All news with #cloud security tag

🔒Thiébaut Meyer and Lia Wertheimer of Google Cloud’s Office of the CISO present a conversation with Matt Rowe, CSO of Lloyds Banking Group, on building resilience across both technology and teams. They argue resilience requires a dual approach: operational resilience through tool consolidation and a secure-by-default architecture, and cultural resilience through psychological safety, disciplined prioritization, and intentional pauses. Practical guidance includes shifting down the stack to reduce sprawl, embedding security goals into business priorities, and leaders modeling transparency to normalize speaking up. The interview frames resilience as a structural design choice rather than an exercise in individual endurance.

🔒 Organizations must treat AI as part of their core architecture rather than a separate stack. Effective protection extends existing controls — identity, policy enforcement, observability, and data governance — across AI interfaces, private LLMs, and agentic systems. Security requires coordinated runtime enforcement at firewalls, API gateways, and SIEM with zero-trust principles. Fortinet positions converged platforms as the way to embed AI guardrails into the foundational operating model.

🔒 Cyberattacks on healthcare have surged since COVID-19, driven by telehealth adoption, cloud migration, and interconnected medical devices. Experts identify seven primary threats — ransomware, cloud misconfigurations, web application exploits, bad bots, phishing, insecure smart devices, and generative AI misuse — that target EHRs, PHI, and clinical availability. Under-resourced teams and extensive third-party dependencies amplify the operational and patient-safety impacts.

🔐 Amazon Quick now supports document-level access controls for Google Drive knowledge bases, allowing organizations to retain native Google Drive permissions when indexing content. Quick combines indexed ACL replication for fast pre-retrieval filtering with a second layer of real-time permission checks against Google Drive at query time to prevent stale or mis-mapped access. When a user queries, Quick verifies their current Drive permissions before generating a response, ensuring answers reflect live access rights. This capability respects individual file and folder permissions and is available in all AWS Regions where Amazon Quick is offered. To enable it, create or update a Google Drive knowledge base in the Amazon Quick console and configure document-level access controls in the integration settings.

🌐 AWS Elastic Disaster Recovery (AWS DRS) now supports IPv6 for both data replication and control plane connections, enabling replication in IPv6-only or dual-stack environments. Customers can set the internet protocol to IPv6 in replication configuration to use dual-stack endpoints for agent-to-service communication and data transfer, removing the requirement for IPv4 addresses. Existing replication configurations remain on IPv4 by default, and the capability is available in Regions where AWS DRS and Amazon EC2 support IPv6.

🛡️ Amazon CloudWatch pipelines introduces compliance and governance controls to help preserve data integrity and restrict pipeline creation. You can enable a keep original toggle to store raw logs before any transformation, and processed entries now include metadata indicating they were transformed. New IAM condition keys let administrators limit pipeline creation by log source and type. These capabilities are provided at no additional cost and are available in Regions where pipelines is supported.

📧 AWS Billing and Cost Management Dashboards now support scheduled email delivery for dashboard reports. You can configure daily, weekly, or monthly deliveries that send secure links to password-protected PDF reports optimized for offline viewing, and manage recipients through AWS User Notifications. The feature is available at no additional cost in all commercial AWS Regions (excluding AWS China Regions) and is accessible via AWS SDKs and the CLI.

✅AWS RTB Fabric now supports health checks for real-time bidding workloads running on EC2 Auto Scaling groups, providing continuous monitoring and automatic routing to healthy instances via configurable settings in RTB responder gateways. This reduces failed bidding transactions caused by bootstrapping, draining, or instance failures and helps AdTech operators improve uptime and lower error rates. The capability is generally available in multiple AWS Regions and integrates with a broad set of advertising partners.

🔍 Amazon Bedrock now supports cost allocation by IAM principal in AWS Cost and Usage Report 2.0 (CUR 2.0) and Cost Explorer. Customers can tag IAM users and roles with attributes like team, project, or cost center, activate those tags as cost allocation tags, and either include caller identity in a CUR 2.0 export or filter by tags in Cost Explorer. This capability is available in all AWS commercial Regions where Amazon Bedrock is offered.

🏆 Microsoft has been named a Leader in The Forrester Wave: Sovereign Cloud Platforms, Q2 2026, reflecting strong scores for current offering and strategy. The recognition highlights Microsoft’s platform approach that applies consistent sovereign controls across public cloud, private cloud, and partner-operated national clouds using technologies such as Azure Arc, Azure Local, and region-specific residency controls like EU Data Boundary. It underscores Microsoft’s commitment to help organizations adopt cloud and AI while maintaining control, compliance, and operational independence.

