All news with #cloud security tag

🔁 AWS now enables AWS Transform for VMware to automatically generate network configuration YAML files that are directly compatible with the Landing Zone Accelerator on AWS (LZA). Building on Transform’s existing infrastructure-as-code outputs for AWS CloudFormation, AWS CDK, and Terraform, the capability converts VMware network environments into LZA-ready YAML that can be imported into LZA’s deployment pipeline. The feature is available in all AWS Transform target Regions and is intended to reduce manual effort and deployment time while improving consistency across multi-account environments.

🔗 Amazon ECS Service Connect now supports cross-account communication in AWS GovCloud through integration with AWS Resource Access Manager (AWS RAM). You can share the underlying AWS Cloud Map namespaces with individual accounts, Organizational Units (OUs), or your entire AWS Organization to register services from multiple accounts in a single namespace. The capability works for both Fargate and EC2 launch modes in GovCloud (US-West and US-East) and is available via Console, API, SDK, CLI, and CloudFormation, simplifying service discovery and reducing duplication.

🔒 Cameyo by Google is a cloud-native Virtual App Delivery solution that streams legacy Windows and Linux applications into the browser or publishes them as Progressive Web Apps, avoiding the overhead of full VDI. Paired with Chrome Enterprise Premium, Cameyo brings legacy client apps under a single secure browsing context with advanced DLP and threat protection. IT teams benefit from faster deployments, reduced VPN and infrastructure complexity, and a clear migration path to ChromeOS while preserving critical Windows workloads.

🔧 Amazon Connect Cases now supports conditional field visibility and dependent field options to streamline case layouts and reduce data-entry errors. Administrators can show fields only when relevant (for example, display a Return Reason field for return cases) and restrict choice lists based on other selections (e.g., limit Issue Type to hardware options when Issue Category is Hardware). The feature is available in multiple AWS regions.

🔒 Google on Tuesday introduced Private AI Compute, a cloud privacy capability that aims to deliver on-device-level assurances while harnessing the scale of Gemini models. The service uses Trillium TPUs and Titanium Intelligence Enclaves (TIE) and relies on an AMD-based Trusted Execution Environment to encrypt and isolate memory on trusted nodes. Workloads are mutually attested, cryptographically validated, and ephemeral so inputs and inferences are discarded after each session, with Google stating data remains private to the user — 'not even Google.' An external assessment by NCC Group flagged a low-risk timing side channel in the IP-blinding relay and three attestation implementation issues that Google is mitigating.

🔍 AWS has extended the Cost and Usage Report (CUR 2.0) to surface hourly, resource-level billing information for capacity reservations including EC2 On-Demand Capacity Reservation (ODCR) and EC2 Capacity Blocks for ML. CUR 2.0 now tags capacity-related line items as Reserved, Used, or Unused, enabling precise coverage and utilization calculations. The enhancement helps identify idle reservations and attribute reservation costs to resource owners for cost optimization.

🔒 Four former CISOs — Paul Hadjy, Joe Silva, Chris Pierson, and Michael Coates — turned recurring operational frustrations into startups that address enduring enterprise security gaps. Hadjy founded Horangi to tackle cloud security in Asia, Silva launched Spektion to reframe vulnerability management as an engineering problem, Pierson created BlackCloak to protect executives’ personal digital lives, and Coates built Altitude to secure cloud collaboration. Their founder journeys emphasize ruthless prioritization, accountability, and treating security as a trust and revenue enabler.

📈 Amazon Web Services announced that the Amazon CloudWatch Agent can now collect shared memory utilization metrics from Linux hosts running on Amazon EC2 or in on‑premises environments. This complements existing memory metrics (free, used, cached) and captures memory used by large enterprise databases and in‑memory applications. Administrators can enable the feature in the agent configuration file to obtain accurate total memory usage for sizing and optimization. The capability is available in all commercial and AWS GovCloud (US) Regions; CloudWatch custom metrics pricing applies.

🔔 Amazon SageMaker Unified Studio now delivers real-time notifications for data catalog activities, including new dataset publications, metadata changes, subscription requests, comments, and access approvals. Alerts are surfaced via a bell icon on the project home page and through a notification center that shows a recent list and a full, filterable tabular view by catalog, project, and event type. The feature is available in all regions where SageMaker Unified Studio is supported.

🚀Amazon Web Services has launched EC2 C7i-flex instances in the Middle East (UAE), offering up to 19% better price performance versus C6i. Powered by AWS-exclusive 4th generation Intel Xeon Scalable (Sapphire Rapids) custom processors and priced about 5% below C7i, these instances cover common sizes from large through 16xlarge. They target web and application servers, caches, databases, Apache Kafka, Elasticsearch and other compute-intensive workloads that don’t fully utilize all vCPUs. For sustained heavy-CPU needs or very large configurations, customers can continue to use standard C7i instances.

