________________
________________________________________
#Veille #Watch________________________________________
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader -
[email protected] -
https://CloudSecurityAlliance.fr------------------------------