All news with #cloud security tag

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.

🔁 AWS introduces Billing Transfer, enabling a single management account to centrally collect invoices, process payments, and run detailed cost analysis across multiple AWS Organizations while preserving each management account’s security autonomy. The feature integrates with AWS Billing Conductor to protect proprietary pricing and support advanced cost allocation strategies. AWS offers a free trial through May 31, 2026; starting June 1, 2026 organizations using a Customer managed pricing plan will incur a $50 per-organization fee. Billing Transfer is available in all public AWS Regions except GovCloud and China (Beijing, Ningxia).

💡 Amazon Q Developer now includes enhanced cost management features that let users analyze costs across broader Cloud Financial Management domains with advanced analytics. Users can ask open-ended questions about historical and forecasted costs, optimization recommendations, commitment utilization, anomalies, budgets, free tier usage, and product attributes. Q explores data, forms hypotheses, performs calculations, and shows the API calls and console links used for transparency.

🚀 Amazon RDS now supports R8gd and M8gd instances for Optimized Reads on Amazon Aurora PostgreSQL and RDS for PostgreSQL, MySQL, and MariaDB, offering improved price-performance. Optimized Reads uses local NVMe-based SSDs to store ephemeral data (temporary tables and evicted pages) to reduce network I/O and boost read latency and throughput. AWS reports up to 165% better throughput and up to 120% better price-performance on R8gd versus R6g for Aurora PostgreSQL. These instances are available in select US, Europe, and Asia Pacific regions and can be enabled via the Console, CLI, or SDK.

☁️ AWS Transform for VMware can now automatically convert VMware network environments into Landing Zone Accelerator (LZA)-compatible YAML network configurations that can be directly imported and deployed via LZA. Building on existing IaC output formats such as CloudFormation, AWS CDK, and Terraform, this capability reduces manual re-creation of network settings, lowers the risk of configuration errors, and accelerates migration timelines while aligning deployments with enterprise security and compliance standards.

🔒 European leaders, including Chancellor Friedrich Merz and President Emmanuel Macron, will attend a Berlin summit of digital ministers and IT experts expected to draw about 900 participants. The conference highlights concerns that US laws such as CLOUD Act and FISA 702 can compel US cloud providers to disclose data held in Europe, driving calls to reduce dependencies on non‑European vendors. Officials and industry leaders emphasise technological controls — notably strong encryption and customer-held keys — and the need for scalable European cloud alternatives while addressing regulatory and startup barriers.

🚀 Amazon Web Services has made EC2 High Memory U7i instances (u7in-24tb.224xlarge) available in the US East (Ohio) region as of Nov 17, 2025. These instances deliver 24 TB of DDR5 memory and 896 vCPUs, and are powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids). They support up to 100 Gbps EBS, up to 200 Gbps networking with ENA Express, and target mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server. The offering is intended to help customers scale transaction processing throughput in fast-growing data environments.

🚀 Amazon launched MWAA Serverless, a managed, serverless deployment option for Apache Airflow that eliminates infrastructure management and bills only for actual task compute time. Workflows can be authored as YAML configurations or Python DAGs and leverage over 80 AWS Operators from Airflow v3.0. Each workflow runs in isolation with distinct IAM permissions while the service automatically provisions and scales resources across supported regions.

🩺 AWS HealthImaging now supports JPEG 2000 Lossless as a native transfer syntax for storing and retrieving lossless DICOM images, making it easier to integrate HealthImaging with applications that require JPEG 2000 encoded data. Customers can choose between JPEG 2000 Lossless (UID 1.2.840.10008.1.2.4.90) and High-throughput JPEG 2000 (HTJ2K) for lossless storage. Enabling JPEG 2000 Lossless reduces retrieval latency by eliminating the need to transcode images at access time. This capability is available in all regions where HealthImaging is generally available.

🔒AWS Backup now supports cross-account management in four additional AWS Regions: Asia Pacific (Taipei, Thailand, New Zealand) and Mexico (Central). With this capability you can deploy organization-wide backup policies from your AWS Organizations management account or a delegated administrator, helping to maintain compliance and reduce operational overhead. You can also monitor backup activity across all organizational accounts from a single management account, centralizing visibility and simplifying auditing and troubleshooting.

🔒 AWS Parallel Computing Service (AWS PCS) is now HIPAA eligible, enabling organizations with a Business Associate Addendum (BAA) to run protected health data workloads. AWS PCS is a managed High Performance Computing service that uses the Slurm workload manager for cluster orchestration and targets compute-intensive tasks such as genomic sequencing, medical imaging analysis, and clinical research simulations. AWS says it maintains a standards-based risk management program to support HIPAA administrative, technical, and physical safeguards, and that eligibility applies in all AWS Regions where PCS is offered.

