| AWS |
AWS Big Data Blog |
Accelerate your data warehouse migration to Amazon Redshift – Part 6 |
https://aws.amazon.com/blogs/big-data/part-6-accelerate-your-data-warehouse-migration-to-amazon-redshift/
|
Accelerate your data warehouse migration to Amazon Redshift Part This is the sixth in a series of posts We re excited to share dozens of new features to automate your schema conversion preserve your investment in existing scripts reports and applications accelerate query performance and potentially simplify your migrations from legacy data warehouses to Amazon Redshift Check out all the previous posts in this series … |
2022-07-28 15:57:46 |
| AWS |
AWS Compute Blog |
Using AWS Lambda to run external transactions on Db2 for IBM i |
https://aws.amazon.com/blogs/compute/using-aws-lambda-to-run-external-transactions-on-db2-for-ibm-i/
|
Using AWS Lambda to run external transactions on Db for IBM iIn this blog post you learn how to run external transactions securely on Db for IBM i databases using a combination of Amazon ECR and AWS Lambda By using Docker to package the driver forwarder and custom queries you can execute transactions from Lambda allowing modern architectures to interface directly with Db workloads Get started by cloning the GitHub repository and following the deployment instructions |
2022-07-28 15:50:35 |
| AWS |
AWS Game Tech Blog |
Introducing Community Health on AWS |
https://aws.amazon.com/blogs/gametech/introducing-community-health-on-aws/
|
Introducing Community Health on AWSAmazon Web Services AWS is proud to announce the launch of Community Health on AWS a set of solutions designed to help AWS for Games customers build and grow safe inclusive and fun online communities Initial Community Health on AWS solutions include Spectrum Guardian for Games a fully managed software as a service SaaS offering from AWS Partner … |
2022-07-28 15:25:41 |
| js |
JavaScriptタグが付けられた新着投稿 - Qiita |
チュールのうたを圧電スピーカーで音階設定して、動画BGMを作成した話。 |
https://qiita.com/NagaharaHitomi/items/8e830406f51b14a721ab
|
音階 |
2022-07-29 00:24:34 |
| js |
JavaScriptタグが付けられた新着投稿 - Qiita |
indexedDB の特性まとめ |
https://qiita.com/largetownsky/items/346e73d4e7bc707034e5
|
writer |
2022-07-29 00:04:31 |
| Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
Release Please Actionの紹介 |
https://qiita.com/masaakiaoyagi/items/40c72d51dc23ca3415a2
|
conventional |
2022-07-29 00:22:36 |
| AWS |
AWSタグが付けられた新着投稿 - Qiita |
【備忘録】EC2 ubuntu内でDockerのhttpd(Apache)コンテナを起動してアクセスしても、403 Forbiddenとなる問題 |
https://qiita.com/kumackey/items/6ee8ad390c448e81c329
|
dockerr |
2022-07-29 00:26:26 |
| Docker |
dockerタグが付けられた新着投稿 - Qiita |
【備忘録】EC2 ubuntu内でDockerのhttpd(Apache)コンテナを起動してアクセスしても、403 Forbiddenとなる問題 |
https://qiita.com/kumackey/items/6ee8ad390c448e81c329
|
dockerr |
2022-07-29 00:26:26 |
| Git |
Gitタグが付けられた新着投稿 - Qiita |
Release Please Actionの紹介 |
https://qiita.com/masaakiaoyagi/items/40c72d51dc23ca3415a2
|
conventional |
2022-07-29 00:22:36 |
| 海外TECH |
DEV Community |
DEV Developer Survey |
https://dev.to/perssondennis/dev-developer-survey-5696
|
DEV Developer SurveyHey This is a short Google Form Survey with questions about the users on DEV Results will be presented here on the forum Follow me here on DEV to get a notification when the results are published I will also announce when the results are in on Twitter Or if you are more traditional just save this post to you reading list and check back later I will mention it here To the query Feel free to share this post or react with a ️so the survey can reach out to more people |
2022-07-28 15:48:05 |
| 海外TECH |
DEV Community |
What do you want to see on the settings page of Social Media Blocks?🚀 |
https://dev.to/hr21don/what-do-you-want-to-see-on-the-settings-page-of-social-media-blocks-chf
|
What do you want to see on the settings page of Social Media Blocks The complete source code of this project can be found here on Github I m planning on finishing this extension with a settings page that has a few options for the user And in this post I would love to discuss suggestions with fellow developers that want to make a contribution to this project You don t have to know for sure but I d love to hear any thoughts Comment down below |
2022-07-28 15:16:00 |
| 海外TECH |
DEV Community |
Creative Coding with p5.JS: An inclusive javascript library |
https://dev.to/devsatasurion/creative-coding-with-p5js-an-inclusive-javascript-library-4e55
|
Creative Coding with p JS An inclusive javascript libraryAre you interested in coding but unsure where to start Or you re a seasoned developer wanting a new challenge Maybe even you re somewhere in the middle searching for the joy in development again That s me always searching for the joy My joy comes from being creative This is why I really enjoy creative coding with p JS and I think you will too Even though stereotypically developers are strictly logical I am a creative at heart I grew up drawing painting sculpting and as I grew so did technology I harnessed technology as a tool for my creativity My initial interest in computer science was born from the promise of creating with math and science As I grow as a developer and creative I ve always held on to this centering ideal with a computer my ideas are limitless Throughout undergrad at Howard University I made it a priority to