All news in category “Vendor and Hyperscaler Watch”

🔒Security Hub Extended expands AWS Security Hub to include curated partner solutions in a single, unified console. Customers can discover, evaluate, and deploy vendor products with one click and pay-as-you-go pricing on their AWS bill, avoiding lengthy procurement and multi-year commitments. Integrated onboarding, OCSF-normalized findings, and AWS-native correlation surface combined attack paths and risk scoring. The offering launched in February 2026 with an expanding partner ecosystem.

🧩 ExtendDB v0.1 implements the DynamoDB API with pluggable storage backends, enabling developers to run DynamoDB-shaped workloads outside AWS-managed service. The reference backend uses PostgreSQL, and the architecture supports community-contributed adapters. Maintained by AWS under the Apache 2.0 license, ExtendDB targets local development, CI testing, on‑premises deployments, and disconnected edge sites. The project is open on GitHub for contributions.

🚀Urban Outfitters, Inc. (URBN) recently migrated its IBM Sterling OMS from an 11TB Oracle backend to Google Cloud’s AlloyDB for PostgreSQL to reduce TCO and improve scalability and performance. The migration was executed through close collaboration among URBN, IBM, and Google Cloud, with embedded engineering teams driving planning, testing, and tuning. Outcomes included optimized storage and compute, two read replicas for higher availability, significant performance improvements, and a shift toward open standards to future-proof operations.

🚀 Google AI Edge Portal now enables developers to benchmark and debug on-device LLMs across a physical lab of over 120 representative Android devices. It profiles initialization time, prefill and decode speeds, and peak memory usage across CPU, GPU, and NPU backends to surface real user-impacting metrics. The integrated Model Explorer visualizes model graphs, tensor shapes, and traces to speed root-cause analysis and collaboration.

🔧 This third post in the Azure IaaS series argues that cloud performance must be managed as a coordinated system across compute, storage, and networking rather than as isolated resource choices. It highlights platform features like Azure Boost, Ultra Disk, and Premium SSD v2 that offload processing, tune I/O, and decouple capacity from throughput. The article examines requirements for AI, cloud-native, and business-critical workloads and explains how Azure services such as AKS, Azure Container Storage, ExpressRoute, and advanced networking (eBPF/Cilium, Accelerated Networking) combine to deliver consistent, scalable, and recoverable performance.

🔧 Google today introduced Agent Executor, an open-source runtime standard for durable, resumable, and distributed agent execution. It offers event logging and snapshotting to enable durable execution, secure sandbox isolation to limit harm, and a single-writer architecture to maintain session consistency. Agent Executor also supports connection recovery so clients can reconnect to long-running workflows. The project is available in preview and pairs with Agent Substrate to improve Kubernetes-scale agent scheduling.

🎮 In this Deputy CISO post, Aaron Zollman, Vice President and Deputy CISO for Gaming at Microsoft, outlines the distinct security demands of a global, diverse gaming ecosystem. He describes gaming as a “culture of cultures,” spanning platforms, independent studios, and shared studio central teams, each carrying unique risks from account takeover and IP theft to supply chain and regulatory challenges. Zollman stresses partnership over prescription—balancing enterprise-grade controls with low-latency player experiences and studio autonomy. The piece calls for layered defenses, identity governance, anomaly detection, and tailored baselines to protect billions of interactions while enabling creativity.

🚀 Google Cloud announced general availability of GKE Agent Sandbox and introduced the open-source Agent Substrate. Agent Sandbox is a cloud-native execution environment designed for AI agents, offering pod snapshots to suspend idle workloads, an integrated warm pool for sub-second provisioning, gVisor and pluggable kernel isolation, and standby suspended VMs to reduce warm-pool cost. Agent Substrate aims to provide a minimal control plane and scheduler optimizations to support ultra-dense, low-latency agent workloads at scale.

🔒 Amazon Elastic Container Service (ECS) now supports mounting Amazon Elastic Block Store (EBS) volumes to containers in AWS GovCloud Regions. This lets you deploy storage- and data-intensive workloads such as ETL, media transcoding, and ML inference using serverless containers. With EBS task attachment ECS can provision, manage, format or use snapshots automatically. Support is available for EC2, Fargate, and Managed Instances launch types.

🔧 AWS announced that AWS Transform now includes a modernization engine and broad file-format support to streamline network migrations. The engine analyzes and optimizes constructs across naming, sizing, security, and structure while surfacing conflicts with existing VPCs in target accounts, replacing days of manual review with instant guidance. Customers can upload network configuration files in any format for translation into AWS-compatible networks, review and edit mapped VPCs or subnets, and retain control before provisioning.

