Weekly Cloud and Security Watch Newsletter - October 12th to 18th, 2020
________________________________________
Full newsletter with links ⇒ CloudSecurityAlliance.fr/go/KAI/
________________________________________
1 - CSA News and Updates - October 12th to 18th, 2020
- Fill in the new CSA survey on Cloud Adoption in 2020
- Publication: 'Cloud OS Security Specification v2.0'
- Podcast: 'The Business Value of STAR Attestation'
- Blog: 'What is the Cloud Controls Matrix (CCM)?'
- Blog: 'CCSK Success Stories: From a Security Consultant'
- Blog: 'How to Address the Security Risks of Cloud OS'
- Conférence: 'AWS Cloud Security Week 2020'
2 - Cloud and Security News Watch (over 80 links)
- Must read
- French Highest Court States over the 'Health Data Hub' Case
- MESA: Modern Enterprise Security Architecture (Sumo Logic)
- Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages
- Attacks: Office 365 credential-harvesting campaign (Cyjax and GreatHorn) • Grosth of DDoS volumes (Google Cloud)
- Leaks: Unsecured AWS S3 Buckets
- Vulnerabilities: Issues with APIs AWS
- Outages: Azure latest ones
- Best Practices, and Detection
- Best Practices: In case of M365 account compromise • Azure Security Benchmark v2
- Reports, Surveys, Studies, Publications
- Reports: '2020 Spotlight Report on Microsoft Office 365' (Vectra) • '2020 State of Virtual Appliance Security Report' (Orca Security) • 'The State of the Public Cloud in the Enterprise' (Contino)
- Surveys: '2020 Global CIO Report' (Dynatrace)
- Cloud Services Providers, Solutions, and Tools
- AWS: IAM Access Analyzer • AWS Firewall Manager
- Azure: Compliance • Conditional Access • Azure VMs
- GCP: IAM • Static outbound IP address
- Kubernetes: Securing Kubernetes Clusters • Misconfigurations
- Containers: Security Enforcement
- Workloads: Security Enforcement
- Outils: O365Enum
- Podcasts, Weekly 'Cloud and Security' Watch
- Podcasts: 'Cloud Security' • 'SilverLining' • 'Thousand Eyes' • Isolation par le Cloud (projet du DoD)
- Newsletters: TL;DR Security #56 • The Cloud Security Reading List #59
- Market, Acquisitions
- Acquisition: Managed Sentinel by BlueVoyant
- Miscellaneous
- Health Data Hub • European 'industrial cloud' • SASE and TLS (Netskope)
3 - Agenda
- October 19th/23rd → Europe Cloud Summit
- October 20th/22nd → CSA: Cloud Security Alliance APAC Virtual Summit
- October 26th/29th → AWS: AWS Cloud Security Week 2020
- November 3rd/5th → CSA: EMEA Summit
- November 23rd/25th → CCSK / CCSK Plus training in French
4 - Link
________________________________________
Newsletter Hebdomadaire Cloud et Sécurité - semaine du 12 au 18 octobre 2020
________________________________________
Newsletter complète avec liens ⇒ CloudSecurityAlliance.fr/go/KAI/
________________________________________
1 - Informations CSA - 12 au 18 octobre 2020
- Répondez au sondage CSA sur l'adoption du Cloud en 2020
- Publication : 'Cloud OS Security Specification v2.0'
- Podcast : 'The Business Value of STAR Attestation'
- Blog : 'What is the Cloud Controls Matrix (CCM)?'
- Blog : 'CCSK Success Stories: From a Security Consultant'
- Blog : 'How to Address the Security Risks of Cloud OS'
- Conférence : 'AWS Cloud Security Week 2020'
2 - Veille Web Cloud et Sécurité (plus de 80 liens)
- À lire
- Décision contentieuse du Conseil d'Etat sur le 'Health Data Hub'
- MESA: Modern Enterprise Security Architecture (Sumo Logic)
- Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes
- Attaques : Ciblage des utilisateurs O365 (Cyjax et GreatHorn) • Volumétrie DDoS (Google Cloud)
- Fuites de données : Buckets S3 mal protégés
- Vulnérabilités : démo pour les APIs AWS
- Pannes : quelques cas pour Azure
- Bonnes Pratiques et Techniques de Détection
- Bonnes pratiques : en cas de compromission de comptes sur M365 • Azure Security Benchmark v2
- Rapports, Sondages, Études, Publications
- Rapports : '2020 Spotlight Report on Microsoft Office 365' (Vectra) • '2020 State of Virtual Appliance Security Report' (Orca Security) • 'The State of the Public Cloud in the Enterprise' (Contino)
- Sondages : '2020 Global CIO Report' (Dynatrace)
- Cloud Services Providers, Solutions et Outils
- AWS : IAM Access Analyzer • AWS Firewall Manager
- Azure : Conformité • Accès conditionnels • VMs Azure
- GCP : IAM • adresses IP sortantes
- Kubernetes : Sécurisation de clusters • Erreurs de configurations
- Containers : Sécurisation
- Workloads : Sécurisation
- Outils: O365Enum
- Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'
- Podcasts : 'Cloud Security' • 'SilverLining' • 'Thousand Eyes' • Isolation par le Cloud (projet du DoD)
- Veilles : TL;DR Security #56 • The Cloud Security Reading List #59
- Marché, Acquisitions
- Acquisition : Managed Sentinel par BlueVoyant
- Divers
- Health Data Hub • Cloud industriel européen • SASE et TLS (Netskope)
3 - Agenda
- 19 au 23 octobre → Europe Cloud Summit
- 20 au 22 octobre → CSA : Cloud Security Alliance APAC Virtual Summit
- 26 au 29 octobre → AWS : AWS Cloud Security Week 2020
- 3 au 5 novembre → CSA : EMEA Summit
- 23 au 24 / 25 novembre → Formation CCSK / CCSK Plus en français
4 - Lien direct
________________________________________
________________________________________
#Veille #Watch________________________________________
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader -
[email protected] -
https://CloudSecurityAlliance.fr------------------------------