participate in hackathons and side projects constantly tapping into my creative self Similarly now as a software engineer at Asurion I am still involved in side projects and pick up tasks that push me towards ideating tech designing and developing features that previously didn t exist For me p JS has been a great tool to stretch that creative muscle even further I can use p to create animations data visualization graphic designs chatbots etc What is p JS p is a FREE and open source javascript library for creative coding “Using the metaphor of a sketch p Js has a full set of drawing functionality However you re not limited to your drawing canvas You can think of your whole browser page as your sketch including HTML objects for text input video webcam and sound p JS is made of prewritten functions When a creative combines them into a program they can create some very cool visuals Quality resources makes p JS simple to useThe p community prides itself in inclusivity by believing we are all learners I recognize access to computers and therefore access to real time development is still a privilege in today s world which is why I appreciate p for trying to make using their library as simple to use as possible through their online home My favorite and most frequently used feature on p s online home is the online editor This is a super empowering tool The online editor allows creatives to code on the left side and receive immediate output on the right side You can edit run save and browse all your programs online by making an account No separate IDE or installs needed This is really valuable for making a portfolio coding anywhere anytime creativity hits and sharing out your projects My second favorite feature is the learn section p created and complied tutorials covering all the basics Whenever I need help getting started or wanting a refresher this has been a great spot to check out and recharge my skills My third favorite feature is the teach section Teachers from all over the world are invited to submit their p JS lesson plans for the larger community s benefit By sharing teaching materials this empowers p JS learners to become teachers and inspire even more learners Let s start programming in p To start programming in p JS you first need to understand some very important functions setup draw createCanvas and background setup Think of this like a whiteboard This is where you will determine your screen size background color and load any media This function is usually only used once createCanvas This is best used as the first line inside of setup This functions allows you to control the size of your drawing canvas Without using this function the canvas default size is x background This function controls your background color The default is transparent To set your background color once or only in your first frame use background in setup If you want your canvas to clear at the start of each frame use background inside of draw background can receive many different notation values ie hexadecimal or integer RGB etc draw This is where you specify what your program will draw on your whiteboard This function runs repeatedly which is great when creating animations Now you are ready to explore the world of p JS Checkout the Get Started guided coding section to try these functions out for yourself So wherever you are in your development journey just starting out further along or somewhere in the middle p JS has a promise for you to make “coding accessible and inclusive for artists designers educators beginners and anyone else Examples of cool projectsBlack Lives Matter ChatbotProject DescriptionPerspective Project DescriptionSelf LoveProject Description Additional resources for learningThe Coding Train p TutorialsCode Academy p JS Overview Familiar with processing and curious about p s improvements |
2022-07-28 15:06:41 |
| 海外TECH |
Engadget |
Mario Kart 8 Deluxe’s second set of new tracks arrives on August 4th |
https://www.engadget.com/mario-kart-8-deluxe-dlc-wave-2-waluigi-pinball-mario-kart-tour-151127230.html?src=rss
|
Mario Kart Deluxe s second set of new tracks arrives on August thNintendo has unveiled the second wave of Booster Course Pass tracks for Mario Kart Deluxe One of them is a brand new track that will be added to smartphone spin off Mario Kart Tour at a later date It s called Sky High Sundae and it s bursting with colorful oversized desserts Sky High Sundae will be part of the Propeller Cup along with another Mario Kart Tour course Sydney Sprint Snow Land from Mario Kart Super Circuit and Mario Kart Wii s Mushroom Gorge The Turnip Cup offers Mario Kart Tour track New York Minute Mario Circuit from the original Super Mario Kart on SNES Mario Kart s Kalimari Desert and fan favorite Waluigi Pinball from Mario Kart DS These tracks will hit the game on August th Nintendo announced the Booster Course Pass back in February and said it would bring courses from other titles to Mario Kart Deluxe on Switch The company released the first of six planned bundles of tracks in March The last batch should arrive by the end of The Booster Course Pass costs as a standalone DLC you ll need to own Mario Kart Deluxe as well The extra courses are also available at no extra cost to members of the Switch Online Expansion Pack subscription service |
