< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 3 of 31

Plan and Migrate Data with Azure Storage

📌 This blog explains a structured approach to enterprise storage migration using Microsoft tools. It emphasizes planning, assessment, and choosing the right migration path based on data volume, connectivity, and downtime tolerance. Key solutions covered include Azure Migrate, Azure Storage Mover, Azure Data Box, and a preview Azure Copilot Migration Agent. The post illustrates phased strategies, real customer examples, and guidance for regulated and AI use cases.
read more →

Palo Alto DNS Security Preview for Route 53 Resolver

🛡️ Amazon Web Services announces a preview integration of Palo Alto Networks Advanced DNS Security with Route 53 Resolver DNS Firewall. Security teams can now subscribe to PANW protections directly from the DNS Firewall console and apply categories like Command and Control, Malware, and Phishing without deploying separate firewalls. The integration supports hybrid traffic, AWS multi-account management, centralized visibility via AWS Security Hub, and preview availability across multiple regions.
read more →

AWS Cost Explorer preserves billing history for accounts

📊 AWS announces Cost Explorer historical data retention for accounts in billing groups. Customers using AWS Billing Conductor and Billing Transfer can map accounts to billing groups and view billing data priced at the payer or Bill-Transfer account's pro forma rates. Previously, billing group mapping restricted access to historical billing data priced at AWS billable rates. Accounts already onboarded will retain access to their historical Cost Explorer data with no additional action required.
read more →

AWS Lambda Managed Instances adds tag propagation

🔔 AWS Lambda Managed Instances (LMI) now supports tag propagation to automatically apply tags to managed resources such as Amazon EC2 instances, Amazon EBS volumes, and ENIs. This enables consistent cost allocation, enforcement of service control policies, and compliance across resources provisioned by LMI. Configure the PropagateTags setting via CreateCapacityProvider or UpdateCapacityProvider in Explicit mode and provide key-value pairs; the feature is available in all commercial Regions where LMI is GA.
read more →

Amazon unveils CloudWatch metrics centralization

📣 Amazon Web Services announced general availability of CloudWatch Metrics Centralization, enabling replication of CloudWatch and OpenTelemetry metrics cross-account and cross-region into a single destination account. Enterprise teams can use AWS Organizations to define centralization rules that automatically replicate metrics for unified querying, alarming, compliance, and governance. The feature supports Metrics Insights, dashboards, alarms, Metric Math, anomaly detection, Metric Streams, and PromQL and is available in multiple global AWS Regions.
read more →

Sovereign Cloud Alone Won’t Solve AI Risk

🔒 European enterprises tested sovereign cloud under regulatory pressure and found residency alone doesn’t equal control. Vendors offer sovereignty features, but practitioners at EIC 2026 emphasized that identity governance — not just data location — determines operational sovereignty for AI workloads. Weak identity controls, especially for non-human AI agents, undermine claims of control despite customer-managed keys or regional data centers.
read more →

Palo Alto Networks PBMM Assessment Expands Cloud Coverage

🔒 Palo Alto Networks announced successful completion of a Cloud Medium security assessment by the Canadian Centre for Cyber Security, expanding PBMM coverage across Cortex®, Cortex Cloud and Strata. The assessment validates these cloud services for Protected B / Medium Integrity / Medium Availability environments, enabling organizations handling sensitive Canadian data to use a unified, AI-driven security architecture while maintaining compliance and operational resilience. This milestone highlights PBMM's growing relevance beyond government into critical infrastructure and private sector organizations.
read more →

Scaling Security Scans to Serve Millions

🔍 Cloudflare’s Security Insights runs automated scans to surface risks across accounts, zones, and DNS records. They faced two problems: scans were too infrequent (up to two weeks) and many free accounts were opt-in only. To resolve this they increased scanning throughput ~10x, redesigned Kafka consumers, optimized Postgres bulk inserts, centralized API latency to follow the primary DB, and improved scheduling with per-zone timing, randomization, and adaptive rate limiting.
read more →

Elastic Beanstalk adds CloudWatch Logs in-console view

🗂️ Elastic Beanstalk now surfaces Amazon CloudWatch Logs directly within the environment Logs tab, letting users view and filter log groups and streams without leaving the Elastic Beanstalk console. The Logs tab lists environment-associated log groups (including those matching the aws/elasticbeanstalk//* prefix), auto-selects the most recently active stream, and offers a stream dropdown and filtering options. A "View in CloudWatch" dropdown provides direct links to the log group, log stream, or CloudWatch Logs Insights for deeper analysis. This capability is available across all Elastic Beanstalk platform branches in AWS Commercial and AWS GovCloud (US) Regions where the service is offered.
read more →

Managed Service for Prometheus adds out-of-order ingestion

🔧 Amazon Managed Service for Prometheus now supports out-of-order sample ingestion and a workspace-level rule query offset. By default, workspaces accept late-arriving samples within a 1-minute window, adjustable or disableable. A global rule query offset delays rule evaluations so late samples can be included, improving alerting accuracy. Two new CloudWatch vended metrics provide visibility to tune these settings.
read more →

