All news with #cloud security tag

🌐 AWS has made Amazon Route 53 Global Resolver generally available, delivering an internet-reachable anycast DNS resolver that provides secure, reliable DNS resolution for authorized clients worldwide. The service is available across 30 AWS Regions and supports both IPv4 and IPv6 DNS query traffic. It offers DNS query filtering to block malicious, NSFW, and advanced DNS threats like DNS tunneling and DGAs, includes centralized query logging, and now adds protection against Dictionary DGA threats. New customers can explore a 30-day free trial.

⚠️ Google reports attackers increasingly exploit newly disclosed third‑party vulnerabilities to gain cloud access, with the exploitation window shrinking to days. Bug exploits, especially RCE flaws like React2Shell and XWiki, accounted for 44.5% of intrusions while credential-based breaches fell to 27%. Incidents include OIDC abuse via compromised packages, long-term espionage by state-linked groups, and insider-facilitated exfiltration, prompting calls for automated response.

🎮 Sony Interactive rebuilt its global Entitlements service on Google Cloud Spanner, migrating from Apache Cassandra and Oracle to a single, strongly consistent distributed SQL datastore. They normalized the schema, co‑located each player's entitlements with their account, eliminated a 500+ TB redundant search index, and reduced per‑player storage from ~3 MB to 0.12 MB. The live migration completed with zero downtime and delivered ~91% storage reduction, ~48% cost savings, and immediate cross‑region visibility via Spanner's TrueTime and geo‑partitioning. Engineers now maintain a simpler stack and can scale regionally to hundreds of nodes without rework.

🔒 AWS has completed the 2026 Dubai Electronic Security Centre (DESC) annual certification audit and retained its Tier 1 Cloud Service Provider (CSP) status for the Middle East (UAE) Region. The assessment was validated by independent auditor BSI, and the renewed DESC certificate is available through AWS Artifact, valid to January 22, 2027. AWS added 10 services into scope, bringing the total to 108 services in the region—about a 10% increase.

🔒 Google Cloud published a recommended security checklist based on Minimum Viable Secure Product principles, offering 60 curated controls across six domains to help organizations harden cloud environments. The tiered Basic, Intermediate, and Advanced guidance is designed to be simple and scalable. It’s also automatable via a companion Terraform repository and positioned as AI-ready to support adoption of agentic AI. Early customers reported the checklist enabled rapid activation of critical controls and hardened baselines in a single session.

🔔 AWS Shield now surfaces network security director findings in AWS Security Hub, giving centralized visibility into missing or misconfigured network controls across an AWS Organization. The capability detects gaps in services such as AWS WAF, VPC security groups, and VPC network ACLs and provides remediation recommendations. Findings also appear in the Security Hub Inventory, and severity is determined by the misconfiguration combined with the resource's network topology.

🔒 AWS completed its annual recertification audit with no findings, extending its ISO and CSA STAR coverage. The update adds the Asia Pacific (Taipei) Region and AWS Deadline Cloud to the scope and reconfirms compliance with standards including ISO 9001, 27001, 27017, 27018, 27701, 20000-1, and 22301. These certifications underscore AWS's commitment to robust security, privacy, and service management controls. Customers can view certificates via AWS Artifact or the AWS ISO and CSA STAR Certified page.

🔐 AWS now includes the ARN of the policy that caused an AccessDenied error for same-account and same-organization requests. This enhancement adds only the policy ARN (not policy content) for SCPs, RCPs, permissions boundaries, session policies, and identity-based policies, and does not change authorization logic. The rollout begins early 2026 across all Regions, improving troubleshooting and cross-team communication.

⚙️ The Azure IaaS Resource Center centralizes guidance, demos, architectures, and best practices to help teams design, optimize, and operate cloud infrastructure across compute, storage, and networking. It advocates a system-level approach that unifies hardware, intelligent software, networking, and orchestration to deliver consistent performance and resiliency. The center highlights built-in security, AI-ready VM families, scalability options, and cost-optimization tools to align infrastructure decisions with business outcomes.

🧰 The new Java SDK for the Model Context Protocol (MCP) Toolbox for Databases delivers type-safe, production-grade agent orchestration for Java and Spring Boot environments. It integrates with 42+ data sources, including AlloyDB, Cloud SQL, and Cloud Spanner, and simplifies secure, parameterized mappings from natural language intents to database operations. The SDK is designed for stateful, high-concurrency transactional agents and leverages Application Default Credentials for zero-config security.

