All news with #iam tag

🔐 The new Aurora DSQL connectors for .NET (Npgsql) and Rust (SQLx) simplify secure application access by automating IAM token generation, SSL setup, and connection pooling. They remove reliance on static user passwords while remaining fully compatible with existing driver features. The connectors also provide opt-in optimistic concurrency control retries with exponential backoff, custom IAM credential providers, and AWS profile support to ease credential management.

🔒 Amazon Connect now applies tag-based access control (TBAC) to quick response assignments for routing profiles. Administrators can restrict which routing profiles receive specific quick responses based on their TBAC permissions, so agents only see templates relevant to their assigned profiles. This change aligns quick responses with existing Amazon Connect resource access controls and supports compliance and localized disclosure workflows. The update is available in multiple AWS Regions.

🔒 The new Aurora DSQL Connector for Ruby (pg gem) simplifies building Ruby applications on Aurora DSQL by automating IAM token generation, SSL configuration, and connection pooling. It removes the need for persistent user-generated passwords while preserving full compatibility with existing pg gem features. The connector also provides optional optimistic concurrency control (OCC) retry with exponential backoff and supports custom IAM credential providers and AWS profiles.

🔍 Many organizations treat the cybersecurity skills gap as a supply problem, but the 2025 Cybersecurity Skills Gap Global Research Report shows restrictive hiring definitions are a major cause. Rigid filters like four-year degrees exclude candidates with military, technical, or vendor-certified experience who already possess relevant, hands-on capabilities. Adopting a skills-first approach and mapping role-aligned certifications to job requirements expands the qualified pool, shortens onboarding, and reduces operational risk. Fortinet emphasizes partnerships and free, scalable training as practical ways to build and certify talent at scale.

🔐 Amazon Route 53 Profiles now supports granular AWS Identity and Access Management (IAM) permissions. Administrators can create IAM policies that restrict users to specific operations—associate, disassociate, or update—on resource types such as private hosted zones, Resolver rules, and DNS Firewall rule groups. Permissions may be scoped by resource ARN, hosted zone name, Resolver rule domain name, DNS Firewall rule group priority range, or specific VPC associations to enable precise delegation.

🔐 The IAM market is shifting from traditional login and MFA toward treating identity as a security control plane, driven by demand for phishing-resistant authentication and stronger governance for non-human accounts. Buyers are prioritizing FIDO2/passkeys, biometrics, and controls for service accounts, API keys, and AI agents. Regulatory change, managed services, and vendor consolidation are reshaping architectures and procurement decisions.

🔒 This post explains AWS IAM policy types and how to apply them in a multi-account environment. It describes identity-based and resource-based policies, permissions boundaries, service control policies (SCPs), and resource control policies (RCPs), with ownership guidance for central security and application teams. Using a practical multi-account example, it shows how to combine these controls to enforce least privilege and protect data while enabling team autonomy. It also recommends policy validation and provides sample code.

🔒 Amazon Bedrock AgentCore now lets administrators apply Chrome Enterprise policies to AgentCore Browser and upload custom root CA certificates for both AgentCore Browser and Code Interpreter. These capabilities enable enforcement of organizational controls such as URL restrictions, disabling downloads or password managers, and implementing URL blocklists while agents operate. Custom root CA support allows agents to connect to internal systems and work with corporate TLS interception without certificate errors. The features are available in 14 AWS Regions where AgentCore is offered.

🔐 Amazon Redshift now supports federated permissions with AWS IAM Identity Center (IdC) across multiple AWS Regions, letting you extend IdC from a primary Region to additional Regions for improved proximity-based performance and resilience. In those Regions you can create Redshift and Lake Formation Identity Center applications without replicating identities, so existing workforce identities can query warehouses while row-, column-level and masking controls continue to apply automatically. Users benefit from single sign-on access via Amazon QuickSight, the Redshift Query Editor, or third-party SQL tools, simplifying access and compliance across regions.

🔒 Amazon S3 Access Grants are now generally available in the AWS Asia Pacific (New Zealand) Region. The capability maps identities from directories such as Microsoft Entra ID and AWS IAM principals directly to S3 datasets, enabling identity-driven, automated access provisioning for users. This reduces the need for manual policy changes and simplifies large-scale permission management. Local availability also helps improve latency and supports regional compliance and governance requirements for organizations operating in New Zealand.

