All news with #data security tag

🛡️ Generative AI is now central to enterprise work, but rapid adoption has exposed gaps in legacy security models that were not designed for last‑mile behaviors. The piece argues buyers must reframe evaluations around real-world AI use — inside browsers and across sanctioned and shadow tools — and prioritize solutions offering real-time monitoring, contextual enforcement, and low‑friction deployment. It warns against blunt blocking and promotes nuanced controls such as redaction, just‑in‑time warnings, and conditional approvals to protect data while preserving productivity.

🔒 Amazon S3 now supports conditional deletes in S3 general purpose buckets. You can include an HTTP If-Match header with an object's ETag when calling DeleteObject or DeleteObjects; S3 will only delete the object if the provided ETag matches, reducing accidental removals in high-concurrency, multi-writer environments. Administrators can also enforce conditional deletes using the s3:if-match bucket policy condition. The capability is available at no additional cost in all AWS Regions and accessible via the API, SDKs, and CLI.

🔧 Amazon OpenSearch Service announced support for Derived Source, an opt-in feature that lets you omit persisting the document _source and reconstruct it dynamically when needed. The capability, available with OpenSearch 3.1, reduces domain storage by skipping stored _source fields while still supporting search, get, mget, reindex, and update operations. Enable Derived Source at index creation using composite index settings.

🔐 Amazon Athena now supports single sign-on for its JDBC and ODBC drivers using AWS IAM Identity Center’s trusted identity propagation. With updated drivers (JDBC 3.6.0 and ODBC 2.0.5.0), analysts can connect from third‑party BI tools and SQL clients using corporate credentials while Lake Formation permissions are enforced and actions are logged. This removes the need for embedded credentials, simplifies identity‑based data governance, and streamlines access management across tools.

🔒 Signal has introduced an opt-in secure cloud backups feature that creates end-to-end encrypted archives of users' messages and recent media. The capability is available now in the Android beta and will be rolled out to iOS and desktop after testing completes. The free tier stores messages and up to 45 days of media within a 100 MiB limit; a paid $1.99/month plan raises storage to 100 GB and extends media retention. Backups occur daily, exclude soon-to-disappear and view-once messages, and are protected by a 64-character recovery key generated on-device that Signal never receives.

🔒 Encryption is a critical layer in modern data protection, safeguarding sensitive and business‑critical information both at rest and in transit. The article outlines key drivers — remote/hybrid work, explosive data growth, device loss, third‑party risks, ransomware and insider threats — that make encryption essential. It recommends robust algorithms such as AES-256, centralized management and solutions for disks, files, removable media and email, alongside minimal end‑user friction. The piece also warns that regulators and insurers increasingly expect strong encryption as part of compliance and underwriting.

🌍 BigQuery now integrates Earth Engine, enabling analysts to run raster analytics and join satellite-derived imagery with vector data using familiar SQL workflows. Initial capabilities include the ST_RegionStats() geography function plus a curated set of ~20 Earth Engine raster datasets for land cover, weather and climate analysis. With general availability, Google Cloud adds EU regional deployment, an Image Details tab for enhanced metadata visibility, usage and quota controls, and a preview map visualization in BigQuery Studio to render GEOGRAPHY query results on Google Maps for interactive exploration and stakeholder-ready outputs.

🚀 Amazon RDS for MariaDB now supports MariaDB 11.8 (minor 11.8.3), the community's latest long-term maintenance release. The update introduces MariaDB Vector, enabling storage of vector embeddings and use of retrieval-augmented generation (RAG) directly in the managed database. It also adds controls to limit maximum temporary file and table sizes to better manage storage. You can upgrade manually, via snapshot restore, or with Amazon RDS Managed Blue/Green deployments; 11.8 is available in all regions where RDS MariaDB is offered.

🔧 AWS Clean Rooms now lets code authors configure error message detail for analyses using PySpark. When every collaboration member approves an analysis, authors can enable more detailed errors to accelerate debugging and testing. This reduces troubleshooting time for models such as marketing attribution from weeks to hours or days while preserving collaborator data protections.

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.