🔒 This Google Cloud blog outlines a reference architecture to deliver private-IP only connectivity for retrieval-augmented generation (RAG) applications that must not transit the public internet. It describes a multi-project topology—routing project, Shared VPC host, and service projects for Data Ingestion, Serving, and Frontend—and maps required services such as Cloud Interconnect/Cloud VPN, Network Connectivity Center, Private Service Connect, Cloud Router, Cloud Armor, and VPC Service Controls. The post also details RAG population and inference flows to show end-to-end private traffic paths and highlights management and routing orchestration for hybrid and VPC spokes.

⚡ The week's highlights show attackers exploiting critical infrastructure, cloud APIs, AI tooling, and consumer devices. Cisco SD‑WAN zero‑day (CVE‑2026‑20127) is being actively exploited to gain administrative access, while a string of high‑severity CVEs across vendors requires immediate attention. Misuse of trusted services — from Google Sheets and Gemini to autonomous AI agents — combined with exposed keys, is enabling stealthy, scalable access. Organizations should prioritize patching, tighten access to AI and cloud keys, and use continuous testing to validate defenses.

🔒 CISOs should treat innovation as a control: enable safe experimentation while reducing exposure across AI, IoT and cloud. The article urges leaders to remove toil, standardize repeatable patterns, and provide golden paths so secure options are also the fastest. It recommends guardrails, mandatory exit criteria for pilots, and measurable outcomes to prevent innovation debt. The goal is to accelerate business velocity while demonstrably reducing risk.

🔍 Enterprises are re-evaluating data center strategies as AI adoption, rising energy costs and regulatory pressure reshape requirements. Many organizations are bringing workloads back from public clouds and investing in modern on-premises or private cloud models to regain control, ensure compliance and optimize efficiency. Edge, IoT and AI inference add new location, latency and power demands, forcing hybrid decisions that balance performance with geopolitical and economic realities.

🔄 Enterprises are reimagining data centers as they modernize infrastructure to balance on‑premises, public cloud and edge deployments. Many are repatriating workloads and evaluating hybrid or private cloud models to retain control, meet data‑protection requirements and improve efficiency. Simultaneously, AI inference, IoT and edge compute impose new demands on latency, location and power delivery. Rising energy prices and geopolitics are increasingly central to site selection and long‑term capacity planning.

🔒 AWS Resource Access Manager (RAM) now provides a resource share configuration that preserves shared access when accounts move between AWS Organizations. The new RetainSharingOnAccountLeaveOrganization parameter and the ram:RetainSharingOnAccountLeaveOrganization condition key allow administrators to retain access to resources such as Route53 Resolver Rules, Transit Gateways, and IPAM pools when accounts leave an organization. Security teams can enforce the setting using Service Control Policies (SCPs). RAM will treat moved accounts as external principals, requiring explicit invitation acceptance to maintain access. This capability is available in all AWS commercial Regions at no additional cost.

🔒 Eventarc Advanced is Google Cloud’s serverless eventing platform that separates centralized governance from distributed processing to balance SecOps control with developer autonomy. The platform uses a managed bus to enforce IAM, content-based access control, VPC Service Controls and required metadata while team-owned pipelines perform schema-aware transforms, format conversion, retries and destination auth. Generally available in August 2025, it addresses historical ESB and EDA governance gaps by combining fine-grained policy with team-level integration logic.

🚀 Amazon Bedrock now offers an OpenAI-compatible Projects API within the Mantle inference engine, enabling customers to create isolated projects for separate applications, environments, or teams. Each project supports distinct IAM-based access controls and tagging to improve security boundaries and cost visibility. The feature is available for OpenAI-compatible APIs, the Responses API, and Chat Completions through Mantle. There is no additional charge beyond model inference consumption.

🚀 PayPal completed a multi-year, large-scale migration of more than 300 petabytes of analytics data into BigQuery on Google Cloud to create a unified data foundation for generative AI. The initiative consolidated disparate platforms — including Teradata, Hadoop, Redshift, and Snowflake — and reduced vendor complexity. PayPal automated migration tasks, used live dashboards, and integrated FinOps to maintain zero business downtime while enabling faster queries and much fresher data for AI model training.

🔒 FortiGate-as-a-Service (FGaaS) delivers full FortiGate firewall capability as a cloud-hosted, consumption-based service running on purpose-built Fortinet hardware in Fortinet-managed, ISO- and SOC 2-certified data centers. It combines the performance and deep inspection of on-prem FortiGate with unified management, FortiGuard threat services, and optional SOC/MSSP-managed operations for faster deployment and predictable OpEx pricing.