< ciso
brief />
Tag Banner

All news with #cloud security tag

605 articles · page 30 of 31

AWS Clean Rooms Adds Configurable PySpark Compute Capacity

🔧 AWS Clean Rooms now lets customers configure compute size for PySpark analyses, enabling selection of instance type and cluster size at job runtime for each analysis. Customers can choose larger instances for complex datasets and higher performance or smaller instances to optimize costs. The change provides flexible, per-job resource allocation to balance scale, throughput, and budget while maintaining Clean Rooms' collaborative data protections.
read more →

AWS Clean Rooms: Add Data Providers to Collaborations

🔒 AWS Clean Rooms now lets collaboration owners add new data provider members to existing collaborations, enabling partners to contribute data without creating a separate collaboration. New members can be configured to only supply data while inheriting the collaboration’s existing privacy controls and access rules. Invitations and member additions are recorded in the collaboration change history for transparency and auditability. This reduces onboarding time for multi‑party workflows such as publisher–advertiser measurement and third‑party enrichment.
read more →

AWS Deadline Cloud automates job output downloads at scale

🔁 The AWS Deadline Cloud client now includes a command to automatically download outputs for completed jobs from a specified queue. The command detects output files that Deadline Cloud has stored in Amazon S3 and restores them to the local paths defined during job creation. It can be scheduled with cron or Task Scheduler to run periodically, enabling unattended retrieval for final review and delivery.
read more →

AWS Transform for VMware Adds IP Range Flexibility

🔁 AWS Transform for VMware now supports VPC CIDR range modifications to prevent IP conflicts during migrations. The service automatically updates all associated resources — including subnets, security groups, routing tables, and target instances — when you change VPC CIDRs. You can preserve source IPs, apply adjusted addresses aligned to new VPC CIDRs, or choose DHCP-based assignment. Agentic AI automation speeds discovery, planning, and migration workflows and the feature is available in additional regions including US East (Ohio), Europe (Stockholm), and Europe (Ireland).
read more →

AWS Transform Adds Detached Storage Assessment and TCO

🔍 AWS has expanded AWS Transform assessment to analyze on‑premises detached storage infrastructures, including SAN, NAS, file servers, object stores and virtual environments. The new capability maps existing storage to AWS targets such as Amazon S3, Amazon EBS and Amazon FSx, and delivers a comparative Total Cost of Ownership (TCO) analysis. It also provides performance and cost optimization recommendations for compute and storage workloads, noting storage can represent up to 45% of migration opportunities. The assessment is available in US East (N. Virginia) and Europe (Frankfurt).
read more →

Google Cloud Expands Confidential Computing with Intel TDX

🔒 Google Cloud has expanded its Intel TDX-based Confidential Computing portfolio, now offering Confidential GKE Nodes, Confidential Space, and Confidential GPUs alongside broader regional availability. Creating an Intel TDX Confidential VM is exposed directly in the GCE Create an instance flow under the Security tab, with no code changes required. The C3 machine series supports Intel TDX across additional regions and zones, and NVIDIA H100 GPUs on the A3 series enable confidential AI by combining Intel CPU protection with NVIDIA Confidential Computing on the GPU.
read more →

Amazon SageMaker Lakehouse Adds Tag-Based Access Control

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.
read more →

AWS Adds VPC Endpoint Organization-Based Policy Keys

🔐 AWS introduced three new global IAM condition keys—aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID—to simplify network-origin access controls across multiple accounts and OUs. These keys let administrators restrict resource access based on the account, organizational unit path, or organization that owns the VPC endpoint used for a request, reducing the need to enumerate VPC or VPC endpoint IDs. Example use cases include S3 bucket policies and centrally applied RCPs or SCPs to enforce corporate network perimeters and intra-organization segmentation; adoption depends on service support and testing prior to production rollout.
read more →

Microsoft Word to Auto-Save New Documents to Cloud

📝 Microsoft is testing a change that will enable autosave and save new documents to OneDrive by default in Word for Windows, delivered first to Microsoft 365 Insiders in the Beta Channel with Version 2509 (Build 19221.20000) or later. Microsoft says the feature will come to Excel and PowerPoint for Windows later this year. Users can choose a local folder instead or toggle the behavior off via the Save page in Word options. Microsoft lists several known issues being addressed during testing.
read more →