2022-07-28 15:11:27 |
| 海外TECH |
Engadget |
Backbone made a PlayStation version of its excellent iPhone controller |
https://www.engadget.com/backbone-one-playstation-edition-announced-specs-price-availability-150054365.html?src=rss
|
Backbone made a PlayStation version of its excellent iPhone controllerIt s no secret that the Backbone One is one of the best mobile gaming controllers you can buy So it should come as no surprise then that the company is partnering with Sony to release a PlayStation version of its accessory for iPhones The new Backbone One PlayStation Edition features the same two tone white and black design as a standard DualSense controller The layout of the controller hasn t changed As before there are dedicated buttons for launching the Backbone app and capturing gameplay footage It also retains the asymmetrical stick layout of the standard model On the bottom of the device you ll find a Lightning port passthrough and a headphone jack for connecting a pair of wired headphones to your iPhone BackboneMost of the more notable changes Backbone has made for PlayStation fans come courtesy of tweaks to the Backbone companion app which will be available to all Backbone One owners A new standalone mode allows you to use the software without first connecting the controller to your iPhone Effectively that makes it easier to look for new games to try and chat with friends in between play sessions Backbone is also adding new PlayStation specific integrations including a dedicated row highlighting new releases and updates from Sony The Backbone One PlayStation Edition is available today from the Backbone website for Like the standard model it comes with a one year free trial to Backbone which in turn comes with free trials to Discord Nitro Stadia Pro and most notably Xbox Game Pass Ultimate An Android version of the controller will arrive in the fall |
2022-07-28 15:00:54 |
| 海外科学 |
NYT > Science |
A.I. Predicts the Shape of Nearly Every Protein Known to Science |
https://www.nytimes.com/2022/07/28/science/ai-deepmind-proteins.html
|
accelerate |
2022-07-28 15:35:49 |
| 海外TECH |
WIRED |
Comic-Con 2022: The Most Wildly Creative Cosplay Masks |
https://www.wired.com/gallery/comic-con-2022-the-most-creative-cosplay-masks-at-this-years-event/
|
covid |
2022-07-28 15:12:03 |
| 金融 |
◇◇ 保険デイリーニュース ◇◇(損保担当者必携!) |
保険デイリーニュース(07/29) |
http://www.yanaharu.com/ins/?p=4986
|
精神的苦痛 |
2022-07-28 15:13:03 |
| 金融 |
RSS FILE - 日本証券業協会 |
株券等貸借取引状況(週間) |
https://www.jsda.or.jp/shiryoshitsu/toukei/kabu-taiw/index.html
|
貸借 |
2022-07-28 15:30:00 |
| 金融 |
金融庁ホームページ |
政策オープンラボの取組「金融界のDiversity, Equity & Inclusion」について公表しました。 |
https://www.fsa.go.jp/common/about/kaikaku/openpolicylab/index.html#lab05
|
diversity |
2022-07-28 17:00:00 |
| 金融 |
金融庁ホームページ |
貸金業関係資料集を更新しました。 |
https://www.fsa.go.jp/status/kasikin/20220728/index.html
|
関係 |
2022-07-28 17:00:00 |
| ニュース |
@日本経済新聞 電子版 |
日米、次世代半導体の量産へ共同研究 国内に新拠点
https://t.co/qaCXAyWqAJ |
https://twitter.com/nikkei/statuses/1552675414182547457
|
共同研究 |
2022-07-28 15:20:40 |
| ニュース |
BBC News - Home |
NHS to close Tavistock child gender identity clinic |
https://www.bbc.co.uk/news/uk-62335665?at_medium=RSS&at_campaign=KARANGA
|
independent |
2022-07-28 15:34:51 |
| ニュース |
BBC News - Home |
British Gas owner Centrica and Shell see profits soar as bills rise |
https://www.bbc.co.uk/news/business-62330190?at_medium=RSS&at_campaign=KARANGA
|
energy |
2022-07-28 15:39:24 |
| ニュース |
BBC News - Home |
Leiland-James Corkill: Killer lied to social workers, report finds |
https://www.bbc.co.uk/news/uk-england-cumbria-62332463?at_medium=RSS&at_campaign=KARANGA
|
corkill |
2022-07-28 15:00:46 |
| ニュース |
BBC News - Home |
Wayne Couzens: PC 'shared rape fantasy' with Sarah Everard killer |
https://www.bbc.co.uk/news/uk-england-surrey-62337670?at_medium=RSS&at_campaign=KARANGA
|
court |
2022-07-28 15:18:22 |
| 北海道 |
北海道新聞 |
米航空業界5位の誕生か 統合破談のLCC買収 |
https://www.hokkaido-np.co.jp/article/711441/
|
格安航空会社 |
2022-07-29 00:35:00 |
| 北海道 |
北海道新聞 |
国交省4統計で大量ミス 土地調査は5万カ所訂正 |
https://www.hokkaido-np.co.jp/article/711440/
|
国土交通省 |
2022-07-29 00:31:00 |
| 北海道 |
北海道新聞 |
コロナ全件把握「見直しを」 全国知事会議開幕 |
https://www.hokkaido-np.co.jp/article/711309/
|
新型コロナウイルス |
2022-07-29 00:18:48 |
| 北海道 |
北海道新聞 |
三男に圧迫痕か、本格捜査 次男殺害容疑の母親 |
https://www.hokkaido-np.co.jp/article/711434/
|
殺害容疑 |
2022-07-29 00:17:00 |
| 北海道 |
北海道新聞 |
脱炭素へ国民の議論求める 21年度版、原子力白書決定 |
https://www.hokkaido-np.co.jp/article/711432/
|
温室効果 |
2022-07-29 00:06:00 |
| GCP |
Cloud Blog |
Cloud CISO Perspectives: July 2022 |
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-july-2022/
|