💡 AWS Marketplace now displays estimated tax amounts and the applicable invoicing entity to buyers at the time of purchase. The procurement view shows estimated tax type (such as VAT, GST, or US sales tax), tax rates, and the estimated upfront tax amount derived from a customer's tax and address settings in the AWS Billing console. Buyers can download a PDF summary of the tax and invoicing details to support procurement approvals, budgeting, and issuing purchase orders to the correct invoicing entity. This capability is available today in all AWS Regions where AWS Marketplace is supported.

🔐 Amazon MQ now supports LDAP authentication for RabbitMQ brokers in all AWS regions, allowing brokers to authenticate and authorize users against LDAP identity providers. Administrators can manage users and assign permissions to topics and queues using credentials stored in their LDAP server. LDAP support can be enabled when creating or updating brokers via the AWS Console, CloudFormation, CLI, or CDK, and remains compatible with standard RabbitMQ LDAP implementations.

🔁 AWS announced that Amazon VPC IP Address Manager (IPAM) can now automatically acquire non‑overlapping IP allocations from Infoblox Universal IPAM, reducing the need for manual ticketing between cloud and on‑prem teams. The integration imports allocated ranges into a top‑level AWS IPAM pool and allows organization into regional pools to prevent address conflicts. The feature is available in all Regions where VPC IPAM is supported, excluding AWS China and AWS GovCloud (US); refer to the IPAM documentation and pricing tab for details.

🔍 Shadow IT — any software, hardware, or resource introduced without formal IT, procurement, or compliance approval — is now pervasive and evolving into Shadow AI, where unsanctioned generative AI tools expand the attack surface. The article outlines how these practices drive operational, security, and regulatory risk, citing IBM’s 2025 breach-cost data and industry examples in healthcare, finance, airlines, insurance, and utilities. It recommends shifting from elimination to smarter control by improving continuous visibility through real‑time network analysis and vendor integrations that turn hidden activity into actionable intelligence.

🔔 AWS Marketplace now publishes purchase agreement lifecycle events through Amazon EventBridge, replacing prior Amazon SNS notifications for Software as a Service and Professional Services product types. Sellers (Independent Software Vendors and Channel Partners) and buyers receive notifications for creation, termination, amendment, replacement, renewal, cancellation, and expiration. ISVs also get license-specific events to manage customer entitlements. EventBridge routing supports targets such as AWS Lambda, Amazon S3, Amazon CloudWatch, AWS Step Functions, and can remain compatible with existing SNS-based workflows.

🔒 The Bundestag approved the federal government's draft law to implement the NIS2 Directive on 13 November 2025, bringing new cybersecurity obligations for an estimated 29,850 companies and federal authorities. Affected organizations must strengthen risk analyses, incident response, backups and encryption, and report incidents to the BSI within 24/72/30 hours/days. The law expands BSI supervisory powers and allows bans on "critical components" coordinated by the Interior Ministry, drawing criticism from industry groups.

🔎 Generative AI adoption in the enterprise has surged, with studies showing roughly 90% of employees using AI tools often without IT's knowledge. CIOs must move beyond discovery to build a coherent strategy that balances productivity gains with security, compliance, and governance. That requires continuous visibility into shadow AI usage, risk-based controls, and integration of policies into network and cloud architectures such as SASE. By aligning policy, education, and technical controls, organizations can harness GenAI while limiting data leakage and operational risk.

🔍 AWS CloudFormation Hooks now supports granular invocation details, allowing hook authors to attach per-control findings, severity levels, and remediation guidance to their evaluation responses. The Hooks console displays these details at the individual control level within each invocation so developers can drill down from the summary to see which controls passed, failed, or were skipped. Available in all commercial and GovCloud (US) regions, this follow-up to the September 2025 Hooks Invocation Summary accelerates troubleshooting and streamlines compliance reporting with actionable, control-level insights.

🔒 Fortinet has been named the inaugural Google Unified Security Recommended partner for network protection, recognizing FortiSASE and FortiGate NGFW running natively on Google Cloud. The collaboration delivers a cloud-native SASE that unifies networking and security with global PoPs on Google’s private backbone, centralized policy and telemetry via FortiManager, and AI-enhanced threat protection from FortiGuard Labs. Customers can deploy through Google Cloud Marketplace and expect lower TCO through a consolidated architecture and simplified operations.