All news with #access reviews tag

🔐 Amazon Route 53 Profiles now supports granular AWS Identity and Access Management (IAM) permissions. Administrators can create IAM policies that restrict users to specific operations—associate, disassociate, or update—on resource types such as private hosted zones, Resolver rules, and DNS Firewall rule groups. Permissions may be scoped by resource ARN, hosted zone name, Resolver rule domain name, DNS Firewall rule group priority range, or specific VPC associations to enable precise delegation.

🔐 Longstanding identity programs have largely solved authentication with MFA and SSO, but authorization — the decisions about what authenticated identities can do — remains fragile and undergoverned. The article highlights a persistent denominator problem: many assets, cloud tenants, service accounts and shadow IT tools fall outside centralized visibility, so coverage metrics can be misleading. Effective risk reduction requires context-rich, accountable access decisions and stronger governance of non-human and third-party identities to avoid rubber-stamp approvals and excessive blast radius.

🔐 Most identity programs still triage work like IT ticket queues—by volume, noise, or failed control checks—an approach that breaks when environments are increasingly non-human and partially onboarded. Identity risk is a function of controls posture, hygiene, business context, and intent; missing controls matter differently depending on what an identity can access. Hygiene failures such as orphan, local, or dormant accounts create low-effort paths for attackers and autonomous agents. Orchid builds an identity graph from telemetry, scores contextual risk, ranks toxic combinations, and sequences remediation to reduce real exposure rather than just shrink a findings list.

🔒 Amazon Connect Cases now supports tag-based access control, enabling administrators to attach tags to case templates and restrict which users can view or manage cases based on security profiles. For example, teams can tag fraud cases and limit view/edit rights to users assigned to a fraud security profile. This capability strengthens enforcement of internal controls and data access policies, simplifies segmentation of sensitive workflows, and reduces the risk of unauthorized access across supported AWS regions.

🔐 AI agents are accelerating enterprise work but create new ownership and approval gaps for security teams. Unlike human users or traditional service accounts, agents often operate autonomously, persistently, and with delegated authority, which can expand access beyond any single user's permissions. The article separates agents into personal, third-party, and organizational categories and highlights that organizational agents carry the greatest systemic risk. It recommends treating agents as distinct identities with defined owners, mapping user→agent interactions, and continuously reviewing agent access.

🔁 Amazon SageMaker Unified Studio now supports cross-Region subscriptions and IAM role-based subscriptions, enabling teams to subscribe to AWS Glue and Amazon Redshift tables and views published in different AWS Regions. Cross-Region support helps break down data silos and removes the need for manual replication. IAM role-based subscriptions let users request access without creating a SageMaker project, simplifying governance. These APIs are available via the SageMaker console, Amazon DataZone API, SDK, and AWS CLI.

🔒 Microsoft 365 sharing is convenient but can quickly lead to uncontrolled access and data exposure. This sponsored article explains how tenfold provides centralized visibility across Teams, OneDrive and SharePoint and introduces targeted access reviews for shared content. Personalized review dashboards let owners confirm or revoke links, and automated enforcement removes permissions that fail review.

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.