Snyk recently hosted a half-day virtual event focused on security for application workloads running on AWS (you can catch it on demand here). The event was broken into six sessions spanning topics like developer challenges in cloud-native AppDev, top vulnerabilities from last year, hands-on workshops with industry-leading technology vendors, and several other subjects that help enable engineering and security teams to build a successful DevSecOps workflow.

Human error behind misconfigurations, a host of insecure remote access issues, exposed business credentials with reused passwords and unpatched vulnerabilities have all contributed to a significant increase in cloud security incidents. Many organizations don’t foresee the challenges of what it will take to protect their data and operations after a move to the cloud.

Cloudflare has achieved a new EU Cloud Code of Conduct privacy validation, demonstrating GDPR compliance to strengthen trust in cloud services.

Last month, Lead Partner Solutions Architect, David Schott, presented a demo on how Snyk works alongside Amazon Web Services (AWS) to identify vulnerabilities at every level of development and infrastructure. David covered why agile development in the cloud requires a different security approach than simply using the IT security methods of the past. Then, he showed a real-time example of how Snyk’s AWS cloud security tools can find and mitigate common vulnerabilities.

A joint advisory on LockBit 3.0 ransomware, CISA’s latest tool which detects hacking activity in Microsoft cloud services, and ScarCruft’s evolving arsenal.

The recent SCARLETEEL incident highlights the importance of detecting security threats early in the development cycle. With Terraform state files, attackers can easily access sensitive information and gain unauthorized access to your cloud infrastructure. In this case, the attackers exploited a containerized workload and used it to perform privilege escalation into an AWS account, stealing software and credentials.

It’s no exaggeration to say that APIs are the backbone of the modern digital economy. API usage has seen staggering exponential growth over the last two decades with sources like Postman's 2022 State of the API Report illustrating just how embedded APIs are into our modern world. In 2022, the Postman API platform saw 20 million users and over 1 billion API requests created.

The SANS Cloud-Native Application Protection Platforms (CNAPPs) Buyers Guide gives companies a deep dive into what to look for in a CNAPP solution. As organizations continue to shift towards integrated platform-based solutions for their cloud security needs, it becomes critical to evaluate whether a CNAPP solution meets all the requirements across use cases like posture management, permissions management, vulnerability management, and threat detection and response.