VPC Flow Logs Adds EC2 Tags and Next-Hop Metadata

🔍 Amazon VPC Flow Logs now supports EC2 resource tag embedding and next-hop interface metadata to simplify network monitoring and troubleshooting. With tag support you can include values from network interfaces, EC2 instances, and Auto Scaling groups, removing the need to join log data with external tag metadata. Next-hop metadata captures interface ID, subnet, AZ, VPC, and interface type to clarify traffic paths through NAT Gateways, NLBs, and Transit Gateways.
read more →

AWS Cost and Usage Report 2.0 adds editable exports

📣 AWS now allows customers to update AWS Cost and Usage Report 2.0 table configurations through the AWS Management Console and SDK/CLI. This change lets users modify export content, time granularity, column selection, export format, and destination settings without deleting and recreating exports. Updated preferences take effect starting with the next scheduled export delivery. The feature removes the previous requirement to recreate exports to adopt new CUR 2.0 schema enhancements.
read more →

Cloudflare adds private origin routing for apps

🛡️ Today Cloudflare launched Application Services for Private Origins in closed beta for eligible Enterprise customers, enabling secure routing to private IP origins without exposing them to the public Internet. This lets Cloudflare’s WAF, bot management, rate limiting, Workers, and other services sit in front of private applications using existing private connectivity such as Cloudflare Tunnel, Cloudflare Mesh, or Cloudflare WAN. The feature uses a toggle on proxied DNS records or an API attribute to instruct Cloudflare’s private networking layer to route traffic to private networks, and extends Layer 4 support via Spectrum for TCP/UDP services.
read more →

AWS launches FinOps Agent preview for cost management

🔍 Today AWS announced the preview of AWS FinOps Agent, a frontier agent designed for FinOps practitioners and engineering teams to answer cost questions, surface optimization opportunities, and automate investigations of cost anomalies. The agent can generate cloud cost reports, surface rightsizing and Savings Plans recommendations from AWS Cost Optimization Hub and AWS Compute Optimizer, and create Jira tickets. It can post anomaly findings to Slack and run recurring FinOps workflows on a defined schedule. The preview is available in US East (N. Virginia) and covers cost and usage data from most Regions; it is offered at no additional charge during the preview.
read more →

EMR Serverless adds Spark Connect interactive sessions

🚀 Amazon EMR Serverless now supports interactive sessions with Spark Connect, enabling development and execution of Apache Spark applications from managed notebooks like SageMaker Unified Studio and common IDEs such as Jupyter and Visual Studio Code. You can monitor and debug active and completed sessions in the EMR console and obtain granular cost and usage visibility for individual sessions. The Spark Connect client-server model keeps your development environment decoupled from the Spark driver, enabling ad hoc exploration, iterative debugging, and incremental PySpark development. Spark Connect support is available in EMR release 7.13 in all regions where EMR Serverless is offered, with the SageMaker experience in supported regions.
read more →

Compute Optimizer detects idle resources across services

🔍 AWS Compute Optimizer now detects idle resources for Amazon DynamoDB provisioned tables, Amazon ElastiCache (Redis and Valkey), Amazon MemoryDB, Amazon DocumentDB (provisioned and serverless), Amazon WorkSpaces, and Amazon SageMaker endpoints. It analyzes utilization metrics over a configurable lookback period and evaluates service-specific signals like consumed capacity, cache hits, active connections, and CPU utilization. Recommendations include detailed utilization metrics and estimated savings, viewable in the console and in the Cost Optimization Hub across AWS Organizations.
read more →

AWS rebrands Application Migration Service to Transform MGN

🔁 AWS Application Migration Service (MGN) has been rebranded as AWS Transform MGN to reflect its role as the replication engine for the agentic AWS Transform migration service. Customers can choose between the AWS Transform MGN console for manual control of replication and cutover or the AWS Transform agentic workflow for automated discovery, wave planning, and rehosting or containerization. AWS Transform MGN keeps existing compliance certifications (FedRAMP High, HIPAA, PCI DSS, ISO, SOC 1/2/3) and is available in all commercial and GovCloud (US) Regions. Refer to the product page and documentation for implementation details.
read more →

Operationalizing AWS security: a maturity roadmap

🔒 This post outlines a practical, phased maturity roadmap for organizations that have enabled AWS Security Hub and Amazon GuardDuty. It emphasizes moving from enabled tooling to operational security practices by assessing current state, tuning signal quality, routing findings, automating safe remediations, and establishing a recurring operational cadence. Each phase includes goals, timelines, deliverables, and decision criteria to measure progress and reduce alert fatigue.
read more →

AWS Transform Adds RDS for SQL Server Cost Assessment

🔎 Amazon RDS for SQL Server now integrates cost assessment into AWS Transform, enabling customers to estimate migration costs from on-premises SQL Server to RDS for SQL Server. AI-powered agents analyze environments and recommend optimal instance types while supporting BYOM and License Included options. The tool includes what-if cost comparisons, Database Savings Plans guidance, and MAP eligibility to help reduce migration expenses.
read more →

Simplified S3 Tables and Iceberg permissions in GovCloud

🔒 AWS Glue Data Catalog now supports IAM-based authorization for Amazon S3 Tables and Apache Iceberg materialized views in AWS GovCloud (US) Regions. This change lets you consolidate required permissions for storage, catalog, and query engines into a single IAM policy. The capability eases integration with analytics services such as Amazon Athena, Amazon EMR, Amazon Redshift, and AWS Glue. You can still opt in to AWS Lake Formation for fine-grained access controls.
read more →