All news with #encryption at rest tag

Amazon RDS for SQL Server: KMS Encryption for Native Backups

🔐 Amazon RDS for SQL Server now supports encrypting native backup files (.bak) stored in Amazon S3 using server-side encryption with AWS KMS keys (SSE-KMS). By default, native backups remain encrypted with Amazon S3-managed keys (SSE-S3), and customers can opt to apply their own KMS key for additional protection and key control. To enable the feature, update the KMS key policy to grant the RDS backup service access and specify the parameter @enable_bucket_default_encryption in the native backup stored procedure. This capability is available in all AWS Regions where Amazon RDS for SQL Server is offered.

AWS Bedrock Guardrails: Customer-Managed KMS Keys Support

🔐 AWS now supports customer-managed AWS Key Management Service (KMS) keys for Amazon Bedrock Guardrails Automated Reasoning checks. Customers can encrypt policy content and test artifacts with their own keys instead of the default key, retaining control over lifecycle and access. This capability helps regulated organizations meet compliance requirements and is available in all Bedrock Guardrails regions. Refer to AWS documentation and the Bedrock console to get started.

Vertex AI SDK Adds Prompt Management for Enterprises

🛠️ Google Cloud announced General Availability of Prompt Management in the Vertex AI SDK, enabling teams to programmatically create, version, and manage prompts as first-class assets. The capability bridges Vertex AI Studio’s visual prompt design with SDK-driven automation to improve collaboration, reproducibility, and lifecycle control. Enterprise security and compliance are supported via CMEK and VPCSC, and the SDK exposes simple Python methods to create, list, update, and delete prompt resources tied to models such as gemini-2.5-flash. Get started using the documented code examples to centralize prompt governance and scale generative AI workflows.

Vertex AI Context Caching: Reduce Cost and Latency

⚡ Vertex AI context caching saves and reuses precomputed input tokens so developers avoid repeatedly sending and recomputing long contextual content, reducing latency and cost for large-context AI applications. It provides implicit caching — automatic, default, short-lived KV caches (deleted within 24 hours) integrated with Provisioned Throughput — and explicit CachedContent objects that are paid once and then reused at a deep discount with optional CMEK protection. Caches support multimodal inputs and very large context windows.

AWS Backup Adds Detailed Job and Audit Report Fields

🔍 AWS Backup now returns more detailed metadata in job APIs and Backup Audit Manager reports to improve visibility into backup configuration and compliance. New fields in backup, copy, and restore job APIs expose retention settings, vault lock and type, encryption details, plan and rule names, schedules, and vault access policies. Delegated administrators can view job details across an organization. These fields are available today in supported Regions at no extra charge.

Google transitions to cryptographic media sanitization

🔐 Google will transition in November 2025 from overwrite-based media sanitization to cryptographic erasure, using default encryption to render data unrecoverable by securely deleting encryption keys rather than overwriting drives. Recognized in NIST SP 800-88, this method is faster and better suited to modern storage technologies. Google says it will apply a layered, defense-in-depth model with independent verification, key rotations, and protections for device secrets to maintain strong safeguards.

Buyer’s Guide — Data Protection Platforms for Hybrid Clouds

🔒 This buyer’s guide explains why organizations need comprehensive data protection platforms for hybrid cloud environments and which capabilities to prioritize. It highlights core requirements such as data discovery and classification, layered protections (encryption, DLP, immutability), continuous monitoring, and automated recovery to address ransomware, misconfigurations, outages and compliance. The guide also surveys market trends and leading vendors to help IT teams evaluate DPaaS, cloud-native and on-premises options.

Microsoft Releases Enterprise Windows Backup for Orgs

🔒 Microsoft has made Windows Backup for Organizations generally available, offering an enterprise-grade, opt-in solution to preserve Windows settings, user preferences, and Microsoft Store-installed apps. The capability is available after installing the September 2025 Windows Monthly Cumulative Update on Entra-joined devices and must be enabled by administrators through Intune or backup and restore policy settings. Backups are stored in Exchange Online in the tenant's selected Country/Region, are protected by encryption, and are accessible to Microsoft personnel only under strict oversight for troubleshooting or legal compliance, helping streamline migrations to Windows 11 during device setup.

EC2 Image Builder: Pipeline Auto-Disable and Custom Logs

⚙️ EC2 Image Builder pipelines can now be automatically disabled after a configurable number of consecutive failures, and you can assign custom log groups with retention and encryption settings to meet organizational policies. This prevents unnecessary resource creation and repeated failed builds, reducing costs and operational noise. These capabilities are available at no extra charge across all AWS commercial regions and are usable via Console, CLI, API, CloudFormation, or CDK.

Amazon EC2 Auto Scaling Adds FIPS PrivateLink Endpoints

🔒 Amazon EC2 Auto Scaling now supports FIPS 140-3 validated VPC endpoints via AWS PrivateLink, enabling regulated workloads to use cryptographic modules that meet federal requirements. This update allows customers to create FIPS-compliant VPC endpoints in select US and Canada regions to satisfy government and regulated-industry encryption mandates. Refer to AWS guidance for setting up VPC endpoints and integrating AWS PrivateLink with EC2 Auto Scaling.