🔍 Cybersecurity firm Darktrace has identified a new variant of the Chaos botnet that targets misconfigured cloud deployments, expanding the malware's focus beyond routers and edge devices. The 64-bit ELF binary was delivered to a deliberately misconfigured Hadoop honeypot via an HTTP request that created an application embedding shell commands to fetch and execute the payload from pan.tenire[.]com. The updated sample removes SSH- and router-based spread features and instead implements a SOCKS proxy, enabling compromised hosts to relay attacker traffic and broadening the botnet's monetization and evasion capabilities.

🔒 Google Cloud has been named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026. The company emphasizes a sovereignty-by-design approach across three offerings: Google Cloud Data Boundary with Assured Workloads, Google Cloud Dedicated, and Google Distributed Cloud. Forrester highlighted Google’s roadmap and AI sovereign development capabilities as key differentiators. These options address data residency, operational autonomy, and fully air-gapped deployments for regulated organizations.

💡 This Azure blog launches a multi‑part Cloud Cost Optimization series that guides organizations on maximizing ROI from AI while controlling consumption‑based expenses. It identifies primary cost drivers—variable usage patterns, specialized infrastructure, and cross‑team lifecycle activities—and explains why AI cost optimization differs from conventional cloud cost control. The post urges linking cost decisions to measurable business outcomes and adopting continuous governance to sustain long‑term value.

🔎 Unit 42 found that Amazon's AgentCore Code Interpreter sandbox permitted recursive DNS resolution, enabling covert DNS tunneling that can exfiltrate and receive data despite advertised isolation. They also identified a regression in the microVM Metadata Service where MMDSv1 accepted unauthenticated HTTP GETs without session-token enforcement, exposing credentials and pre-signed S3 artifacts. AWS was notified and implemented mitigations including documentation updates, setting MMDSv2 as the default for new runtimes, and providing APIs to disable v1 on legacy agents.

🚀 Amazon Lightsail is now available in the Asia Pacific (Malaysia) Region, bringing Lightsail's simplified cloud compute and networking to customers in Malaysia and neighboring countries. The launch offers lower latency, improved performance and helps meet local data residency requirements. Customers gain access to instances (general purpose, compute- and memory-optimized), managed databases, containers, load balancers and predictable pricing via the Lightsail Console, AWS CLI and SDKs.

🔎 While reviewing five popular SIEM solutions for a security awards panel, the author observed consistent marketing claims—24/7 SOCs, AI-driven detections, integrations and SLA promises—but a notable omission: how vendors manage multi-tenancy. The piece explains the engineering risk of the “noisy neighbor” effect in shared cloud stacks and shows how poor isolation can produce ingestion latency, delayed detection and violated SLAs. It recommends concrete architectural controls—admission control, fair-share scheduling and resource partitioning—and urges buyers to demand transparency or opt for dedicated clusters when compliance or performance require strict isolation.

🔒 SageMaker Data Agent now supports cross-region inference profiles for Japan (JP-CRIS) and Australia (AU-CRIS) via Amazon Bedrock. Inference requests originating in Asia Pacific (Tokyo) and Asia Pacific (Sydney) are processed entirely within their respective geographies, helping customers meet data residency and sovereignty requirements. Data Agent continues to provide conversational data exploration, Python and SQL code generation, troubleshooting, and analytics inside SageMaker Unified Studio Notebooks and the Query Editor, with traffic routed exclusively over the AWS Global Network.

🔁 Azure IaaS delivers an enterprise-grade platform with built-in capabilities across compute, storage, and networking to help keep mission-critical applications available during hardware issues, maintenance, zonal disruptions, and regional incidents. The platform emphasizes isolation, redundancy, failover, and recovery through features like Virtual Machine Scale Sets, availability zones, and multiple storage redundancy tiers. Networking services such as Azure Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door help maintain reachability and reroute traffic when paths fail. Customers are encouraged to combine these primitives with IaC, testing, and operational practices to meet workload-specific RTO/RPO objectives.

⚡ Oracle Database@AWS (ODB@AWS) now provides consistent sub-millisecond roundtrip latency between Amazon EC2 instances and ODB@AWS databases. By automatically optimizing compute placement within ODB@AWS networks, customers can migrate latency-sensitive workloads — such as payment processing and securities trading — to AWS while using existing EC2 APIs and workflows. There is no additional charge for EC2 instances using the optimized placement; the capability is available in six Regions today, with more Regions planned.

🔒 Unit 42 disclosed a permissions flaw in Vertex AI where the default Per-Project, Per-Product Service Agent (P4SA) can expose credentials and OAuth scopes via the metadata service. Researchers showed attackers could use those credentials to pivot into customer projects, read Google Cloud Storage buckets, and download images from restricted Artifact Registry repositories. Google updated docs and advises using BYOSA and least-privilege scopes; organizations should validate agent permissions before deployment.