Tag: Multi-cloud
-
Google Cloud Privileged Access Management
Today’s vast array of identities whether they are human-centric identities or machine-identities have a large amount of permissions tied to them, given the attack surface of cloud identities can be tied to resources that are also mapped to other services this can be a sticky situation. Most hyperscalers have best practices documented on Identity and…
-
Adversarial Simulation in Azure AI Studio
Large Language Models present a powerful enabler for various use-cases for most enterprises but without some form of due diligence and testing can spew some unintended responses. Content safety is a preventative mechanism that is used for Azure AI Studio and can also be tested with the Prompt-flow SDK. In this blog post I’ve going…
-
Vertex AI Agents
Google Cloud Platform’s Vertex AI offers a comprehensive suite of tools designed to simplify the process of building, deploying, and scaling machine learning models. One of the standout features of Vertex AI is its support for Agents, which are frameworks that enable seamless integration and automation within AI workflows. In this blog post, we’ll delve…
-
AWS Config
Cloud operations with the control plane leverage a large amount of API’s and permissions behind the scenes abstracted from the end users. To continuously address these changes and states in your environment natively you can use AWS Config. Visually the set up for this in a simple configuration is shown below to illustrate the service…
-
API Server VNET Integration
Connectivity in AKS If you’re running AKS in production you’ll likely encounter the private link scope and integration of leverage private DNS zones for putting the API server behind private IP’s rather than accessible on port 6443 or you should be doing this. But what about other options? Perhaps you’re spinning up a dev/test cluster…
-
Retina by Microsoft OSS
KubeCon 2024 in Europe has recently wrapped up this past week with some major announcements from various vendors one that stood out to me is the use of Retina. Microsoft released a open-source cloud-agnostic Kubernetes Network Observability platform this can provide a path to customizable telemetry. This telemetry has multiple options on where you’d like…
-
AKS Isitio Bring Your Own Certificate
Azure Kubernetes Service added the Istio-add-on to provide native function to the user without having to install an additional helm chart while this is managed by Microsoft a request for some of the areas from customers encompass areas that have more control over data protections. Natively the use of self-signed root certificates are generated and…
-
Azure ML on AKS with Trusted Access
Trusted Access which is in preview provides secure access to the Kubernetes API Server while granting services that are needed for operations without requiring a traditional (private-endpoint). This feature uses the system0assigned managed identity as a authentication mechanism as intermediary to access your AKS clusters. As always in any feature that is rolled out prior…
-
Navigating Federal Information Processing Standards in Azure Kubernetes Service
Organizations that operate in highly sensitive data domains have to often validate the use of FIPS(Federal Information Processing Standards) Level 2 compliant concerns throughout adoption of multiple technologies. This blog is intended to show the use of Azure Kubernetes Service FIPS Enablement along with the brief understanding of FIPS and uses. FIPS Levels are represented…
-
Lula Compliance Validator
Project Lula is a tool written in Go by Defense Unicorns a organization that works in the cloud native space supporting the public sector that is to assist with auditing configuration to provide context if a expected input is not compliant at the command line you aware of it. Along with the findings will details…