< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 10 of 31

Azure IaaS: Built-in Resiliency for Critical Apps at Scale

🔁 Azure IaaS delivers an enterprise-grade platform with built-in capabilities across compute, storage, and networking to help keep mission-critical applications available during hardware issues, maintenance, zonal disruptions, and regional incidents. The platform emphasizes isolation, redundancy, failover, and recovery through features like Virtual Machine Scale Sets, availability zones, and multiple storage redundancy tiers. Networking services such as Azure Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door help maintain reachability and reroute traffic when paths fail. Customers are encouraged to combine these primitives with IaC, testing, and operational practices to meet workload-specific RTO/RPO objectives.
read more →

Oracle Database@AWS adds sub-millisecond network latency

Oracle Database@AWS (ODB@AWS) now provides consistent sub-millisecond roundtrip latency between Amazon EC2 instances and ODB@AWS databases. By automatically optimizing compute placement within ODB@AWS networks, customers can migrate latency-sensitive workloads — such as payment processing and securities trading — to AWS while using existing EC2 APIs and workflows. There is no additional charge for EC2 instances using the optimized placement; the capability is available in six Regions today, with more Regions planned.
read more →

Vertex AI P4SA Permissions Flaw Exposes Google Cloud Data

🔒 Unit 42 disclosed a permissions flaw in Vertex AI where the default Per-Project, Per-Product Service Agent (P4SA) can expose credentials and OAuth scopes via the metadata service. Researchers showed attackers could use those credentials to pivot into customer projects, read Google Cloud Storage buckets, and download images from restricted Artifact Registry repositories. Google updated docs and advises using BYOSA and least-privilege scopes; organizations should validate agent permissions before deployment.
read more →

ROI of Hybrid Mesh Network Security, 2026 IDC Study

🔒 IDC interviewed security leaders from global enterprises to quantify the business value of adopting a Hybrid Mesh Network Security architecture. The findings emphasize that a single control plane for managing firewalls across on‑premises, cloud, and remote environments reduces tool sprawl and operational complexity. Organizations reported faster policy deployment, improved incident response, and better alignment with initiatives such as AI transformation, enabling security teams to shift from reaction to proactive prevention and to demonstrate measurable ROI.
read more →

The AI Arms Race: Why Unified Exposure Management Matters

🔒 The weaponization of AI is compressing the attack lifecycle and outpacing traditional defenses. Platforms like PlexTrac consolidate cloud misconfigurations, identity risks, application flaws, and pentest findings into a unified, dynamic view of exposure. Combined with Agentic AI for continuous threat assessment and automated remediation, organizations can prioritize actionable risk, orchestrate fixes, and validate controls at machine speed.
read more →

Double Agents: Security Blind Spots in Vertex AI on GCP

🔒 Unit 42 researchers discovered that AI agents deployed with Google Cloud’s Vertex AI ADK can inherit overly broad default permissions, enabling a deployed agent to leak service‑agent credentials and act as a “double agent.” By exploiting the Per‑Project, Per‑Product Service Agent (P4SA), the team pivoted into consumer projects and downloaded restricted Artifact Registry images from Google‑managed producer projects. Google collaborated with Unit 42, updated documentation, and recommended Bring Your Own Service Account (BYOSA) as a mitigation. Palo Alto Networks highlights protection via Prisma AIRS, Cortex Cloud Identity Security, and Cortex AI‑SPM.
read more →

Amazon RDS for Db2 Now Available in New Zealand Region

☁️ Amazon RDS for Db2 is now available in the Asia Pacific (New Zealand) AWS Region, enabling customers to deploy, operate, and scale Db2 databases in the cloud within minutes. RDS provisions automatically configured parameters to optimize performance and supports Multi‑AZ synchronous replication to a standby instance for high availability. Licensing options include hourly pay‑as‑you‑go purchases from the AWS Marketplace or Bring Your Own License (BYOL), available in both Standard and Advanced Editions. Usage may be eligible for the Database Savings Plan.
read more →

Amazon RDS for SQL Server Developer Edition in GovCloud

🆕 Amazon RDS for SQL Server now offers Microsoft SQL Server Developer Edition in the AWS GovCloud (US) Regions. Developer Edition is a free, full-featured, non-production license that mirrors Enterprise capabilities, helping teams reduce licensing costs for development, testing, and demonstrations. Amazon RDS-managed features — automated backups, automated software updates, monitoring, and encryption — are supported for SQL Server 2019 and SQL Server 2022 instances.
read more →

Amazon CloudFront BYOIP IPv6 Support via VPC IPAM Launch

🚀 Amazon CloudFront now supports bringing your own IPv6 addresses (BYOIP) for Anycast Static IPs using VPC IP Address Manager (IPAM). Administrators can create unified IPAM pools for IPv4 (/24) and IPv6 (/48) and assign dual‑stack Anycast Static IP lists, preserving existing allow‑lists and branding when migrating to CloudFront. The feature is available in most commercial AWS Regions with a few regional exceptions.
read more →

Amazon S3 Express One Zone Adds CloudWatch Request Metrics

📈 Amazon S3 Express One Zone now publishes request metrics to Amazon CloudWatch, providing minute-level visibility into request counts, data transfer volumes, error rates, and latency for latency-sensitive applications. These request metrics complement existing storage metrics and are accessible via the CloudWatch console, S3 console, S3 API, and AWS CLI across all Regions where the storage class is available. Standard CloudWatch pricing applies.
read more →

