All news with #cloud security tag

🚀 Amazon Redshift announces general availability of Multidimensional Data Layouts (MDDL), a dynamic sorting feature that reorganizes data according to actual query filters to accelerate analytics. MDDL creates a multidimensional virtual sort key that co-locates rows typically accessed together, enabling block-level and predicate-column skipping during execution. For tables using the default AUTO sort key, Redshift analyzes query history and automatically selects MDDL or an optimal single-column sort key based on expected benefits. AWS reports up to 10x end-to-end performance improvements for workloads with repetitive filters; MDDL is available in all AWS commercial regions.

🔐 AWS Organizations now supports the full IAM policy language for service control policies (SCPs), allowing administrators to use conditions, individual resource ARNs, and the NotAction element with Allow statements. You can also apply wildcards at the beginning or middle of Action strings and use the NotResource element for finer scoping. These enhancements let teams create more concise and precise organizational guardrails to enforce least-privilege across accounts. The change is backward compatible and available in all AWS commercial and AWS GovCloud (US) Regions.

📢 Second-generation AWS Outposts racks are now supported in the AWS Canada (Central) and US West (N. California) Regions. Outposts racks extend AWS infrastructure, services, APIs, and tools to on-premises data centers or colocation spaces, providing a consistent hybrid experience. Customers can order racks connected to these Regions to optimize for latency and data residency, run low-latency workloads locally, and maintain centralized management in their home Region.

🛰️ Amazon has expanded VPC Reachability Analyzer and VPC Network Access Analyzer to seven additional regions — New Zealand, Hyderabad, Melbourne, Taipei, Calgary, Tel Aviv, and Mexico Central. Reachability Analyzer diagnoses network reachability between source and destination resources, while Network Access Analyzer identifies unintended access paths that may bypass security controls. This regional launch improves troubleshooting, compliance checks, and multi-account network visibility; pricing and documentation are available through AWS resources.

🔷 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for Global Industrial IIoT Platforms, highlighting its industrial cloud portfolio. Azure’s adaptive cloud—anchored by Azure IoT, Azure Arc, Azure Digital Twins, and Microsoft Fabric—is positioned to unify cloud-to-edge data, enable real‑time intelligence, and scale AI-driven operations. The platform emphasizes security with Microsoft Defender for IoT, Microsoft Sentinel, and Microsoft Entra, while enabling brownfield integration and partner-led solutions to accelerate industrial modernization.

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

🌐 Amazon EVS now supports VMware HCX migrations over the public internet using Elastic IP Addresses (EIPs) to provide stable endpoints and faster setup. This option supplements existing private connectivity methods such as AWS Direct Connect and VPN, enabling secure layer‑2 network stretch and workload migration when private links are unavailable. Public HCX connectivity is available in all AWS Regions where EVS is offered and can be a cost‑effective alternative for workloads that do not require private connection performance.

🔒 A centralized proxy architecture on Google Cloud can secure remote Model Context Protocol (MCP) servers by intercepting tool calls and enforcing consistent policies across deployments. Author Lanre Ogunmola outlines five core MCP risks — unauthorized tool exposure, session hijacking, tool shadowing, token/theft and authentication bypass — and recommends an MCP proxy (Cloud Run, GKE, or Apigee) integrated with Cloud Armor, Secret Manager, and identity services for access control, secret scanning, and monitoring. The post emphasizes layered defenses including Model Armor for prompt/response screening and centralized logging to reduce blind spots and operational overhead.

🌍 AWS now ships second-generation Outposts racks to a broad list of countries, enabling customers to deploy AWS infrastructure and services directly in on‑premises data centers and colocation sites. These racks support the latest x86 Amazon EC2 families — C7i, M7i, and R7i — delivering up to 40% better performance versus prior racks, simplified network scaling, and a new class of accelerated networking instances for ultra-low latency and high throughput. They also help address local data residency and low-latency processing requirements while remaining connected to the nearest AWS Region for management.

🔁 Amazon CloudWatch now supports cross-account, cross-region log centralization, allowing customers to copy log data from multiple AWS accounts and regions into a single destination account and integrate with AWS Organizations. Copied log events are enriched with new system fields (@aws.account and @aws.region) to preserve source context, and administrators can scope rules to the entire organization, selected OUs, or specific accounts. The feature supports selective log-group copying, automatic merging of same-named groups, optional backup-region copies, and includes one free centralized copy with additional copies billed at $0.05/GB.

