All news with #data retention tag

Amazon ECR adds Archive storage class and lifecycle rules

📦 Amazon Web Services announced a new Amazon ECR Archive storage class to lower costs for large volumes of rarely accessed container images. Lifecycle policies can now archive images by last pull time, age, or count, and archived images are excluded from repository image limits. Archived images are inaccessible for pulls but can be restored via Console, CLI, or API within about 20 minutes, and all operations are logged to CloudTrail; the feature is available in AWS Commercial and GovCloud (US) Regions.

AWS Backup Adds Direct Primary Support for Air-Gapped Vaults

🔐 AWS Backup now lets customers designate a logically air-gapped vault as the primary backup target across backup plans, organization policies, and on-demand jobs. This removes the prior restriction that air-gapped vaults could only hold copies, enabling direct writes to the air-gapped store and reducing duplicate-storage costs. For resource types without full AWS Backup management support, the service still creates a temporary snapshot in a standard vault, copies it into the air-gapped vault, and then removes the temporary snapshot. The capability is available in all Regions that support logically air-gapped vaults and can be selected via the console, API, or CLI.

India DPDP Rules 2025 Make Privacy an Engineering Challenge

🔒 India’s new Digital Personal Data Protection (DPDP) Rules, 2025 impose strict consent, verification, and fixed deletion timelines that require large platforms and enterprises to redesign how they collect, store, and erase personal data. The rules create Significant Data Fiduciaries with added audit and algorithmic-check obligations and formalize certified Consent Managers. Organizations have 12–18 months to adopt automated consent capture, verification, retention enforcement, and data-mapping across cloud, on‑prem, and SaaS environments.

Social Media Privacy Ranking 2025: Platforms Compared

🔒 Incogni’s Social Media Privacy Ranking 2025 evaluates 15 major platforms across data collection, resale, AI training, privacy settings, and regulatory fines. The analysis identifies Pinterest and Quora as the most privacy-conscious, while TikTok and Facebook rank lowest, driven by extensive data use and historical penalties. The report highlights practical differences in opt-outs, data-sharing, and default settings and recommends users review privacy controls and use Kaspersky’s Privacy Checker.

Cybersecurity on a Budget: Strategies for Downturn

🔒 During economic downturns, organizations must preserve cybersecurity with constrained budgets by prioritizing risk-based controls, hardening existing systems, and blending open- and closed-source tools. The blog recommends defense-in-depth, isolating legacy hardware, disabling unnecessary features, and tuning EDR/AV, logging, and network filters to reduce exposure. It also advises retaining skilled incident response partners and investing selectively in early-to-mid career talent to maintain long-term resilience.

Google Cloud Bigtable Adds Tiered Storage for Hot/Cold Data

🔔 Google Cloud previewed Bigtable tiered storage, which automatically moves less-frequently accessed data from high-performance SSD storage to an infrequent access tier while exposing the same Bigtable API. The fully managed feature integrates with Bigtable autoscaling so applications can read and write across hot and cold tiers via a single interface. Google says the infrequent access tier can be up to 85% less expensive than SSD and that a tiered-storage node offers substantially more usable capacity, making it suited for large time-series and telemetry datasets that require long-term retention for analytics or compliance.

Challenges and Best Practices in Internet Measurement

📊 Cloudflare explains why measuring the Internet is uniquely difficult and how rigorous methodology, ethics, and clear representation make findings reliable. An internal February 2022 Lviv traffic spike illustrates how context and complementary data can prevent misclassification of benign events as attacks. The post contrasts active and passive techniques and direct versus indirect measurement, outlines a lifecycle of curation, modeling, and validation, and stresses low-impact, ethical approaches. It concludes by inviting collaboration and continued exploration of passive measurement methods.

DeepSeek Privacy and Security: What Users Should Know

🔒 DeepSeek collects extensive interaction data — chats, images and videos — plus account details, IP address and device/browser information, and retains it for an unspecified period under a vague “retain as long as needed” policy. The service operates under Chinese jurisdiction, so stored chats may be accessible to local authorities and have been observed on China Mobile servers. Users can disable model training in web and mobile Data settings, export or delete chats (export is web-only), or run the open-source model locally to avoid server-side retention, but local deployment and deletion have trade-offs and require device protections.

CISOs' 2025 Priorities: Data, AI, and Simplification

🔒 CSO's 2025 Security Priorities Study finds security leaders are juggling expanding responsibilities while facing greater complexity in selecting the right tools. Seventy-six percent say solution selection is more complex and 57% had trouble finding incident root causes in the past year. Top focuses are protecting sensitive data, securing cloud systems, and simplifying IT infrastructure, with 73% now more likely to consider AI-enabled security. Many plan to rely on managed service providers and maintain level budgets while driving strategic AI and governance initiatives.

