All news with #cloud security tag

🔒 Amazon SageMaker Unified Studio now runs notebook kernels inside the domain-configured Amazon VPC, providing network isolation for interactive ML and data workloads. Kernels inherit VPC settings, subnets, and security groups defined at the domain level, enabling centralized network policy and secure access to private databases, internal APIs, and non-public data sources. This VPC configuration applies to the interactive compute where Python code and dataframes execute; other compute engines have separate VPC considerations. VPC-enabled kernels are available in all Regions where SageMaker Unified Studio is supported.

🔒 AWS Security Hub Extended consolidates AWS and curated partner security services into a unified, pay-as-you-go offering for multicloud full-stack protection. It centralizes procurement, billing, and operations across endpoint, identity, email, network, data, browser, cloud, and AI protections while integrating findings in OCSF format. Customers can onboard via the AWS Console, assign delegated administrator accounts for centralized management, and route normalized findings to tools such as Splunk and 7AI for coordinated response.

🚀 Check Point is rolling out an AI-powered Cloud Firewall as a Service available for preview on Google Cloud and already supported on AWS and Microsoft Azure. The managed service removes the burden of running firewall infrastructure, giving DevOps and security teams time to focus on policy management, compliance, and strategic initiatives. It delivers AI-driven security intelligence, automated policy orchestration, centralized control, and advanced threat prevention across multi-cloud environments. Demos will be shown at Check Point Booth #3101 during Google Next.

🚀 Google has previewed Spanner Omni, a downloadable edition of Spanner that runs outside Google Cloud — on-premises, multicloud, hybrid, and air-gapped environments. It delivers Spanner’s distributed SQL capabilities including high scalability, availability, strong consistency, and multimodal features while replacing cloud dependencies with a Colossus-like storage layer and a software TrueTime alternative. The developer preview is available for non-production use; commercial access requires engaging Google.

🔒 Google announced new capabilities for Google Distributed Cloud (GDC) at Next ’26, bringing Gemini models and an advanced AI stack to on-premises and edge deployments. GDC offers air-gapped and connected deployment models on Google-supplied or customer hardware, and now supports NVIDIA Blackwell GPUs, expanded machine families, and increased storage and I/O. The release adds an AI gateway for optimized inferencing — with dynamic routing, load balancing, quota controls and observability — and a sovereign agentic AI architecture on Kubernetes to run autonomous, secure agents entirely within customer boundaries.

🔒 CrowdStrike's Falcon Cloud Security delivered a 264% return on investment over three years, according to a Forrester Total Economic Impact™ study. By unifying cloud posture management and runtime protection on a single platform, organizations gained real-time cross-domain context, runtime controls, and AI-assisted triage that improved detection and response. The study quantified $13.8 million in benefits with payback in under six months and reported reductions in multicloud tooling costs, investigation time, and false positives.

🔒 Amazon now enables AWS PrivateLink access for Athena Spark, allowing clients in an Amazon VPC to reach Athena Spark APIs and endpoints without traversing the public internet. You can create an interface VPC endpoint to connect to Athena Spark using the AWS Management Console, AWS CLI, or AWS CloudFormation. The endpoint covers all Athena Spark APIs and endpoints — including Spark Connect, Spark Live UI, and the Spark History Server — keeping communication inside the AWS network to support security and compliance requirements.

📌 AWS Lambda now supports S3 Files, allowing functions to mount Amazon S3 buckets as file systems and perform standard file operations without pre-downloading objects. Built on Amazon EFS, S3 Files combines file-system performance with S3 scalability and durability, and multiple functions can share a mounted workspace concurrently. The integration streamlines stateful and AI/ML workflows and is configurable via console, CLI, SDKs, CloudFormation, or SAM; standard Lambda and S3 pricing applies.

🚀 Amazon announced general availability of Amazon MSK Serverless in 13 additional AWS Regions across Asia Pacific, Europe, Israel, and Mexico. The serverless cluster type eliminates manual capacity provisioning by automatically scaling compute and storage, allowing teams to run Apache Kafka workloads on demand. This expansion improves regional availability and can reduce latency and operational overhead for streaming applications.

📍 Amazon Location Service now supports bulk address validation for the United States, Canada, Australia, and the United Kingdom, enabling large-scale address cleaning, standardization, and correction. The feature checks addresses against authoritative postal data, returns confidence and deliverability indicators, and can optionally include geocodes for US, Canada, and Australia. Customers submit jobs via the new Jobs API by uploading records to their own Amazon S3 buckets and retrieving enriched results when processing completes.

