All news with #resilience tag

🔒 The Louvre has issued a €57m public tender to overhaul its safety and security infrastructure after an October break-in at the Apollo Gallery that led to the theft of the Crown Jewels valued at €88m. The procurement seeks a new digital safety management system, consolidated IT and physical security monitoring, a central VMS/CCTV upgrade, ANSSI‑vetted access controls, and revamped IDS and artwork proximity sensors. All solutions must be interoperable, scalable and open to avoid vendor lock-in. Companies have until December 10 to apply.

🎥 This Emergency Communications Month, the National Council of Statewide Interoperability Coordinators (NCSWIC) Planning, Training, and Exercise Committee released a concise educational video, 'What is a PACE Plan', that explains the components of a PACE plan (Primary, Alternate, Contingency, Emergency) and why it matters for public safety communications. NCSWIC members describe how communications can change in atypical situations and demonstrate why agencies should know their PACE and routinely practice it. The video is a practical tool to help agencies maintain continuity of communications when primary systems degrade.

🔒 IO's State of Information Security Report 2025 finds most UK and US cybersecurity professionals fear state-sponsored cyber-attacks, with 23% citing lack of preparedness for geopolitical escalation as their top concern. Surveying 3,000 security managers, IO reports 33% believe governments are not doing enough and many organisations worry about data loss, reputational harm and supply chain disruption. In response, 74% are investing in resilience and 97% are tailoring incident response, beefing up threat intelligence and securing supply chains.

🔧 AWS has expanded its Resilience Competency to include Technology Partners, enabling customers to identify validated software for high availability and recovery. The program evaluates solutions across Design, Recovery, and Operate categories through expert technical validation to meet strict performance and operational requirements. Qualified partners and solutions are discoverable via the AWS Resilience Competency and purchasable through AWS Marketplace, aligning with AWS's shared responsibility model. This aims to help organizations build always-on applications with lower cost and higher availability than on-premises alternatives.

⚡ Enabling the accelerated recovery option for Amazon Route 53 public hosted zones gives customers a predictable 60-minute recovery time objective (RTO) to regain the ability to modify public DNS records if AWS services in US East (N. Virginia) are temporarily unavailable. The feature is available globally except in GovCloud and China, and there is no additional charge. It supports faster DNS change operations for banking, FinTech, and SaaS customers to meet continuity and disaster recovery objectives.

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

🧪 AWS Fault Injection Service (FIS) introduces two new pre-built experiment scenarios to simulate partial, cross- and single-AZ disruptions. The AZ: Application Slowdown scenario simulates increased latency and degraded performance within a single Availability Zone to validate observability, alarms, and AZ evacuation playbooks. The Cross-AZ: Traffic Slowdown scenario simulates degraded traffic between AZs and lets you target subsets of traffic for realistic gray-failure testing. These scenarios are available in all Regions where AWS FIS is offered, including AWS GovCloud (US).

🛡️ Financial institutions face a regulatory shift: cyber‑resilience has moved from best practice to prescriptive requirement under regimes such as DORA, CORIE, MAS TRM, FCA/PRA and others. Filigran’s OpenAEV combines tabletop crisis playbooks with breach-and-attack simulation so teams can rehearse human and technical responses together. The platform synchronizes players via enterprise IAM, translates threat intelligence into timed technical injects and simulated communications, and streamlines logistics, reporting and continual improvement. OpenAEV is free for community use, with a library of scenarios and SIEM/EDR integrations, and Filigran is hosting expert sessions to demonstrate operationalization.

☁️ Microsoft positions resiliency as a shared responsibility, combining its global infrastructure, SLAs, and platform capabilities with customer-owned architecture, configuration, and recovery planning. Azure Essentials packages blueprints, assessments, and validation tools like Azure Chaos Studio and Azure Monitor to enable zone-redundant and multi-region designs. The guidance stresses continuous validation, automated remediation, and governance to reduce downtime and accelerate recovery.

🔒 Cyber-physical systems (CPS) underpin critical infrastructure across industry, healthcare and buildings, and their continuous availability is essential to public safety and business continuity. The article urges CISOs to prioritize CPS security, invest in OT protection, close long-standing IT–OT silos and maintain accurate asset inventories. It highlights that many organizations lack OT incident response or business continuity plans and emphasizes that rapid recovery, segmentation and tested emergency procedures are key to minimizing downtime and harm. Analysts warn of steep recovery times and severe financial and human impacts if CPS resilience is not improved.