🚀 AWS announces general availability of a new AWS Local Zone in Istanbul, Türkiye, bringing compute, storage, networking, and select services closer to end users. The Local Zone supports Amazon EC2 (C7i, M7i, R7i), Amazon S3 One Zone-Infrequent Access, Amazon EBS (local snapshots and gp3/gp2/io1/sc1/st1), Amazon ECS, Amazon EKS, VPC, AWS Direct Connect, and Application Load Balancer. To enable, turn on the zone (eu-central-1-ist-1a) in the EC2 console or use the ModifyAvailabilityZoneGroup API to reduce latency and meet data residency needs.

🔒 AWS Transfer Family web apps now support federated permissions with AWS IAM Identity Center across multiple Regions. Previously, Transfer web apps could only be created in the Region of the IAM Identity Center instance. With IAM Identity Center multi-Region replication, administrators can replicate workforce identities and create Transfer web apps in additional Regions, reducing latency and improving availability. Users sign in with existing credentials.

🧾 Amazon SageMaker HyperPod now supports data capture for inference workloads, allowing organizations to record request and response payloads for monitoring, compliance, debugging, and offline analysis. You can capture traffic at the SageMaker endpoint, load balancer, or model pod and combine layers for richer observability. Captured data is delivered asynchronously to Amazon S3 with configurable sampling and encryption using customer-managed AWS KMS keys and is designed to never block inference. Enable data capture via the HyperPod Inference Operator or SageMaker JumpStart.

🔒 Microsoft has disrupted the infrastructure behind a major malware code-signing service, seizing the group's site signspace[.]cloud and revoking more than 1,000 abused certificates. The company removed hundreds of attacker-controlled Azure virtual machines and linked the operation to a group it calls Fox Tempest. The service sold malware signing-as-a-service to ransomware affiliates, letting signed malicious installers evade Windows warnings and deploy backdoors, infostealers, and ransomware.

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.

🔒 Discord has enabled default end-to-end encryption (E2EE) for all voice and video calls after completing the deployment in March. The company extended the open-source DAVE protocol across desktop, mobile, web browsers, PlayStation, Xbox and Discord SDKs, and is removing legacy unencrypted fallback code. The encryption layer now covers DMs, group DMs, voice channels and Go Live streams, while Stage channels remain excluded. Discord says it has no current plans to apply DAVE to text due to major engineering constraints tied to its existing messaging architecture.

🚀 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) now supports Apache Airflow 3.2, the latest major release of the open-source orchestration framework. The update brings data-aware scheduling, asset partitioning, and expanded Human-in-the-Loop (HITL) features to simplify pipeline control and approvals. Other enhancements include Grid View virtualization, full XCom UI management, and async callable support in PythonOperator. Environments can be launched or upgraded in all supported MWAA regions via the AWS Console.

🔐 Microsoft has reached general availability for Entra-Only identities for Azure Files SMB, enabling native Microsoft Entra ID authentication for SMB file shares using cloud-only identities. This eliminates the need for on-premises Active Directory, Entra Connect, or managed domain controllers, simplifying architecture and reducing operational overhead. Entra acts as the Kerberos Key Distribution Center (KDC), issuing Kerberos tickets while preserving SMB protocol compatibility, and supports VDI scenarios with FSLogix, Managed Identities, macOS clients, and NTFS ACL editing. The capability is supported across HDD and SSD shares, available at no extra cost, and is being extended to sovereign cloud regions.

🔧 Data Agent Kit is an open-source toolkit from Google Cloud that brings data engineering and data science skills, plugins, and secure connectors directly into your IDE or CLI. It provides prebuilt agentic skills, Model Context Protocol (MCP) integrations to BigQuery, AlloyDB, and Cloud Storage, plus native extensions for VS Code, Gemini CLI, Claude Code, and Codex. By grounding agents in unified enterprise data, it reduces manual ETL and context-window costs and accelerates intent-driven pipelines; the kit is available in preview.

🤖 Today at Google I/O, Google Cloud announced a broad set of AI advances delivered through Gemini Enterprise and Google Workspace, including Gemini 3.5 Flash, Gemini Omni, Antigravity, and Gemini Spark. These offerings include new models, an Agent Platform with a Managed Agents API, and CodeMender for automated code security. The updates emphasize agentic workflows, multimodal content creation, enterprise-grade security, and faster, cost-efficient model performance.