Cloud CISO Perspectives July Welcome to this month s Cloud CISO Perspectives Starting with this issue we re going to add even more top of mind content based on the hot topics we see emerge across the industry and with our customers globally Today we re focusing on the evolving relationship between an organization s boardroom and its cybersecurity practice especially in the context of digital transformation to the cloud This has been a regular dialogue of late driven in part by corporate risk processes potential regulations and ongoing drum beats to improve cybersecurity risk mitigation all while managing the enterprise s strategic competitive and defensive risks As with all Cloud CISO Perspectives the contents of this newsletter will continue to be posted to the Google Cloud blog If you re reading this on the website and you d like to receive the email version you can subscribe here Cybersecurity from the boardroomIn our conversations with Google Cloud enterprise customers both prospective and current we see three main types of relationship patterns emerge between boards of directors and their organizations related to digital transformation to the cloud In a best case scenario there is close dialogue and collaboration between the board business risk IT and security teams that leads to organizational alignment It s the result of hard work and of practices and patterns that Nick Godfrey director in the Office of the CISO at Google Cloud and I have previously documented in our research paper “Board of Directors Handbook for Cloud Risk Governance Sometimes an organization s board is more cautious than its IT and security leadership teams This is a common pattern where business leaders IT and security are fully onboard using cloud as a means to drive the modernization of their infrastructure applications and data environments They recognize the cloud is about reducing risk as opposed to being a risk to manage in and of itself However the board might not be in agreement yet so there is work to be done to educate the board listen to their concerns and demonstrate that appropriate control frameworks exist to safely manage the organization through its transformation In other instances it s the boardーnot IT or security leadersーthat calls for more urgency and more agility for an organization s digital transformation This type of situation also requires continued collaboration and education with the board and likely specific key board members to ensure alignment between business IT security risk and the board However this pattern also highlights the need for more prioritization for IT and security teams so they can put in place the right guardrails to move transformation quicker while ensuring the appropriate degree of risk mitigation Regardless of where any single organization falls within these patterns there needs to be broader engagement between boards and enterprise wide cybersecurity practices Cybersecurity leaders need to have organizational buy in and engagement to truly reduce risk and improve performance That includes management of course but also boards of directors yet the challenge remains a significant one for many organizations There are many detailed checklists of cybersecurity goals that boards should expect to see from management and many of those are good places for cybersecurity leaders to start As I ve noted on my personal blog the National Association of Corporate Directors NACD in the U S and the Institute of Directors IoD in the U K have partnered with practitioners to produce some excellent leadership in this regard There is also plenty of regular commentary from those who work closely with boards However the level of detail in all this guidance can sometimes be counter productive Board members can be beguiled into thinking that if they get what could be good answers to these questions then all shall be well In working with and sitting on boards I have found that board members actually may be best served by applying their considerable experience and judgment of strategic and corporate risk to instead ask more basic and fundamental questions While these questions ostensibly appear basic answering them would in fact challenge most management teams at most companies From my perspective there are far more tips I can offer than just the four below but they are a good place to start Overall the most important consideration is developing an effective approach for your organizationーfor completeness and alignment with your mission and culture Focus on risk Questions that can help in understanding the risks an organization faces include What are the most significant risks to our most critical assets and business services What controls mitigate those risks Who is continuously assessing whether those controls are in place and effective What residual risks remain Who deemed those risks to be acceptable and with what compensating factors or risk transference What executive management group regularly monitors the measured outcome of this process Notice that these questions never mention the words “cybersecurity or “technology By focusing on risk you re making it clear what you mean and what an organization is facing Of course it s easy to ask these questions but it can be difficult to answer them well It requires a significant amount of work to develop risk taxonomies asset and service inventories risk and continuous control monitoring and an evolving apparatus of risk governance Think beyond cyber Cybersecurity is just one of many technology and information risks and shouldn t be discussed in isolation Many of the best mitigations for cybersecurity risk are great technology platforms which offer controls such as software and service lifecycle management identity and access management data governance Zero Trust architectures and highly resilient and monitored production services Take a business perspective Contextualize all cybersecurity and technology risks in a business context that also takes into