⚡ Amazon Aurora Serverless now runs on platform version 4, delivering up to 30% improved performance and an enhanced scaling algorithm that better understands bursty, idle, and unpredictable workloads, including agentic AI applications. The update shifts capacity allocation so the service scales with agents rather than against them and continues to scale down to zero when idle. New clusters, restores, and clones default to version 4; existing clusters can upgrade via maintenance actions, stop/start, or blue/green deployments. Verify platform version in the AWS Console or via the RDS API using ServerlessV2PlatformVersion.

⚠️ Research from the Cloud Security Alliance (CSA) and Token Security warns that unchecked AI agents have caused widespread cybersecurity incidents across enterprises in the past year. The report finds many organizations overestimate agent visibility — 68% claim high visibility while 82% discovered unknown agents — leading to data exposure, operational disruption and financial losses. It highlights weak lifecycle governance, particularly around decommissioning, and calls for unified controls across discovery, policy, monitoring and decommissioning.

🔧 Amazon Elastic Block Store (Amazon EBS) in the AWS European Sovereign Cloud (Germany) Region now supports up to four Elastic Volumes modifications per volume within a rolling 24‑hour window. Elastic Volumes lets you increase size, change type, or adjust performance without detaching volumes or restarting instances. The enhancement is automatically available and permits starting a new modification immediately after the previous one completes, improving operational agility for sudden data growth or workload spikes.

🔐 Amazon EKS now supports seven new IAM condition keys for cluster creation and configuration APIs, giving organizations finer-grained governance over cluster settings. Administrators can enforce private-only API endpoints, require customer-managed KMS keys for secret encryption, restrict approved Kubernetes versions, mandate deletion protection, set control plane scaling tiers, and enable zonal shift. The keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs and integrate with Service Control Policies for centralized multi-account enforcement. They are available in all Regions where EKS is offered at no additional charge.

🔁 Amazon has added enhanced consumer offset synchronization to MSK Replicator, improving bidirectional Kafka replication so consumer applications resume from the correct position when moved across clusters. This lets teams move producers and consumers independently, in any order, without risking data loss or duplicate processing. Previously, offsets synchronized only when producers and consumers ran on the same cluster, which required careful migration sequencing. The feature can be enabled via the AWS Console, AWS CLI, or AWS CloudFormation and is available in all Regions where MSK Replicator is offered.

🔍 Amazon MSK Replicator now delivers replicator logs that provide end-to-end visibility into replication health. The logs surface critical replication events, client errors, and steady-state activity, and include prescriptive guidance to help operators resolve common issues more quickly. Common problems called out in log entries include insufficient permissions on source topics, partition quota exhaustion on target clusters, and records exceeding size limits. You can enable log delivery when creating or updating a Replicator via the AWS Console, AWS CLI, or AWS CloudFormation and forward logs to Amazon CloudWatch, Amazon S3, or Amazon Data Firehose.

🔁 Amazon Web Services announced that Amazon MSK Replicator now supports replicating data from external Apache Kafka clusters—including on‑premises, self‑managed on AWS, or third‑party clouds—into MSK Express brokers. This capability simplifies workload migration, enables MSK Express clusters to act as failover or backup targets for disaster recovery, and supports hybrid and multi‑cloud data distribution. MSK Replicator preserves original topic names, prevents infinite replication loops, and synchronizes consumer group offsets bidirectionally to let producers and consumers move independently without data loss.

🔁 Amazon Connect now supports using flow modules across all flow types, enabling reuse of common logic beyond inbound customer experiences. You can embed modules within other modules to build layered, maintainable processes—examples include sharing recent-transaction data in an agent whisper flow or composing credit-eligibility workflows that invoke score, income, and payment-history checks. This modular approach simplifies development and scaling. The capability is available in all AWS regions offering Amazon Connect.

⚙️ AWS Clean Rooms now supports configurable Spark properties for PySpark analyses, allowing customers to tune memory overhead, task concurrency, and network timeouts on a per-job basis. This capability helps teams adapt resource allocation to specific performance and scale requirements, improving throughput and cost efficiency. For example, pharmaceutical researchers collaborating with healthcare partners can set tailored memory and concurrency settings for large real-world clinical datasets to optimize runtime and expenses.

🔍 This article outlines durable principles for cloud cost optimization and explains why ongoing cost management remains essential as workloads scale. It highlights how AI workloads add unpredictability, iteration-driven spikes, and specialized infrastructure needs that amplify cost risk. The post recommends core practices—visibility, governance guardrails, rightsizing, and continuous review—while distinguishing cost management from action-oriented cost optimization. It concludes by urging measurement of value alongside cost and pointing to Azure guidance such as FinOps and AI ROI resources.