InfoQ Homepage Cloud Security Content on InfoQ
-
Google Cloud KMS Launches Post-Quantum KEM Support to Combat "Harvest Now, Decrypt Later" Threat
Google Cloud's Key Management Service now supports post-quantum Key Encapsulation Mechanisms (KEMs), addressing future threats from quantum computing. This update empowers organizations to prepare against "Harvest Now, Decrypt Later" attacks while ensuring long-term data confidentiality.
-
Google Cloud Outlines Key Strategies for Securing Remote MCP Servers
Google Cloud published a guide that lays out strategies for securing remote Model Context Protocol (MCP) server deployments, particularly in contexts where AI systems depend on external tools, databases, and APIs.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
Slack Security: inside the New Anomaly Event Response Architecture
Slack has launched Anomaly Event Response (AER), a real-time security system that autonomously detects suspicious activity, terminates risky sessions, and reduces response time from days to minutes. The system’s architecture includes a detection engine, decision framework, and response orchestrator to help organizations prevent breaches efficiently.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals
Security researchers at ARMO have uncovered a significant vulnerability in Linux runtime security tools that stems from the io_uring interface, an asynchronous I/O mechanism that can completely bypass traditional system call monitoring. The research demonstrates how attackers can exploit this blind spot to operate undetected by most existing security solutions.
-
Agentic AI Expands into SecOps to Ease Human Workloads
Agentic AI is beginning to reshape malware detection and broader security operations. These systems are being used not to replace humans, but to take on the lower value jobs that have historically tied up analysts — from triaging alerts to reverse-engineering suspicious files.
-
Google Cloud Unveils New Data Security Posture Management Offering in Preview
Google Cloud unveils its new Data Security Posture Management (DSPM) offering, enhancing data governance, privacy, and compliance. This innovative solution provides visibility into sensitive data, helping organizations identify risks and enforce controls. With advanced features integrated into the Security Command Center, it addresses the evolving challenges of cloud data security.
-
Google Veles is a New Open-Source Secret Scanner Powering GCP
Google Veles is a newly released open-source secret scanner, launched as part of Google's broader OSV-SCALIBR (Software Composition Analysis LIBRary) ecosystem. Veles integrates seamlessly with other OSV-SCALIBR tools and also powers secret scanning in Google Cloud, while remaining available as a standalone module.
-
AWS CCAPI MCP Server: Natural Language Infra
AWS introduces the Cloud Control API (CCAPI) MCP Server, revolutionizing infrastructure management by enabling natural language commands for resource management. This tool boosts developer productivity with automated security checks, IaC template generation, and cost estimation, bridging the gap between intent and cloud deployment. Embrace simplicity and efficiency in cloud operations!
-
Uber Unveils Multi-Cloud Secrets Management Platform to Secure 150,000+ Credentials
Uber has revealed details of its internally developed Multi-Cloud Secrets Management Platform, designed to address the security challenges of managing over 150,000 secrets across its massive distributed infrastructure. The platform represents a significant evolution in how large-scale technology companies approach credential security in multi-cloud environments.
-
AWS Introduces Exportable Public SSL/TLS Certificates
AWS has recently announced exportable public SSL/TLS certificates from AWS Certificate Manager, addressing a long-standing community request and allowing users to export certificates with their private keys for use beyond managed services on AWS.
-
AWS Introduces Extended Threat Detection for EKS via GuardDuty
AWS has expanded GuardDuty’s threat detection capabilities on EKS clusters, introducing new runtime monitoring features that use a managed eBPF agent to detect container-level threats.
-
AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance
Introducing AWS Shield Network Security Director: a game-changer in DDoS protection and network security visibility. This innovative feature automates resource discovery, evaluates configurations against best practices, and prioritizes security findings. With actionable remediation steps and natural language queries via Amazon Q Developer, organizations can enhance their security posture.
-
Virt8ra Sovereign Cloud Expands with Six New European Providers
Virt8ra is a groundbreaking European initiative aiming to establish a sovereign, interoperable cloud ecosystem, countering US cloud dominance. With significant expansion, now inclusive of six new providers, and a focus on open-source technology, Virt8ra promotes data localization and vendor independence, paving the way for an innovative digital future across Europe.