consideration the potential impact on customers This is a good place to think about how the implications of the Risk Hazard Outrage formula can affect your organization It s vital to factor in reputational risk and brand impact as well as the potential for direct losses Embed cyber in business initiatives Discussions among boards are widely varied and can cover topics as disparate as business initiatives risk and control reviews strategic discussions financial reviews and attestations among others Work with your peer executives across business lines and control functions to make sure that relevant content on cybersecurity and technology risk appears in their board content Work to educate those leaders and prepare them for questions that come from your experiences of talking to the board This creates what you really desire the shared fate to mitigate these risks across the enterprise It can be transformational if the board is asking everyone they encounter about how cybersecurity is managed in that activity or business process as opposed to only asking the CISO Working with your board to manage cybersecurity risk is about more than getting the right presentation materials and metrics Rather it is about having a broader enterprise wide risk management and business view that contextualizes cybersecurity risk and enables organizations to better establish risk tolerances The cybersecurity challenges facing boardrooms are non trivial but working through them can lead to healthier relationships between boards and their organizations and a healthier organization overall To further your understanding of these critical issues we have published guidebooks for CISO s Guide to Cloud Security Transformation and Risk Governance of Digital Transformation in the Cloud Along with the research we published in our aforementioned cybersecurity in the boardroom guide these serve as a family of guides that can help sustain agility and speed in digital transformation while also managing risk and ensuring appropriate governance Google Cybersecurity Action Team highlightsHere are the latest updates products services and resources from our security teams this month SecurityHow to think about threat detection in the cloud As organizations transition from on premises to hybrid cloud or pure cloud how they think about threat detection must evolve as wellーespecially when confronting threats across many cloud environments Here we proposed a new foundational framework to better secure digital transformations Read more Why shifting security left helps your bottom line The concept of shifting left has been widely promoted in the software development lifecycle By reducing software related security defects and identifying potential misconfigurations earlier “to the left in the development cycle we can reduce post production defects Here s how How Google is preparing for a post quantum world Following NIST s announcement in July that the third round of the Post Quantum Cryptography standardization process has been completed and a submission with Google s involvement was selected for standardization we highlight the four areas that Google s PQC work has been focusing on Learn more Mind your metrics to achieve better Autonomic Security Operations Security Operations Centers can learn a lot from what IT operations discovered during the Site Reliability Engineering revolution How those lessons apply to SOCs and are related to Service Level Objectives is an important step in keeping SOCs ahead of threats Read more How and why empathy plays a critical role in security operations Within SecOps challenges often boil down to alert fatigue skills shortages and lack of visibility But another hurdle is just as important ensuring the extension of humility and compassionーto users customers third parties colleagues and even adversaries Fortunately this struggle can be met without the need for technology and result in more productivity effective relationships diverse thinking and more resilient security postures Read more Apigee Advanced API Security comes to Google Cloud To help customers more easily address their growing API security needs we have introduced Advanced API Security in Preview a comprehensive set of API security capabilities built on Apigee our API management platform Here s a closer look at the two key functionalities included in this launch identifying API misconfigurations and detecting bots Read more How Google Cloud SecOps can help untangle key MSSP conundrums Security teams at organizations driven to the cloud during the Covid pandemic face many key challenges such as an overload of alerts the need for more detection tools and security skill shortages Here s common problems and how to solve them Overcoming familiar SecOps challenges SecOps can be professionally rewardingーand professionally exhausting To keep turnover down it can be helpful to think about old SecOps challenges that never seem to budge in new ways Here s better strategies for SecOps burdens Industry updatesBuilding a resilient healthcare ecosystem with Health ISAC Last August Google announced its commitment to invest at least billion over the next years to advance cybersecurity As part of this initiative Google Cloud is the first major cloud provider to partner with the Health