< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4606 articles · page 11 of 231

Google expands privacy controls for Search and Play

🔒 Google announced new privacy controls that separate saved history and personalization for Search services and Google Play, rolling out in users' Google Accounts in the coming days. The update creates distinct Search Services History and Personalized Recommendations settings, and similarly splits Play History and Personalization in Play. If Web & App Activity is on, the new Search Services History and its Save Media subsetting will be enabled after transition, but users can disable or delete saved media later.
read more →

Restrict AWS Console Access Using Sign-In Policies

🔒 This post explains how AWS Sign-In now supports resource-based policies and resource control policies (RCPs) to restrict AWS Management Console and AWS CLI sign-in to expected networks such as corporate IP ranges, on-premises data center networks, and Amazon VPCs. It walks through a financial services use case that enforces console sign-in from a corporate network, shows how to create and enable a sign-in resource permission statement, and describes verification via AWS CloudTrail. The article also contrasts single-account resource-based policies with organization-wide RCPs and explains integration with AWS Management Console Private Access and the broader data perimeter framework.
read more →

EC2 AMI Watermarks for Provenance and Governance

🔒 Amazon EC2 now supports AMI watermarks that embed custom identifiers into private AMIs and persist through copies and derived AMIs. Watermarks include metadata such as AMI ID, owner ID, region, and timestamps to support provenance and tracking. You can apply watermarks via the AWS Management Console, AWS CLI, SDKs, or EC2 Image Builder. Watermarks integrate with Allowed AMIs and Declarative Policies to enforce AMI usage across organizations.
read more →

Amazon EMR Serverless enables live config updates

🔧 Amazon EMR Serverless now permits live updates to key application configurations, such as maximum capacity and custom image settings, without stopping or restarting the application. New workloads submitted after a configuration change automatically use the updated settings while existing jobs continue under their original configuration. This removes the previous need to coordinate maintenance windows and restart applications when adjusting scaling boundaries or deploying updated custom images.
read more →

AWS releases IoT Device SDK for Swift across platforms

🔒 The AWS IoT Device SDK for Swift is now generally available, enabling Swift developers to build secure, scalable IoT applications natively on Apple platforms (macOS, iOS, tvOS) and Linux. The SDK fills a prior gap in native Swift support for AWS IoT services and provides production-ready APIs for teams managing device fleets and cross-platform Apple ecosystem solutions. It integrates service clients for AWS IoT Device Shadow, Jobs, and Fleet Provisioning and includes built-in TLS 1.3 support on Apple platforms. Install via Swift Package Manager and consult the documentation and GitHub samples to get started.
read more →

CNAPP evolution: Microsoft aligns with cloud risk platforms

🔍 Cloud security is shifting from mere visibility to context-aware risk reduction across multicloud, Kubernetes, APIs, and AI workloads. The Frost & Sullivan 2026 Frost Radar positions CNAPP as an operational cloud risk platform that correlates posture, workload, identity, data, and runtime signals. Microsoft Defender for Cloud is highlighted among leading vendors for connecting findings into prioritized, actionable attack paths and enabling continuous risk validation across the application lifecycle.
read more →

Google Cloud adds cross-region backups for DR

🔒 Google Cloud announces general availability of cross-region backups for its Backup and DR Service. This release decouples backup destinations from source regions, enabling backups to be stored in distinct geographic regions to improve resilience and meet data residency requirements. The capability is available now for Compute Engine instances, Disks, and Filestore, with Cloud SQL and AlloyDB support coming soon.
read more →

Route 53 Global Resolver adds DNS view sharing

🔒 Amazon Route 53 Global Resolver now allows sharing DNS views across AWS accounts via AWS Resource Access Manager (AWS RAM). Consumer accounts can associate their private hosted zones with a shared DNS view to make records resolvable through the owner's global resolver in all Regions where it runs, while retaining hosted zone ownership. Access is controlled with predefined AWS RAM permissions—association-only, lifecycle management, or full access—or with custom permissions. This feature is available at no additional cost in supported Regions.
read more →

Amazon Neptune adds CloudFormation for global DBs

📣 Amazon Neptune now supports AWS CloudFormation for provisioning and managing Neptune global databases using the new AWS::Neptune::GlobalCluster resource type. You can define multi-region graph database topology as code, automate deployments, store configurations in source control, and integrate with CI/CD pipelines. Neptune global databases offer a single read-write primary and up to five read-only secondaries across Regions for low-latency reads, disaster recovery, and data residency. This capability is available in all Regions where Neptune global databases are supported.
read more →

Amazon CloudWatch adds tagging for dashboards

🔖 Amazon CloudWatch now supports tagging for dashboards, enabling organizations to organize, categorize, and control access using key-value tags. The PutDashboard API accepts an optional Tags parameter for up to 50 tags on new dashboards, while TagResource, UntagResource, and ListTagsForResource now support dashboard ARNs to manage tags on existing dashboards. Dashboard tags can also be handled through AWS CloudFormation, and tags can be used to scope IAM permissions, group dashboards by team or project, and filter dashboards in AWS Resource Explorer. This capability is available at no additional cost in all Regions where CloudWatch is offered.
read more →