🧪 Amazon Kinesis Data Streams now integrates with AWS Fault Injection Service (FIS) to simulate Kinesis API errors and validate application error handling, retry logic, and monitoring. Customers can induce throttling, internal errors, service unavailable, and expired iterator exceptions—covering 500, 503, and 400 responses for GET and PUT operations—to test resilience and CloudWatch alarms. FIS experiments support templates, CI integration, and automatic stop thresholds to keep tests controlled, and are generally available in all Regions where FIS is offered, including AWS GovCloud (US).

⚙️ This post introduces the fundamentals of chaos engineering and explains why deliberately injecting controlled failures helps teams build more resilient cloud-native systems. It covers core principles — such as defining a steady-state hypothesis, limiting blast radius, replicating realistic failure modes, and automating experiments — and translates them into practical steps for experiment design, fault injection, probing, and rollback. The article recommends using Chaos Toolkit and points to Google Cloud–specific recipes to help engineers begin safely and iteratively.

🛡️ Modern disaster recovery and business continuity require a ground-up rebuild to address distributed data, evolving cyberthreats, climate-driven disruptions, and strict breach-reporting obligations. Key elements include executive sponsorship, standing interdisciplinary teams, AI-assisted discovery and classification, continuous and immutable backups aligned with a 3-2-1-1-0 approach, and the design of a minimum viable business to restore core functions. Frequent, gamified tabletop exercises and automated validation complete a resilient program.

🔒 Ineffective recovery processes and increasingly sophisticated ransomware are driving adoption of Cyber Recovery approaches that isolate and validate backups before restoring systems. Modern platforms combine immutable snapshots, sandboxed restores, and automated forensics with AI/ML-based detection to identify safe restore points and reduce downtime. Vendors highlighted include Acronis, Cohesity, Commvault, Dell, Druva, Rubrik, Veeam, Zerto.

⚙️ Amazon EBS now provides a latency injection action in AWS Fault Injection Service (FIS) to simulate degraded I/O performance on EBS volumes as part of controlled fault injection experiments. The action reproduces real-world signals such as Amazon CloudWatch alarms and OS timeouts so teams can observe application behavior and validate recovery. Pre-defined templates are available in the EBS and FIS consoles, and experiments can be customized or combined with other actions to integrate into chaos engineering and CI workflows. The capability is available in all Regions where FIS is supported.

🪂The SOC is framed as the parachute organisations rely on when breaches occur. Too many SOCs are under‑specified and reactive—drowned in alerts and tools that add complexity rather than resilience. The author calls for Swiss engineering: over‑specified, tested processes, rehearsed responses, and anticipatory defence grounded in threat modelling and behavioural context. Vendors and AI can assist, but organisations must own priorities, rehearse decision making, and build muscle memory.

🧪 AWS announced that Fault Injection Service (FIS) is now available in the Europe (Zurich) Region. FIS is a fully managed service for running controlled fault injection experiments to validate application performance, observability, and resilience under scenarios such as AZ power interruptions and cross-region connectivity failures. Customers can create reusable experiment templates, integrate them into CI/CD pipelines, and generate detailed experiment reports stored in Amazon S3 for audit and compliance needs. This launch expands FIS to 24 regions globally.

🛡️ Organizations face escalating operational risk as threat actors leverage optimized supply chains, pre-packaged services and AI to accelerate attacks and social engineering. Managed detection and response (MDR) is promoted as a prevention-first approach that prioritizes speed of detection, containment and response. Best-in-class MDR combines 24/7 monitoring, proactive threat hunting and automated compliance and forensic reporting to reduce downtime and support recovery.

🚀 This Cloud Next 2025 talk explains how to build fault-tolerant, multi-region services using Cloud Run, highlighting autoscaling, decoupled control/data planes, and N+1 zonal redundancy. The post previews an upcoming Service Health feature that automates cross-region failover by relying on container readiness probes and minimum-instance settings. It also outlines deployment patterns (global external ALB with Serverless NEGs) and shows a live demo of automated traffic failover.

🔒 In a world where pandemics, war, and natural disasters are inevitable, security teams must plan for continuity. The article examines two primary approaches: scaling VPN capacity for remote access or adopting a SASE framework that integrates networking and security as a cloud-delivered service. Each option has trade-offs in cost, complexity, and operational risk; readiness requires assessing user patterns, threat exposure, and recovery objectives.