Information Sharing and Analysis Center Health ISAC to bring experts and resources including our Threat Horizon Report and Google Cybersecurity Action Team to partner with the healthcare community and its leadership Read more Google supports CSRB call for open source security improvements The results of the first report from the U S Cyber Safety Review Board on the logj software library vulnerabilities are in and Google welcomed the opportunity to participate in the development of the CSRB report Here s our approach to address the logj report s recommendations Read more Compliance amp ControlsGoogle Workspace earns DOD IL authorization Google Workspace has achieved the U S Department of Defense s Impact Level IL authorization an important milestone in our ongoing commitment to serving the needs of federal state local and education entities through our recently launched Google subsidiary Google Public Sector Read more Using Cloud Bigtable with IAM conditions and tags Exposing data securely is one of the core functions of Cloud Bigtable our low latency high throughput NoSQL database Here s how IT and security teams can configure access control options for Bigtable resources Read more What GKE users need to know about Kubernetes new service account tokens When you deploy an application on Kubernetes it runs as a service accountーa system user understood by the Kubernetes control plane Kubernetes service account tokens are the keys to the kingdom and can help configure Kubernetes clusters securely Here s how it works Tips for security teams to shareWe also published in July a series of four helpful guides on Google Cloud s security architecture These explainers by our lead developer advocate Priyanka Vergadia are ready made to share with IT colleagues and come with colorful illustrations that break down how our security works Network and Application Security This primer details how we structure network and application security Data Security This guide focuses on data security architectures at Google Cloud and how you can use them to better secure your organization Security Monitoring Moving to the cloud comes with the fundamental question of how to effectively manage security and risk posture This Security Command Center guide shows how our native security and risk management platform can help you to do just that Cloud Data Loss Prevention Cloud Data Loss Prevention is a fully managed service designed to discover classify and protect your sensitive data where it resides from databases text based content or even images Here s how Google Cloud DLP works Cloud Identity and Access Management This guide details how organizations can use Identity and Access Management to define what resources their human users and service accounts can access Here s a closer look at Cloud IAM Customer InnovationHow Ocado Technology delivers secure online grocery shopping with Google Cloud Grocery shopping has changed for good in part thanks to the Ocado Smart Platform which powers the online operations of some of the world s most forward thinking grocery retailers To proactively identify and tackle security vulnerabilities Ocado uses Google Cloud s Security Command Center Premium to centralize its vulnerability and threat reporting Read more How Nordic Choice Hotels used ChromeOS Flex to recover from ransomware Kari Anna Fiskvik VP of Technology at Nordic Choice Hotels explains how her team used ChromeOS Flex to bounce back from a ransomware attack so devastating it even disabled digital room key cards Read more How Exabeam delivers a petabyte scale cybersecurity solution SIEM and XDR company Exabeam partnered with Google Cloud so it could use BigQuery Dataflow Looker Spanner and Bigtable to better ingest data from more than security vendors convert unstructured data into security events and create a common platform to store them in a cost effective way Here s why Google Cloud Security PodcastsWe launched in February a new podcast focusing on Cloud Security If you haven t checked it out we publish four or five podcasts a month where hosts Anton Chuvakin and Timothy Peacock chat with cybersecurity experts about the most important and challenging topics facing the industry today This month they discussed How Google scales detection and response with our own Tim Nguyen director of detection and response Listen here How to evolve your SOC to output driven detection and response with Erik Bloch senior director of detection and response at Sprinklr Listen here The role that investment plays in improving cloud security with James Luo partner at CapitalG Listen here Powering secure SaaS but not with cloud access security brokers with Ben Johnson the CTO and co founder of Obsidian Security Listen here To have our Cloud CISO Perspectives post delivered every month to your inbox sign up for our newsletter We ll be back next month with more security related updates Related ArticleCloud CISO Perspectives June Google Cloud CISO Phil Venables shares his thoughts on the RSA Conference and the latest security updates from the Google Cybersecurity A Read Article |
2022-07-28 16:00:00 |
| GCP |
Cloud Blog |
Introducing password policies for Cloud SQL for PostgreSQL and MySQL local users |
https://cloud.google.com/blog/products/identity-security/introducing-password-policies-for-cloud-sql-for-postgresql-and-mysql-local-users/