📊 AWS Budgets now supports custom time periods, letting teams define flexible start and end dates for a budget rather than relying on calendar-based cycles. This enables single-budget tracking for time-bound projects (for example, a three-month development sprint starting mid-month) and triggers alerts as spend approaches thresholds. The feature is available today in all AWS commercial Regions except the AWS GovCloud (US) and China Regions.

📊 Amazon announced detailed performance statistics for EC2 instance store NVMe volumes, providing real-time I/O visibility on Nitro-based instances. The capability exposes 11 metrics at one-second granularity, including IOPS, throughput, queue lengths, and latency histograms broken down by IO size. Available by default across AWS Commercial and China Regions at no extra charge, it aligns NVMe monitoring with EBS detailed metrics for a consistent operational experience.

🖥️ Amazon AppStream 2.0 now supports Graphics G6 instances with fractionalized GPU sizes, enabling customers to provision GPU capacity in smaller fractions (for example 1/2, 1/4, or 1/8) instead of full GPU instances. The new G6f and Gr6f options are built on the EC2 G6 family and are designed to optimize shared GPU resources for graphics workloads that need less than a full GPU. These instances are available in 10 AWS Regions and use pay-as-you-go pricing; they can be launched from the AWS Management Console or via the AWS SDK when creating an image builder or fleet.

🔒 Check Point CloudGuard Network Security is now Nutanix Ready validated with Nutanix Cloud Infrastructure 7.3, delivering integrated network security for Nutanix environments. The update leverages Nutanix Flow Network Security features—entity groups, vNIC-specific policies, and global policy scopes—to extend microsegmentation and policy consistency. Customers can deploy CloudGuard via native Service Insertion and firewall chaining, enabling protection with minimal operational overhead.

📢 At FabCon Vienna, Microsoft unveiled a broad set of Microsoft Fabric enhancements to accelerate data-rich agents and enterprise adoption. Key updates include expanded OneLake shortcuts and mirroring (preview for Oracle and BigQuery), a preview Graph database and Maps for geospatial context, developer tooling (MCP, Extensibility Toolkit, CI/CD) and strengthened security controls like Azure Private Link and customer-managed keys. These features focus on zero-copy data access, governance, and operational scalability for mission-critical workloads.

🛡️ The shift to containers, Kubernetes, and serverless has made runtime visibility the new center of gravity for cloud-native security. CNAPPs that consolidate detection, posture, and response are essential, but observing active workloads distinguishes theoretical risk from live exposure. AI-driven correlation and automated triage reduce false positives and accelerate remediation. Vendors such as Sysdig stress mapping findings back to ownership and source code to drive accountable fixes.

🔒 AWS now offers VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM), enabling private, in-region connectivity between your VPCs and CloudWatch OAM without traversing the public internet. The endpoints support both IPv4 and IPv6 and leverage AWS PrivateLink controls such as security groups and VPC endpoint policies. Available in all commercial regions, AWS GovCloud (US), and China Regions, this lets teams manage cross-account observability links and sinks from VPCs that have no internet access.

🔍The Amazon Managed Service for Prometheus collector — an agentless, fully managed Prometheus metrics collector — now vends logs to Amazon CloudWatch Logs, improving visibility into target discovery, authentication, scraping, and ingestion. These logs surface details such as timeouts, remote-write failures, and other errors to aid troubleshooting. The feature is generally available in all regions where the service is offered; review CloudWatch logs pricing and the collector monitoring user guide to get started.

🛡️ This post explains how organizations can use AWS security services while keeping data within Dedicated Local Zones. It describes the AWS Nitro System for hardware-enforced isolation, AWS KMS with an external key store option, and continuous protection from Amazon Inspector and GuardDuty. It also covers certificate management via ACM, DDoS mitigation with AWS Shield, and centralized auditing through CloudTrail.

🔒 Amazon Interactive Video Service (Amazon IVS) now supports media ingest via interface VPC endpoints using AWS PrivateLink. This lets customers broadcast RTMP(S) streams privately to IVS Low-Latency channels and IVS Real-Time stages without traversing the public internet. Interface VPC endpoints can be created from within your VPC or from on-premises environments over AWS Direct Connect, providing private and reliable connectivity for live video workflows. The feature is available in US West (Oregon), Europe (Frankfurt), and Europe (Ireland); standard PrivateLink pricing applies.