All news with #encryption at rest tag

Amazon MSF for Apache Flink Adds Customer Managed Keys

🔐 Amazon Managed Service for Apache Flink now supports Amazon KMS Customer Managed Keys (CMK), giving customers the option to use their own keys instead of AWS-owned keys. This provides greater control over encryption at rest, key rotation, and access policies for data stored in MSF. The update helps address compliance and governance requirements and is available by region; refer to the documentation for implementation details.

AWS Achieves HITRUST Certification for 177 Services

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

Twitter Whistleblower Alleges Major Security Failures

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.