Security Hardening Essentials for Resource-Constrained SMBs

🔒 Security hardening boosts protection for organizations, especially SMBs, by reducing their attack surface without large additional investments. Key measures include strong authentication and authorization—enforcing strict passwords, multifactor authentication, least-privilege access and network access controls—alongside timely patching, data encryption and segmented, tested backups. Regular staff training, account audits and permission reviews complete a practical, low-cost defense posture.

Threat Modeling Your Digital Life Under Authoritarianism

🔒 The article argues that personal threat modeling must adapt as governments increasingly combine their extensive administrative records with corporate surveillance data. It details what kinds of government-held data exist, how firms augment those records, and the distinct dangers of targeted versus mass surveillance. Practical mitigations are discussed—encryption, scrubbing accounts, burner devices—and the piece stresses that every defensive choice is a trade-off tied to individual goals.

AWS IAM Identity Center Adds Customer-Managed KMS Keys

🔐 IAM Identity Center now supports customer-managed AWS KMS keys to encrypt workforce identity data, including user and group attributes. While AWS-owned keys remain the default, a customer-managed key (CMK) lets organizations control key lifecycle, policies, and usage permissions for stronger security and compliance. CMKs can be set when enabling a new organization instance or added to existing ones, and their usage is auditable via AWS CloudTrail. Support is available for access to accounts and select AWS applications across all IAM Identity Center regions; standard KMS charges apply.

Amazon EventBridge Adds Customer-Managed KMS Support

🔐 Amazon EventBridge now supports AWS KMS customer managed keys for event bus rule filter patterns and input transformers. This lets you encrypt the logic that selects and modifies events with your own keys to meet security and compliance requirements while retaining full key control. The feature is available in all commercial AWS Regions and can be audited via AWS CloudTrail. There is no additional EventBridge charge, though standard AWS KMS pricing applies.

Preparing Organizations for the AI and Quantum Threat

🔒 This upcoming 60‑minute webinar examines how quantum computing and AI are jointly reshaping cybersecurity and accelerating new attack vectors. Top experts will cut through the hype to explain quantum-safe cryptography, practical defenses against AI-driven phishing and "harvest now, decrypt later" risks, and industry-specific controls for finance, healthcare, and critical infrastructure. Attendees will leave with a concrete roadmap for assessment, deployment, and ongoing resilience. Seats are limited.

Multi-Region Key Replication in AWS Payment Cryptography

🔐 AWS introduces Multi-Region keys for AWS Payment Cryptography, a built-in option to automatically synchronize exportable symmetric payment keys from a primary Region to one or more replica Regions. You can choose account-level defaults or per-key replication targets, keep consistent key IDs across Regions, and rely on asynchronous replication with monitoring via new CloudTrail events. The feature improves availability and disaster recovery for global payment operations while preserving granular control over replication.

Signal adds opt-in end-to-end encrypted backups for chats

🔒 Signal has introduced an opt-in secure cloud backups feature that creates end-to-end encrypted archives of users' messages and recent media. The capability is available now in the Android beta and will be rolled out to iOS and desktop after testing completes. The free tier stores messages and up to 45 days of media within a 100 MiB limit; a paid $1.99/month plan raises storage to 100 GB and extends media retention. Backups occur daily, exclude soon-to-disappear and view-once messages, and are protected by a 64-character recovery key generated on-device that Signal never receives.

Hidden Vulnerabilities in Project Management Tools: Backup

🛡️ Many organizations rely on SaaS project platforms such as Trello and Asana for daily operations, but native protections and short retention windows often leave critical data exposed. The piece highlights human error, misconfiguration, and targeted cyberattacks as leading causes of loss. It recommends adding a third‑party backup layer and presents FluentPro Backup as a solution offering continuous automated backups, granular restores, one‑click project recovery, and Azure‑backed security to ensure recoverability and auditability.

SageMaker HyperPod Supports Customer-Managed KMS for EBS

🔐 Amazon SageMaker HyperPod now supports customer-managed AWS KMS keys (CMKs) to encrypt EBS volumes, giving enterprises direct control over encryption for root and secondary storage. This enables integration with existing key management and compliance workflows and uses a grants-based approach for secure cross-account access. Customers can specify CMKs via the CreateCluster and UpdateCluster APIs for clusters in continuous provisioning mode. The capability is available in all Regions where HyperPod runs.

SageMaker HyperPod Supports EBS CSI Driver for Storage

🔧 Amazon SageMaker HyperPod now supports the Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver, enabling dynamic provisioning and lifecycle management of persistent EBS volumes for machine learning workloads on HyperPod EKS clusters. Through standard Kubernetes persistent volume claims and storage classes, teams can create, attach, resize, snapshot, and encrypt volumes (including customer-managed KMS keys), and volumes persist across pod restarts and node replacements. Install the EBS CSI driver as an EKS add-on to get started; the capability is available in all regions where HyperPod EKS clusters are supported.