|
Introducing password policies for Cloud SQL for PostgreSQL and MySQL local usersPreventing data breaches is an important priority when creating and managing database environments Ensuring user and application passwords meet high security standards is crucial for reducing risk and helping to achieve compliance with best practices and regulatory standards To address these concerns we are thrilled to announce the general availability of Local Users Password Validation feature for Cloud SQL for PostgreSQL and MySQL It allows you to set up password rules for your local database users and can help better secure your databases This feature is complementary to the existing Identity and Access Management IAM integration Password validation for PostgreSQLPassword Validation settings on Instance level are now available for Cloud SQL for PostgreSQL At the instance level you can set rules to be applied to all local users including the default postgres admin These configurations include Password complexityMinimum number of characters required in a passwordNumber of times before a password can be reusedProhibiting the use of a username in the passwordSetting a minimum number of days after which the password can be changedHere s the new console user interface for the Instance Level Policy for PostgreSQL Password validation for MySQLPassword Validation for MySQL supports the existing password validation plugins capabilities and includes improvements to simplify your experience We are introducing two levels of password settings in Cloud SQL for MySQL Instance level password policy and User level password policy At the instance level you can set rules to be applied to all local users including the default root user These include Password complexityMinimum number of characters required in a passwordNumber of times before a password can be reusedProhibiting the use of a username in the passwordHere s the new console user interface for the Instance Level Policy for MySQL At the user level you can set rules for a specific user These rules include Password expirationMaximum number of allowed failed login attemptsPassword verification to require any password change to specify the current passwordDual password useGeneration of a random passwordHere s the new user interface for the User Level Policy for MySQL Using local user password validation with IAMTo understand how local user password validation works together with Cloud Identity and Access Management IAM let s start by defining each of these authentication methods Cloud SQL integration with IAM enables Cloud SQL for PostgreSQL and MySQL end users and service accounts to connect to Cloud SQL instances using their IAM credentials Once set up users authenticate to the database by logging in to IAM Behind the scenes the service requests an authentication token from the IAM service and presents the token to the instance Local database users are created and managed locally within the database enabling any person or application to access a database for data read write or update purposes Database users own the objects they create in a database such as tables procedures and storage locations There are different types of users and levels of privileges that can be granted to each user Local database users and IAM users are complementary and you can choose to use these authentication methods together or separately depending on your authentication strategy We recommend using the centralized approach with IAM for Cloud SQL to help you better manage login access for users and service accounts to your databases That said there are use cases where managing local database users is still required such as supporting legacy systems It is important to mention that the password validation rules we are introducing today for local database users don t apply to IAM users The IAM service has its own password policy settings Local User Password Validation is now available to keep your Cloud SQL for PostgreSQL and MySQL instances even more secure and meet your compliance requirements Learn more by reading Cloud SQL built in database authentication and get started by creating a new instance with a password policy Related ArticleMonitoring Cloud SQL with SQL Server database auditingCloud SQL now supports database auditing for SQL Server allowing customers to closely monitor and track changes to their databases Read Article |
2022-07-28 16:00:00 |
| GCP |
Cloud Blog |
5 ways a SOAR solution improves SOC analyst onboarding |
https://cloud.google.com/blog/products/identity-security/5-ways-a-soar-solution-improves-soc-analyst-onboarding/
|
