All news with #cloud security tag

🔁 Google describes its Central Fleet program as a centralized, fungible pool of compute, memory, and storage that replaces team-level machine procurement. Teams request intent-based quotas rather than specific servers, and the fleet uses software-level orchestration via Borg to allocate and reallocate resources dynamically. Google reports that in 2024 the program avoided procurement with an embodied impact of roughly 260,000 metric tons CO2e, highlighting reductions in e-waste, embodied carbon, and improved energy efficiency while promoting a circular-economy approach.

🔒 AWS announced that Amazon Bedrock AgentCore Gateway now supports AWS PrivateLink for private VPC access and adds invocation logging to Amazon CloudWatch, Amazon S3, and Amazon Data Firehose. These updates allow agent traffic to avoid the public internet while sending per-invocation logs to common observability and storage services. The combination improves network isolation, governance, and operational visibility. AgentCore Gateway is currently in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.

🔍 With this update, Amazon CloudWatch Network Monitoring flow monitors can observe traffic between AWS Regions over the AWS global network. Flow monitors deliver near real-time metrics for compute instances such as Amazon EC2 and Amazon EKS, and for services like Amazon S3 and Amazon DynamoDB, to help detect and attribute network-driven impairments. The network health indicator now captures cross-Region path health including visibility into remote public IPs and private traffic over VPC and Transit Gateway peering.

🔔 Amazon Managed Service for Prometheus is now available in the AWS GovCloud (US) Regions, providing a fully managed, Prometheus-compatible monitoring solution for government and regulated workloads. The service supports high-scale ingestion—customers can send up to 1 billion active metrics to a single workspace—and allows multiple workspaces per account for isolation and organization. It simplifies metric storage, querying, and alerting while reducing operational overhead. Customers should consult the user guide for the full list of supported regions.

🔁 Google Cloud has introduced Data Transfer Essentials, a no-cost service for EU and U.K. customers to move multicloud data between Google Cloud and other providers. Designed for in-parallel processing across multiple clouds, qualifying multicloud traffic is metered separately and billed at a zero charge while other traffic remains billed at existing Network Service Tier rates. Customers can opt in via a configuration guide to specify which traffic qualifies.

🚀 Google Cloud announced Dataproc multi-tenant clusters to let many data scientists share a single cluster for interactive notebook workloads while preserving per-user authorization. The feature maps individual Google identities to service accounts, externalizes mappings to a YAML file, and supports updates on running clusters. Jupyter kernels launch via the Jupyter Kernel Gateway across worker nodes, with optional Vertex AI Workbench integration and the BigQuery JupyterLab Extension. Administrators retain IAM-based least-privilege control and cluster hardening isolates credentials and OS users.

🔎 External Attack Surface Management (EASM) continuously discovers, inventories, and monitors internet‑facing assets — domains, subdomains, cloud workloads, IPs, and third‑party exposures — to reveal shadow IT and misconfigurations before attackers can exploit them. EASM platforms deliver automated discovery, continuous monitoring, and risk‑based prioritization so teams can focus remediation on high‑impact threats. Integrated workflows and ticketing accelerate fixes and improve cross‑team visibility.

🔒 Secure Access Service Edge (SASE) combines networking and security into a unified, cloud-delivered platform designed for the realities of remote and hybrid work. With nearly half of knowledge workers operating remotely or in hybrid models and many organizations adopting cloud apps and distributed branches, traditional perimeter-based models are no longer sufficient. SASE addresses distributed access, policy consistency, and simplified management while reducing attack surface and operational complexity.

🔍 AWS Config now records resource tags for IAM policy resource types, enabling you to capture tag values and track their changes directly in your Config recorder. You can scope both Config-managed and custom rule evaluations by tag and use Config aggregators to selectively collect IAM policies across accounts. This capability is available in all supported AWS Regions at no additional cost.

