Imagine you've just deployed a working Teleport cluster and you're making changes to the Role Based Access Controls (RBAC) roles, fine-tuning all of your resource permissions, and making sure every role is following the principle of least privilege. You go for a week-long vacation, do some fishing and completely relax. Getting back you find that the DevOps intern you just hired made a bunch of changes to the roles screwing everything up.

Infrastructure as code (IaC) has changed how we deploy and manage our cloud infrastructure. Instead of having to manually configure servers and networks with a large operations team, we can now define our service architecture through code. IaC allows us to automate infrastructure deployment, scale our entire fleet of servers, document a history of changes to our architecture, and test incremental changes to the network.

It’s never been a more important time for developers to have a security mindset. Software developers are increasingly relying on open source components in their products. While this makes their jobs somewhat easier, open source is prone to vulnerabilities. It’s no secret that developers often find it challenging to prioritize cybersecurity, using the rationale that it should fall under the purview of security teams.

Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.

Today, an intricate web of tools, programs, and individuals collaborates to bring applications to life. This interconnected network, the software supply chain, encompasses the various entities and processes that shape the software development lifecycle (SDLC), including developers, dependencies, network interfaces, and DevOps practices. Given the diverse nature of these components, ensuring the security of each element becomes paramount.

Velero is an open-source backup and recovery tool designed specifically for Kubernetes clusters. It provides a straightforward way to protect your Kubernetes resources, including persistent volumes, namespaces, and custom resources, by taking backups and restoring them in case of data loss or disaster recovery scenarios. In this blog you will learn the different use cases for Velero and the two ways to install Velero, using the Velero CLI and using a Helm chart.

Software and applications make the world go round. This naturally makes them a top attack target for threat actors, and highlights the importance of robust software supply chain compliance. But how do companies build and implement a compliance strategy that solves the challenges of modern application security? Let’s take a look.

Gartner expert analysts use the following guidelines and approach to identify and research Cool Vendors. A vendor must be considered innovative, impactful, or intriguing in either the products or the IT services sectors. Cool Vendors are not limited to technology coolness. However — coolness may also include services or unique business models.

MOVEit CVE-2023-34362 is a Critical SQL Injection vulnerability rated 9.8. It affects all versions of Progress Software’s managed file transfer (MFT) solution, MOVEit Transfer. This vulnerability has the potential to grant unauthorized access. For in-depth information about the vulnerability, including mitigation measures, incident response, and the attack surface, refer to our previous blog post published on June 6th.