All news with #data security tag

🔧 Amazon OpenSearch Serverless now supports Derived Source, a feature that reconstructs the _source field on demand using indexed values instead of storing a separate copy. This reduces storage consumption for collections such as time-series and log analytics that contain many indexed fields. You can enable Derived Source at the index level when creating or updating mappings. The feature is available today in all AWS Regions where OpenSearch Serverless is supported.

🧭 This article explains why agentic workflows need near-100% accuracy when they query enterprise databases and how comprehensive context engineering can deliver it. It introduces QueryData as a tool that combines three context pillars—Schema Ontology, Query Blueprints, and Value Searches—to guide LLMs toward correct, auditable SQL. A real-estate tenant onboarding example illustrates the risk of compounding errors, and the post recommends templates, facets, and database-aware value lookups to ensure both accuracy and explainability for human-in-the-loop verification.

🔐 Amazon Quick now supports document-level access control lists (ACLs) for Amazon S3 knowledge bases, enabling granular permissions for documents and folders. You can configure ACLs with a centralized global ACL configuration file or with per-document metadata files for faster, targeted permission updates. ACLs are permanent at knowledge base creation and documents without an ACL entry are not ingested. The feature is available in all AWS Regions and is documented in the Amazon Quick User Guide.

🧊 Google announced preview read/write interoperability between BigQuery and Iceberg-compatible engines via the Google-managed Iceberg REST Catalog. The capability lets BigQuery, Trino, Spark, Flink and others create, update, and query a single Iceberg table type while enforcing unified governance and table-level access controls. Customers can offload compaction and garbage collection to BigLake to reduce small-file and metadata bloat and improve query performance.

🏠 Rightmove migrated from siloed on-premises databases to Google Cloud to build a unified analytics and AI platform it calls the data hive. Using BigQuery, Vertex AI, and Looker, the company extracts metadata from listings and images to deliver personalized search, agent-assist messaging, and an Automated Valuation Model. The hub-and-spoke architecture centralizes governance while enabling business units to run tailored forecasting and ML use cases. Around 300 staff now use the platform to convert data into operational and commercial value.

🔒 Amazon CloudWatch Logs Infrequent Access (Logs IA) now supports expanded analytics and data protection capabilities, including OpenSearch PPL and OpenSearch SQL query support. These additions let customers run advanced, flexible queries on infrequently accessed logs while keeping data consolidated natively on AWS. Built-in data protection can automatically detect and mask sensitive information in logs, helping organizations meet security and compliance requirements without manual redaction. Logs IA remains a lower-cost ingestion class with existing features like Logs Insights Query Language, S3 export, and encryption, making it suitable for ad-hoc troubleshooting and forensic analysis.

🔒 Shadow AI — the unapproved use of AI tools and embedded AI features — is proliferating as employees seek productivity gains and vendors quietly enable capabilities. CISOs should first assess data sensitivity, storage practices and whether corporate inputs are being used to train models. After evaluating risk, organizations must choose to block or formally integrate tools and apply mitigations such as filtering, acceptable-use policies and targeted employee education. Clear governance, cross-functional review and simple approval pathways help balance innovation with security without unduly punishing productive behavior.

🚀 Amazon Redshift now accelerates new queries by up to 7x, improving response times for low-latency SQL workloads such as BI dashboards, ETL pipelines, near‑real‑time analytics, and autonomous AI agents. The service uses a composition-based compilation optimization that lets queries start immediately while highly optimized, query-specific code is compiled in the background. This enhancement is enabled by default across provisioned clusters and serverless workgroups in commercial AWS Regions, requires no customer action, and is provided at no additional cost.

🔐 CISOs are updating data protection strategies as employees rapidly adopt AI tools that access and expose sensitive information. Leaders such as Scott Kopcha at Goodwin Procter and experts from SANS and Health-ISAC warn that traditional controls and many DLP tools are insufficient for the multiple ways AI can interact with data. Organizations are prioritizing data classification, identity and access management, continual monitoring, zero-trust, and ongoing vendor evaluations to close gaps and show due diligence.

🔐 AWS announced IAM-based authorization in the AWS Glue Data Catalog for Amazon S3 Tables and Apache Iceberg materialized views. The change allows administrators to consolidate storage, catalog, and query engine permissions into a single IAM policy, simplifying access management for analytics services. Customers can still opt into AWS Lake Formation for fine-grained controls and manage access via Console, CLI, API, or CloudFormation.