🔐 Treat AI agents as first-class identities and enforce identity-based access across systems and APIs. The author argues CISOs must move beyond prompt guardrails to explicit authentication, scoped permissions, continuous logging, and monitoring of tokens, service accounts, OAuth grants, and keys. Organizations should discover shadow AI, map agent access, and enforce intent-aware controls. Full lifecycle governance — ownership, rotation, reviews, and decommissioning — is required to prevent privilege creep and data loss while enabling safe autonomy.

🔐 AWS announced IAM-based authorization in the AWS Glue Data Catalog for Amazon S3 Tables and Apache Iceberg materialized views. The change allows administrators to consolidate storage, catalog, and query engine permissions into a single IAM policy, simplifying access management for analytics services. Customers can still opt into AWS Lake Formation for fine-grained controls and manage access via Console, CLI, API, or CloudFormation.

🔒 CSO and CISO roles have shifted from technical gatekeepers to board-level leaders accountable for resilience, compliance, and business enablement. Recruiters and incumbent executives emphasize a T-shaped background — deep domain expertise plus broad business fluency — including identity and access management, cloud operations, AI risk, and security automation. Candidates must translate security investments into enterprise value and demonstrate continuous assurance; negotiation, delegation, and measurable outcomes now define success.

🔁 AWS now supports IAM Identity Center multi-Region replication, enabling workforce access and supported AWS managed applications to operate from additional Regions for improved resiliency and lower latency. Administrators create a multi-Region customer-managed KMS key, replicate it to target Regions, and add those Regions in the Identity Center console. External IdP configurations (for example, Okta or Microsoft Entra ID) must be updated with new ACS and access portal URLs so both service-provider and IdP-initiated flows work. Instance-level management remains centralized in the primary Region while additional Regions provide read-only replicated configuration and local application access.

🔐 Longstanding identity programs have largely solved authentication with MFA and SSO, but authorization — the decisions about what authenticated identities can do — remains fragile and undergoverned. The article highlights a persistent denominator problem: many assets, cloud tenants, service accounts and shadow IT tools fall outside centralized visibility, so coverage metrics can be misleading. Effective risk reduction requires context-rich, accountable access decisions and stronger governance of non-human and third-party identities to avoid rubber-stamp approvals and excessive blast radius.

🔐 AWS Identity and Access Management (IAM) Roles Anywhere now supports the FIPS 204 Module-Lattice Digital Signature Standard (ML-DSA), a NIST-standardized, quantum-resistant digital signature algorithm. Customers can register ML-DSA-signed CA certificates as IAM Roles Anywhere trust anchors or reference AWS Private Certificate Authority instances, and issue end-entity X.509 certificates bound to ML-DSA keys. The capability is available in all Regions where IAM Roles Anywhere operates, including AWS GovCloud (US), the AWS European Sovereign Cloud (Germany), and China Regions.

🔐 Password audits commonly validate complexity, length and rotation but frequently miss the accounts attackers prefer. Many organizations overlook reused or breached credentials, orphaned and dormant accounts, and high‑value service accounts with non‑expiring passwords. Point-in-time checks also fail to catch continuous threats like credential stuffing. Modern audits should add breached-password screening, risk-based prioritization, and continuous monitoring using tools such as Specops Password Policy.

🔐 AWS Identity and Access Management (IAM) now lets you create and configure IAM roles directly within many service console workflows, so you no longer need to switch to the IAM console. A new in-context permissions panel appears during relevant tasks and supports default policies or a simplified statement builder for custom permissions, while retaining full IAM role-management capabilities. Initially available in the US East (N. Virginia) Region, the feature will roll out to additional services and regions. This streamlines role setup for services such as EC2, Lambda, EKS and more.

🔍 Recruiters and current CSOs warn that true CSO capability combines technical fluency, business judgment, and clear communication. Inflated titles and hasty hires create false confidence, wasted budgets, and a culture of compliance rather than security. Top CSOs prioritize risk choreography, translate risk into business outcomes, and balance risk and revenue. Candidates and employers should verify mandate, budget, and cross‑functional influence before assigning the title.

🔐 The article explains how Model Context Protocol (MCP)-driven AI agents are rapidly moving from chat assistants into enterprise workflows, creating an emergent class of non-human identities that often evade traditional IAM controls. It warns these agents gravitate to low-friction credentials—local accounts, long-lived tokens, and API keys—creating pervasive “identity dark matter.” The piece recommends pairing agents with human sponsors, enforcing dynamic, context-aware access, centralizing visibility and auditability, and applying consistent governance across hybrids to prevent privilege drift and regulatory blind spots.