CloudWatch log centralization adds data source filters

🔁 Amazon CloudWatch centralization now supports selecting logs by data source name and type in addition to log group names. Customers can target AWS service logs (automatically discovered) and application logs (via log group tags) to copy telemetry from multiple accounts and regions into a single destination account. Rules can focus on types like VPC Flow Logs, EKS Audit Logs, and CloudTrail Logs to simplify security and operational monitoring. Create or modify centralization rules in the console, AWS CLI, or SDKs; standard CloudWatch Logs pricing applies for ingestion, storage, and data transfer.
read more →

AWS Security Hub Now Available in GovCloud US Regions

🔒 AWS Security Hub is now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Security Hub offers a unified cloud security posture by correlating and enriching signals from Amazon GuardDuty, Amazon Inspector, and Security Hub CSPM to prioritize active risks. The service delivers near‑real‑time risk analytics, exposure findings, automated response workflows, attack path visualization, and centralized organization-wide deployment with streamlined pricing for improved cost predictability.
read more →

WebRTC Support for Amazon Kinesis Video Streams in GovCloud

📡 Amazon Kinesis Video Streams (KVS) now supports WebRTC in AWS GovCloud (US) Regions, enabling real-time, two-way media streaming with sub-second latency for security-sensitive workloads. This extends KVS's secure ingest, storage, and processing capabilities to mission-critical use cases such as live surveillance, body-worn camera streaming, drone feeds, and IoT monitoring while preserving data residency and compliance. The feature is available in AWS GovCloud (US-East) and (US-West).
read more →

AWS HealthOmics Adds VPC-Connected Bioinformatics Workflows

🧬 AWS HealthOmics now supports VPC-connected workflows, allowing bioinformatics pipelines to access AWS resources across regions and public internet resources through a customer VPC. New Configuration APIs let teams specify VPCs and manage public internet dependencies at a per-run level without changing workflow code. This capability is HIPAA-eligible and available in all HealthOmics regions.
read more →

Navigating Digital Sovereignty: Microsoft's Practical Path

🔒 Microsoft frames digital sovereignty as a practical, consultative discipline that extends beyond privacy to encompass continuity, resilience, and responsible AI adoption. The post outlines a Sovereign Cloud continuum—including the EU Data Boundary, hybrid and private cloud options, and expanded disconnected operations—to provide organizations with choice, visibility, and control. It emphasizes transparency, risk-based engagement, and long-term accountability as core means to build durable trust while enabling innovation.
read more →

AWS Direct Connect adds CloudWatch BGP metrics for VIFs

📡 AWS Direct Connect now publishes three Amazon CloudWatch metrics for virtual interfaces, giving network teams native visibility into BGP session health and route counts. The new VirtualInterfaceBgpStatus, VirtualInterfaceBgpPrefixesAccepted and VirtualInterfaceBgpPrefixesAdvertised report session state, on-prem prefix intake, and routes advertised by AWS, enabling proactive alarms and validation of configuration changes. These metrics apply to private, public and transit VIFs in all commercial AWS Regions and integrate with CloudWatch alarms, dashboards and Amazon SNS to reduce detection time and simplify hybrid network operations.
read more →

Databricks Debuts Lakewatch SIEM: Cost and Strategy

🔍 Databricks has previewed Lakewatch, an agentic SIEM designed to extend the lakehouse into security analytics and offer a lower-cost alternative to traditional SIEMs. The vendor says it will charge for compute rather than data ingestion or storage, claiming up to an 80% reduction in total cost of ownership while retaining years of hot data. Analysts acknowledge the ingestion-cost problem and note potential savings for organizations that retain large volumes, but warn that costs can shift to compute and processing if usage is uncontrolled. Databricks bolstered its security credibility with acquisitions such as Antimatter and SiftD.ai, indicating a broader security roadmap.
read more →

AWS Batch Adds Quota Management and Preemption for SageMaker

⚙️ AWS Batch now supports quota management with job preemption for SageMaker Training, enabling prioritized GPU allocation and automatic preemption of lower-priority workloads. You can create up to 20 quota shares per job queue and choose resource-sharing strategies, with both cross-share and in-share preemption modes to restore or reallocate borrowed capacity. Capacity utilization is visible at queue, quota share, and job levels, and you can update job priorities after submission and set preemption retry limits. The feature integrates with the SageMaker Python SDK via the aws_batch module and is available in all AWS Regions where AWS Batch is offered; AWS provides an example notebook and user-guide documentation for implementation guidance.
read more →

DRA: Dynamic Resource Allocation for Kubernetes Devices

⚡ DRA (Dynamic Resource Allocation) modernizes Kubernetes device management by replacing static Device Plugins with a request-based model built on ResourceSlice and ResourceClaim. It enables granular, attribute-based requests such as minimum VRAM, specific hardware models, or PCIe locality, and abstracts hardware via DeviceClass so the scheduler can match workloads to suitable devices. NVIDIA contributed a GPU driver and Google donated a TPU driver, and DRA is generally available in GKE. This reduces manual node pinning and improves utilization for LLM and AI workloads.
read more →

Cybersecurity, AI, and Sovereignty: Next for Infrastructure

🔐 At the World Economic Forum’s Industry Strategy Meeting in Munich, leaders explored how rapid AI deployment and rising data sovereignty pressures are reshaping digital infrastructure and investment. The piece argues that cybersecurity must be embedded from day zero to enable trusted data exchange, interoperability between sovereign systems, and secure distributed AI. It highlights the shift from large general models toward specialized, context-aware architectures and notes Fortinet’s role in public-private collaboration to operationalize secure systems.
read more →