🔒 AWS is introducing pricing for VPC Encryption Controls, a regional capability that audits and enforces encryption-in-transit for traffic within and across Virtual Private Clouds. The feature supports Monitor mode to detect unencrypted flows and Enforce mode to prevent the creation or operation of resources that allow unencrypted traffic. Beginning March 1, 2026, AWS will apply a fixed hourly charge to every non-empty VPC with Encryption Controls enabled; empty VPCs enabled with the feature are not charged. When encryption is enabled on a Transit Gateway, standard VPC Encryption Controls charges apply to all VPCs attached to that Transit Gateway regardless of each VPC's mode or whether they are empty.

🔒 More than half of national security organizations still rely on manual processes to transfer sensitive data, the CYBER360 report warns. The article highlights how human-dependent transfers introduce delays, audit gaps, and exploitable seams that adversaries can weaponize. It urges adoption of automated, policy-driven controls—centered on Zero Trust, data-centric protection, and cross-domain solutions—to restore speed, accountability, and mission resilience.

🔒 AWS Clean Rooms now supports catalog federation for remote Apache Iceberg REST catalogs, enabling direct, secure access to Iceberg tables stored in Amazon S3 without replicating table metadata. Using AWS Glue catalog federation, organizations can include remote Iceberg catalogs in Clean Rooms collaborations so partners can jointly analyze combined datasets while keeping underlying data private. This reduces the need for ETL pipelines and simplifies cross‑party analytics between organizations such as publishers and advertisers.

🔒 A new study from ETH Zurich and Università della Svizzera italiana shows that cloud-based password managers, including Bitwarden, Dashlane, and LastPass, can be vulnerable to password recovery and integrity attacks under a malicious-server model. Researchers identified 25 distinct attack variants ranging from metadata leakage and item swapping to full organizational vault compromise. Vendors have issued patches or mitigation roadmaps and say there is no evidence of in-the-wild exploitation.

🔐 A team of researchers from ETH Zurich and USI disclosed 27 successful attack scenarios against cloud-based password managers from Bitwarden, LastPass, Dashlane and 1Password, challenging vendors' zero-knowledge claims. The attacks exploit design and cryptographic flaws — including unauthenticated public keys, missing ciphertext integrity and KDF downgrades — enabling vault compromise, password recovery and mass takeover. Vendors report remediation is underway; users should verify fixes and follow advisories.

🔒 AWS Backup now supports AWS PrivateLink for SAP HANA systems running on Amazon EC2. This lets customers route backup traffic over private VPC endpoints instead of the public internet, helping meet security and compliance requirements for regulated workloads. Organizations subject to HIPAA, PCI DSS and privacy frameworks can maintain end-to-end private connectivity for both application and backup data. The feature is available in all AWS Regions that support SAP HANA on EC2; to enable it, update the Backint agent and add the backup-storage VPCE to your VPC.

🔐 Bitwarden has introduced Cupid Vault, a free feature that lets users create a two-person shared Organization to securely share login credentials with a trusted email address. Owners assign credentials to the second member, can verify enrollments using a fingerprint phrase to prevent man‑in‑the‑middle attacks, and can revoke access at any time; the Organization vault is isolated from personal vaults. Cupid Vault is limited to two users and two collections and is distinct from Bitwarden's paid Family, Teams, and Enterprise plans that provide broader sharing and role-based controls.

📦 AWS announced that AWS Data Transfer Terminal is now available in six additional locations: Seattle and Phoenix (US), London (UK), Paris (France), Sydney (Australia), and Tokyo (Japan), expanding its footprint beyond San Francisco, Los Angeles, New York City, and Munich. These secure physical facilities let customers upload large datasets directly to Amazon S3, Amazon EFS, and other AWS services over high-throughput connections, accelerating ingestion and enabling immediate analytics and ML processing for media, automotive, financial, and industrial workloads.

🔐 Amazon OpenSearch Serverless now supports Collection Groups, enabling you to share OpenSearch Compute Units (OCUs) across collections that use different AWS KMS keys. This shared compute model reduces overall OCU costs while preserving collection-level security and access controls. Collection Groups also let you set minimum and maximum OCU allocations, allowing predictable startup capacity and eliminating cold-start latency for latency-sensitive workloads.

🏥 AWS HealthImaging now supports storing and retrieving lossy compressed medical images using the JPEG XL DICOM transfer syntax (1.2.840.10008.1.2.4.112). This enables applications such as digital pathology whole slide imaging systems to consume native JPEG XL-encoded frames without on-the-fly transcoding. HealthImaging preserves image fidelity, reduces storage costs, and avoids retrieval latency caused by transcoding. JPEG XL support is available in all Regions where the service is generally available.