🚀 Amazon Web Services has added High Memory U7i instances to AWS GovCloud, offering 12TiB (u7i-12tb.224xlarge) and 16TiB (u7in-16tb.224xlarge) in GovCloud (US-West) and 24TiB (u7in-24tb.224xlarge) in GovCloud (US-East). These 7th‑generation instances use custom 4th‑generation Intel Xeon Scalable (Sapphire Rapids) processors, provide 896 vCPUs and DDR5 memory, and support ENA Express. The u7i-12tb delivers up to 100Gbps network and EBS throughput while the 16tb and 24tb variants deliver up to 200Gbps, making them well suited for mission‑critical in‑memory databases like SAP HANA, Oracle, and SQL Server.

🔒 CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response, achieving top placement across Product, Innovation, Market, and Overall Ranking. The report cites Falcon Next-Gen Identity Security for its cloud-native design, AI/ML-driven detections, behavioral analytics, and automated identity-centric response. KuppingerCole highlights unified visibility across Active Directory, Entra ID, Okta, Ping, AWS IAM and SaaS via Falcon Shield, and notes deep integrations with XDR, SIEM, SOAR, IdP, IGA, PAM, and ITSM to accelerate detection and remediation for human, non-human, and AI agent identities.

🌐 Amazon VPC Lattice now lets resource owners assign a custom domain name to a resource configuration, enabling layer‑4 access to databases, clusters and TLS‑based endpoints across VPCs and accounts. Owners specify a custom domain and share the resource configuration; VPC Lattice then provisions and manages a private hosted zone in the consumer VPC so consumers can resolve and access the resource using that domain. Resource owners may use AWS, customer‑owned, or third‑party domains, and consumers can exercise granular controls over which domains VPC Lattice manages. The feature is available at no additional cost in Regions where VPC Lattice resource configuration is offered.

🔒 Amazon Cognito user pools now support AWS PrivateLink, enabling private VPC connectivity to manage and authenticate against user pools without traversing the public internet. The enhancement covers user pool management APIs, administrative operations, and sign-in for local Cognito users, but does not support OAuth 2.0 authorization code flow (hosted UI/social logins), client credentials, or federated SAML/OIDC sign-ins via VPC endpoints. It is available in all Regions where Cognito user pools exist except AWS GovCloud (US); creating VPC endpoints will incur AWS PrivateLink charges.

🔒 Enterprises continue to struggle with cloud misconfigurations that expose sensitive data, according to recent industry reporting and a Qualys study. The report cites a 28% breach rate tied to cloud or SaaS services over the past year and high misconfiguration rates across AWS (45%), GCP (63%) and Azure (70%). Experts blame permissive provider defaults, shadow IT and rapid business-driven deployments, and recommend controls such as MFA everywhere, private networking, encryption, least-privilege and infrastructure-as-code.

🛡️ Data Security Posture Management (DSPM) tools help organizations discover, classify and manage sensitive data across dynamic cloud environments. They focus on locating "shadow data" in known and unknown repositories and typically collect metadata via agentless or API-based scans to avoid moving raw data. DSPM dashboards catalog findings, map lineage and assess compliance, while remediation often integrates with SOAR, SIEM or CNAPP solutions. Many vendors now combine discovery with some automated "fix it" capabilities to streamline response.

🔍 IDC’s latest research finds organizations averaged nine cloud security incidents in 2024, with 89% reporting year-over-year increases. The study identifies CNAPP as a top-three investment for 2025, rising CISO ownership of cloud security, and persistent tool sprawl that increases cost and risk. It also documents practical uses of generative AI for detection and response and a move toward integrated, autonomous SecOps platforms. Microsoft positions its integrated CNAPP and AI-driven threat intelligence as a way to unify protection across the application lifecycle.

🔒 Amazon Web Services (AWS) published a whitepaper, Overview of the AWS European Sovereign Cloud, available in English, German, and French, outlining the planned design and objectives. The document describes a new, independent cloud for Europe supported by a €7.8 billion investment and a target launch of the first Region in the State of Brandenburg, Germany by the end of 2025. It highlights dedicated physical infrastructure, logical isolation, EU-based corporate governance, and continued access to the full AWS service portfolio while addressing data sovereignty and law enforcement processes.

🚀 Buildertrend describes migrating from Memorystore for Redis to Google Cloud’s managed Memorystore for Valkey to gain native cross‑regional replication, improved networking via Private Service Connect, and performance advantages. The team exported cache data to Google Cloud Storage and seeded Valkey instances to minimize downtime, eliminated a proxy layer, and now uses Valkey for caching, session state, job queues, pub/sub idempotency, and authentication tokens.

🌐 Cloudflare announced the open beta of Workers VPC Services, enabling Workers to securely reach APIs, containers, VMs, serverless functions and databases inside regional private networks via Cloudflare Tunnels. Developers register services by hostname or IP and bind them to Workers, with access verified at deploy time to restrict Workers to only the declared service. The model reduces cloud lock‑in, mitigates SSRF risk, and is available free during the beta.