ChatGPT privacy and security: data control guide 2025

🔒 This article examines what ChatGPT collects, how OpenAI processes and stores user data, and the controls available to limit use for model training. It outlines region-specific policies (EEA/UK/Switzerland vs rest of world), the types of data gathered — from account and device details to prompts and uploads — and explains memory, Temporary Chats, connectors and app integrations. Practical steps cover disabling training, deleting memories and chats, managing connectors and Work with Apps, and securing accounts with strong passwords and multi-factor authentication.

Quantum Readiness: Why Incident Response Won't Work

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.

AWS Backup Now Adds Schedule Preview for Backup Plans

🗓️ AWS Backup now provides a schedule preview for backup plans, displaying the next ten scheduled backup runs and showing when features such as continuous backup, indexing, or copy settings take effect. The preview consolidates all backup rules into a single timeline so you can quickly identify overlaps, gaps, or configuration conflicts. This capability is available in all AWS Regions and accessible from the AWS Backup console, API, or CLI without additional configuration.

AWS Backup Adds Detailed Job and Audit Report Fields

🔍 AWS Backup now returns more detailed metadata in job APIs and Backup Audit Manager reports to improve visibility into backup configuration and compliance. New fields in backup, copy, and restore job APIs expose retention settings, vault lock and type, encryption details, plan and rule names, schedules, and vault access policies. Delegated administrators can view job details across an organization. These fields are available today in supported Regions at no extra charge.

Trump Administration Expands Social Media Visa Surveillance

🔍The Brookings report details the Trump administration’s expanded social media surveillance to identify and punish foreign nationals for public speech. Agencies historically gathered millions of handles, but Secretary of State Marco Rubio has promoted a zero-tolerance “Catch and Revoke” policy that uses AI to flag conduct deemed contrary to national interest. Rubio said about 300 visas—mainly student and visitor visas—were revoked, and a State Department cable now requires student applicants to set accounts public for vetting.

How to Scrub and Minimize Your Digital Footprint Effectively

🔍 Regularly search for yourself—names, emails and usernames—to uncover forgotten accounts, impersonators, and exposed data. Delete obsolete accounts, revoke third‑party access, clear browser and device traces, and use unique passwords stored in a reliable manager. Use tools like Just Delete Me and breach monitors such as Have I Been Pwned, invoke your right to be forgotten where applicable, and request archive removals. Tighten app permissions, unsubscribe from old lists, and consider privacy‑focused services or stronger 'paranoid' measures if needed.

Flock License-Plate Surveillance Raises Legal Concerns

🔍 A U.S. District Court complaint alleges that Norfolk, Virginia’s 176 Flock Safety automated license-plate readers tracked plaintiffs repeatedly as they drove — one retired veteran was logged 526 times and another resident 849 times between mid-February and early July. The September lawsuit contends that this pervasive, warrantless tracking raises serious Fourth Amendment and privacy issues. The ACLU and a 2024 ruling by Judge Jamilah LeCruise, which excluded warrantless plate-reader data in a robbery prosecution, underscore growing legal scrutiny.

Responding to Cloud Incidents: Investigation and Recovery

🔍 Unit 42 outlines a structured approach to investigating and responding to cloud incidents, noting that 29% of 2024 incident investigations involved cloud or SaaS environments. The guidance emphasizes a shift from endpoint-centric forensics to focus on identities, misconfigurations and service interactions. It recommends enabling and centralizing logs, retaining them for at least 90 days, and preparing for rapid evidence collection and VM/container imaging. The article stresses identity forensics, behavioral baselining and surgical containment to avoid alerting adversaries.

Microsoft SFI Patterns and Practices: New Security Guides

🔐 Microsoft published a second installment of the Secure Future Initiative (SFI) patterns and practices, delivering six practical, practitioner-built guides that address network isolation, tenant hardening, Entra ID app security, Zero Trust for source code access, software supply chain protection, and centralized log collection. Each article outlines the problem, Microsoft’s internal solution, actionable customer guidance, and trade-offs to help teams apply scalable controls across complex, multi-cloud environments.

EC2 Image Builder: Pipeline Auto-Disable and Custom Logs

⚙️ EC2 Image Builder pipelines can now be automatically disabled after a configurable number of consecutive failures, and you can assign custom log groups with retention and encryption settings to meet organizational policies. This prevents unnecessary resource creation and repeated failed builds, reducing costs and operational noise. These capabilities are available at no extra charge across all AWS commercial regions and are usable via Console, CLI, API, CloudFormation, or CDK.

Modern Business Continuity and Disaster Recovery Basics

🛡️ Modern disaster recovery and business continuity require a ground-up rebuild to address distributed data, evolving cyberthreats, climate-driven disruptions, and strict breach-reporting obligations. Key elements include executive sponsorship, standing interdisciplinary teams, AI-assisted discovery and classification, continuous and immutable backups aligned with a 3-2-1-1-0 approach, and the design of a minimum viable business to restore core functions. Frequent, gamified tabletop exercises and automated validation complete a resilient program.