ways a SOAR solution improves SOC analyst onboardingEditor s note This blog was originally published by Siemplify on Feb The number of unfilled cybersecurity jobs stretches into the millions and a critical part of the problem is the length of time it takes to backfill a position Industry group ISACA has found that the average cybersecurity position lies vacant for up to six months Some positions like security analyst are difficult to find suitable candidates for thanks to workplace challenges such as lack of management support and burnout As the old phrase goes time is money So when organizations are fortunate enough to fill a position with the appropriate talent they want to be able to make up for lost time as quickly as possible This is especially true for roles in the security operations center a setting notorious for needing staff to field never ending alerts generated by an often disparate collection of security tools Training new analysts can be a daunting task They need time to get acquainted with the SOC s technology stack and processes Without documentation they often ask senior analysts for guidance This can create distractions and consume time A reliance on community knowledgeーundocumented not widely known information within an organizationーcreates inconsistency within the SOC that contributes to longer ramp up times for new analysts Undocumented processes combined with security tools that don t talk to each other typically mean a SOC will need to spend nearly hoursーthe equivalent of weeksーgetting a single new analyst up to speed Enter automation Throughout an analyst s career in the SOC a security orchestration automation and response SOAR solution can be their best friend helping expedite routine tasks and liberating them to perform more exciting work But the technology can also allow even the most junior analysts to have an auspicious onboarding experienceーhitting the ground running on day one acclimated to their new environment and feeling comfortable about and confident in their future Here are five ways a SOAR solution can among many other activities aid in analyst onboarding The SOAR solution deploys automated playbooksThe average SOC receives large numbers of alerts per day and many will be false positives That amounts to a lot of dead ends for analysts to chase and leaves little time to investigate legitimate anomalous network activity The sheer volume of alerts has even prompted some analysts to turn off high alert features on detection tools potentially causing teams to miss something important SOAR helps analysts hurdle these roadblocks by allowing teams to create custom automated playbooks workflows that equalize resources and knowledge across the SOC and help maintain consistency in the face of new hires and staff turnover And if analysts should need to create or edit any of the steps in these playbooks the optimal SOAR solution will enable them to do this without knowledge of specific coding or query languages acumen that a novice analyst may lack The SOAR solution groups related alertsAs multiple alerts from different security tools are generated some SOAR solutions allow you to automatically consolidate and group these alerts into one cohesive interface This is what is known as taking a threat centric approach to investigations with the SOAR looking for contextual relationships in the alerts and if identified grouping these alerts into a single case Having the ability to work more manageable and focused cases right off the bat will help ensure a smoother transition for new analysts The SOAR solution pieces together the security stack From next generation firewalls to SIEM to endpoint detection and response the security stack in any given organization can be vast and complex No incoming analyst has reasonable time to familiarize themselves with every tool living within the stackーor to manually tap into these different tools to obtain the appropriate context to apply to alerts A SOAR solution alleviates this challenge by delivering context rich data that can be analyzed in one central platform eliminating the need for multiple consoles for alert triage investigation and remediation Plus with a SOAR solution there is no need for the SOC to directly touch a detection tool that another group may manage The SOAR solution streamlines collaboration to enable easy escalation and information sharingOften the SOC is not capable of responding to every threat meaning other departments such as networking critical ops or change management need to be involved In addition executive personnel are likely interested in security trends happening within the organization Because not every group communicates in the same wayーor consumes information in the same wayーbreakdowns can occur and frustrations can mount especially for a new analyst A SOAR solution can even the playing field by automatically generating instructions updates or reports from the SOC to other teams and vice versa SOAR is also a useful solution for collaborating within the SOC team as well especially in the age of remote and hybrid work The SOAR solution prevents analysts from quickly burning out There is a reason why the SOC has obtained the dubious acronym of “sleeping on chair Life in this environment can be a tedious mental grind prompting certain inhabitants to literally fall asleep from boredom SOAR solutions can counter this tedium in two notable ways They can prevent analysts from having to stare at a multitude of monitors while working long shifts They can also free analysts to work on more strategic and thought provoking assignments which can help improve the company s overall security postureーand ensure a new entrant to the SOC doesn t lose steam immediately To learn more about SOAR from Siemplify now part of Google Cloud SecOps suite including how to download the free community edition visit siemplify co GetStarted |
2022-07-28 16:00:00 |
コメント
コメントを投稿