AWS Client VPN adds Windows Arm64 support in v5.3.0

🔐 AWS announced that AWS Client VPN version 5.3.0 adds official support for Windows Arm64, enabling the AWS-supplied desktop VPN client to run on the latest Arm64-based Windows devices. The client remains free of charge and is available in all regions where the service is generally available. Client VPN is a managed service that connects remote users securely to AWS and on-premises networks and continues to support macOS 13–15, Windows 10 (x64), Windows 11 (Arm64 and x64), and Ubuntu Linux 22.04 and 24.04 LTS. Administrators can download and deploy the updated client to bring Arm64 Windows endpoints into supported VPN configurations.
read more →

Cloudflare CASB API Scanning for ChatGPT, Claude, Gemini

🔒 Cloudflare One users can now connect OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini to Cloudflare's API CASB to scan GenAI tenants for misconfigurations, DLP matches, data exposure, and compliance risks without installing endpoint agents. The API CASB provides out-of-band posture and DLP analysis, while Cloudflare Gateway delivers inline prompt controls and Shadow AI identification. Integrations are available in the dashboard or through your account manager.
read more →

Hybrid Mesh Firewall: Unified Security for Hybrid Networks

🔒 Today’s distributed, cloud-first enterprises face complex security gaps across on-premises, cloud and edge environments. The article introduces the Hybrid Mesh Firewall (HMF) model and positions Palo Alto Networks as delivering a complete platform that unifies hardware, virtual, container and FWaaS firewalls under Strata Cloud Manager. It emphasizes Precision AI for continuous, real-time threat prevention and cites integrated security services to simplify operations and reduce blind spots.
read more →

CrowdStrike Named Leader in 2025 Exposure Management

🔒 CrowdStrike has been named a Leader in the 2025 IDC MarketScape for Exposure Management. Falcon Exposure Management delivers AI-native, real-time visibility and prioritization of exposures and attack paths across endpoint, cloud, identity and OT/IoT, helping teams focus on what adversaries can feasibly exploit. It unifies VM, ASM and CAASM capabilities and introduces Network Vulnerability Assessment for continuous discovery of unmanaged network devices without additional agents or hardware. Integrated exposure data is correlated across CrowdStrike Threat Graph, Intel Graph and Asset Graph to support faster, automated remediation.
read more →

AWS Launches Customizable Billing and Cost Dashboards

📊 AWS announces general availability of AWS Billing and Cost Management Dashboards, a customizable feature that consolidates spending data from AWS Cost Explorer, Savings Plans, and Reserved Instance coverage and utilization reports. Users can build cost, usage, Savings Plans, and Reserved Instance widgets with line, bar, stacked bar, or table visualizations, arrange layouts, and share dashboards across accounts. The capability is available at no additional cost in all AWS commercial Regions except AWS China Regions.
read more →

AWS Certificate Manager Adds PrivateLink Access for ACM

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.
read more →

Closing Common Cloud Security Gaps with FortiCNAPP Platform

🔒 FortiCNAPP unifies cloud security across posture, workload runtime, control plane, and application layers to address common gaps that expose cloud-native applications. The platform delivers continuous asset discovery and inventory mapping, built-in CSPM with compliance mappings, runtime workload protection, and CDR that correlates host telemetry with cloud audit logs via composite alerts. Integrated FortiWeb WAF/API protections and CI/CD scanning enable a shift-left workflow so developers and security teams can detect and remediate risks earlier without slowing delivery.
read more →

Palo Alto Networks Opens Local Cloud Region in South Africa

🌍 Palo Alto Networks has launched a new cloud location in South Africa to bring its AI-powered security platforms closer to local organizations. The region will host core services including Cortex XSIAM, Prisma SASE, Advanced WildFire, Advanced DNS Security, Strata Cloud Manager and Strata Logging Service. Local hosting is designed to reduce latency, meet data residency and sovereignty requirements, and deliver real-time detection, automated response and centralized logging. The investment aims to support South Africa’s digital transformation while addressing rising ransomware and phishing threats across the region.
read more →

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.
read more →

Secure File Sharing on AWS: Security and Cost Options

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.
read more →

Migrating Oracle TDE Keystore on EC2 to AWS CloudHSM

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.
read more →