AI-SPM Buyers Guide: Comparing AI Security Tools

🔒 This article examines the rising need for AI security posture management (AI-SPM) as enterprises adopt AI across workflows. It outlines how AI maturity stages — from AI-assisted to AI-native — change security requirements and why agents and model services expand the attack surface. The piece surveys vendor approaches, key features, and integrations, and provides guidance for selecting AI-SPM solutions to avoid coverage gaps.
read more →

Cloudflare Opens Self‑Managed OAuth to All Customers

🔐 Cloudflare announced self-managed OAuth, allowing any customer to create and manage OAuth clients for delegated access to the Cloudflare API. The company upgraded its underlying OAuth engine (Hydra) through staged 1.X and 2.X migrations, implemented blue‑green cutovers, and used queues to preserve revocations during the transition. Post‑upgrade improvements reduced latency and resource usage and enabled broader, safer integration patterns for developers.
read more →

AWS launches EC2 U7in-24TB in Seoul region

🚀 Amazon EC2 High Memory U7in-24TB instances (u7in-24tb.224xlarge) are now available in the AWS Asia Pacific (Seoul) region. These 7th-generation U7i instances use custom Intel Sapphire Rapids CPUs and provide 24 TiB of DDR5 memory, 896 vCPUs, up to 200 Gbps network, and 100 Gbps EBS bandwidth to accelerate in-memory workloads. U7i offers up to 45% better price performance over prior U-1 instances and is suited for mission-critical databases like SAP HANA, Oracle, and SQL Server.
read more →

Amazon CloudWatch adds managed syslog ingestion

📥 Amazon CloudWatch Logs now offers managed syslog ingestion, allowing firewalls, routers, switches, and Linux servers to send syslog messages directly to CloudWatch without agents. It accepts TCP, TCP+TLS, and UDP to a VPC endpoint and supports RFC 5424, RFC 3164, and Cisco FTD/ASA formats. CloudWatch automatically parses messages to extract fields like facility, severity, hostname, and application, enabling immediate querying via Logs Analytics. The feature is available in all commercial AWS Regions except UAE, Bahrain, and Israel.
read more →

AI-powered investigations preview for Amazon GuardDuty

🛡️ AWS previewed AI-powered investigations in Amazon GuardDuty to automate analysis of findings and reduce manual investigation time. The capability uses knowledge graphs and threat intelligence to examine 90 days of related activity, affected resources, and indicators, delivering disposition assessments with confidence scores, MITRE ATT&CK classifications, evidence, and remediation recommendations. Available in preview in 10 regions and accessible via the GuardDuty console, CLI, API, or AWS' MCP Server.
read more →

AWS SageMaker Notebook Instances Add G6e GPUs

🚀 Amazon EC2 G6e instances are now generally available for SageMaker notebook instances, offering up to 8 NVIDIA L40s GPUs and third-generation AMD EPYC processors. G6e delivers up to 2.5x better performance versus G5 and supports interactive model testing and training, including generative AI fine-tuning and LLMs up to 13B parameters. G6e is available in multiple US, Europe, Asia-Pacific and Middle East regions.
read more →

ElastiCache Adds Valkey 9.1 for Node-Based Clusters

🚀 Amazon ElastiCache now supports Valkey 9.1 for node-based clusters, delivering higher throughput, improved memory efficiency, and stronger access control for multi-tenant workloads. The release includes a redesigned I/O threading model that boosts throughput up to 17%, reduces memory for small strings by up to 20%, and introduces database-level ACLs to scope user permissions. New commands such as HGETDEL, MSETEX, and CLUSTERSCAN simplify common application patterns, and additional main-thread and I/O-thread metrics improve operational visibility.
read more →

Amazon Bedrock AgentCore Memory adds cross-account access

🔒 Amazon Bedrock AgentCore Memory now supports cross-account access, enabling multi-account architectures where memory resources and consuming agents span AWS accounts. Administrators can attach resource-based policies to memory resources to grant principals in other accounts permission to call memory data plane APIs by referencing the full memory ARN. Cross-account delivery destinations let memory resources stream payloads and events to Amazon S3, Amazon SNS, and Amazon Kinesis Data Streams in separate accounts. This capability is available in all Regions where AgentCore Memory is supported.
read more →

HealthOmics adds ephemeral scratch storage for workflows

🧬 AWS HealthOmics now provides ephemeral local scratch volumes for individual workflow tasks, mounted at /tmp, to improve performance for bioinformatics workloads such as sequence alignment, BAM sorting, and variant calling. Each task gets 16 GiB by default at no extra charge, with configurable sizes up to 3,072 GiB via WDL, Nextflow, or CWL directives and enabled at runtime using the StartRun API. Volumes are encrypted and deleted on task termination, and the feature is available in all Regions where HealthOmics operates. HealthOmics is HIPAA-eligible and designed to accelerate managed bioinformatics workflows for healthcare and life sciences customers.
read more →

Amazon Cognito adds customer managed KMS keys

🔐 Amazon Cognito now supports customer managed keys in AWS Key Management Service (KMS) to encrypt user pool data at rest. While AWS-owned keys remain the default, customer managed keys let organizations control key lifecycle and access policies to meet governance requirements. You can set a key when creating a new user pool or update an existing one, and audit key usage via AWS CloudTrail. Available in Essentials and Plus tiers with standard AWS KMS charges.
read more →