📣 AWS announced general availability of Organizational Notification Configurations for AWS User Notifications, enabling centralized configuration and visibility of notifications across an AWS Organization. The Management Account or up to five Delegated Administrators (DAs) can configure and view notifications for specific OUs or all accounts rolling up to the organization. Events from member accounts generate notifications in the Management Account and can push to the AWS Console Mobile Application and the Admin Console Notifications Center. This capability works with any Amazon EventBridge-supported event and is available in all Regions where AWS User Notifications is offered.

🔔 AWS has extended AWS Backup Audit Manager to produce organization-wide, cross-account and cross-Region reports in six additional Regions: Asia Pacific (Hyderabad, Jakarta, Melbourne), Europe (Spain, Zurich), and Middle East (UAE). Using an AWS Organizations management or delegated administrator account, you can aggregate compliance and operational backup data across accounts and Regions. The feature centralizes policy enforcement and helps demonstrate adherence to business and regulatory data protection requirements.

🔍 Amazon EC2 today announced AMI Usage, a new capability to track AMI consumption across AWS accounts and resources. It generates reports listing accounts that use your AMIs in EC2 instances and launch templates and shows utilization across instances, launch templates, Image Builder recipes, and SSM parameters. This reduces the need for custom scripts, helps safely manage AMI deregistrations, and supports cost optimization. AMI Usage is available at no additional cost in all AWS regions, including China and GovCloud.

🌐 Amazon Neptune now supports Public Endpoints, enabling developers to connect to Neptune clusters directly from development desktops without VPNs, bastion hosts, or complex network setups. The capability can be enabled for new or existing clusters running engine version 1.4.6 or later via the AWS Console, CLI, or SDK. Security is maintained using IAM authentication, VPC security groups, and encryption in transit. The feature is available at no additional cost in all Regions where Neptune is offered.

💡 Microsoft Cost Management released a set of July–August 2025 updates to help organizations monitor and reduce Azure spend. The release adds service principal support for the Partner Admin Reader role, enabling EA indirect partners to programmatically access cost data without interactive accounts. Other highlights include a Pricing Calculator user tip, new cost-saving offers such as Azure Firewall ingestion-time transformation (GA) and the Azure Storage Mover preview, updated documentation on billing and reservations, and new instructional videos on cost allocation and Copilot for cost insights.

🔍 Amazon Managed Service for Prometheus now exposes applied quota values and utilization through AWS Service Quotas and Amazon CloudWatch. This integration delivers centralized visibility of service limits across workspaces, enables quick quota increase requests, and provides usage metrics that you can incorporate into CloudWatch alarms and dashboards. Usage metrics are always enabled, provided at no extra cost, and accessible via console, APIs, and CLI in all regions where the service is generally available.

🔔 AWS CloudFormation Hooks now supports managed proactive controls, allowing teams to validate resource configurations against AWS best practices without writing custom Hook logic. Customers can select controls from the AWS Control Tower Controls Catalog and apply them during CloudFormation operations, and run them in warn mode for nonblocking evaluation before enforcing policies. A new Hooks Invocation Summary page provides a centralized historical view of control executions and outcomes to simplify compliance reporting and troubleshooting.

🔧 AWS Clean Rooms now lets customers configure compute size for PySpark analyses, enabling selection of instance type and cluster size at job runtime for each analysis. Customers can choose larger instances for complex datasets and higher performance or smaller instances to optimize costs. The change provides flexible, per-job resource allocation to balance scale, throughput, and budget while maintaining Clean Rooms' collaborative data protections.

🔒 AWS Clean Rooms now lets collaboration owners add new data provider members to existing collaborations, enabling partners to contribute data without creating a separate collaboration. New members can be configured to only supply data while inheriting the collaboration’s existing privacy controls and access rules. Invitations and member additions are recorded in the collaboration change history for transparency and auditability. This reduces onboarding time for multi‑party workflows such as publisher–advertiser measurement and third‑party enrichment.

🔁 The AWS Deadline Cloud client now includes a command to automatically download outputs for completed jobs from a specified queue. The command detects output files that Deadline Cloud has stored in Amazon S3 and restores them to the local paths defined during job creation. It can be scheduled with cron or Task Scheduler to run periodically, enabling unattended retrieval for final review and delivery.