InfoQ Homepage Compliance Content on InfoQ
-
Azure Virtual Desktop Goes Fully Hybrid with Arc-Enabled Servers
Microsoft's Azure Virtual Desktop (AVD) now supports hybrid environments, enabling on-premises Arc-Enabled Servers to act as session hosts. This integration enables customers to run virtual desktops in their data centers while leveraging cloud management tools. The update enhances flexibility, compliance, and operational integrity across various industries.
-
Microsoft Addresses Data Residency with Private Cloud Expansion
Microsoft has strengthened its Sovereign Cloud offering to meet stringent global data-residency and control regulations, particularly in Europe. New capabilities include a commitment to EU Data Boundary, expanded in-country data processing, and enhanced Sovereign Private Cloud features.
-
AWS Launches Capabilities by Region Tool
AWS has launched "AWS Capabilities by Region," a powerful tool that streamlines service visibility for architects and developers. No more manual checks—now you can compare AWS services across regions interactively and plan deployments efficiently. With enhanced transparency and automated capability checks, streamline global projects and minimize delays.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
AWS Introduces EC2 Instance Attestation
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
-
Google Cloud Unveils New Data Security Posture Management Offering in Preview
Google Cloud unveils its new Data Security Posture Management (DSPM) offering, enhancing data governance, privacy, and compliance. This innovative solution provides visibility into sensitive data, helping organizations identify risks and enforce controls. With advanced features integrated into the Security Command Center, it addresses the evolving challenges of cloud data security.
-
How to Build Secure Software without Sacrificing Productivity
Security can clash with development efficiency. Focusing on minimizing breach impact can be more effective than prevention. Dorota Parad argues for flexibility in compliance and collaborating with security teams to define practical protections. Limiting blast radius and using automation can boost security with minimal productivity loss.
-
AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance
Introducing AWS Shield Network Security Director: a game-changer in DDoS protection and network security visibility. This innovative feature automates resource discovery, evaluates configurations against best practices, and prioritizes security findings. With actionable remediation steps and natural language queries via Amazon Q Developer, organizations can enhance their security posture.
-
Docker Launches Hardened Base Images
Docker has launched its Docker Hardened Images (DHI), a security-focused range of base images that reduce vulnerabilities by up to 95%. Built using a distroless approach, these minimal images eliminate unnecessary components, offering automatic patching and compatibility with existing Dockerfiles. Ideal for regulated environments, DHI enhances software supply chain security and transparency.
-
GitLab 17.11 Enhances DevSecOps with Custom Compliance Frameworks and Expanded Controls
On April 17, 2025, GitLab released version 17.11, introducing significant advancements in compliance management and DevSecOps integration. A standout feature of this release is the introduction of Custom Compliance Frameworks, designed to embed regulatory compliance directly into the software development lifecycle.
-
Microsoft Pledges Deeper European Tech Ties amidst Sovereignty Debate
Microsoft's five digital commitments aim to bolster Europe's tech landscape and sovereignty through a 40% cloud and AI infrastructure expansion, enhanced cybersecurity, and a robust data privacy framework. By establishing a "European cloud for Europe," Microsoft reinforces its dedication to digital resilience while fostering economic competitiveness and supporting the open-source community.
-
QCon London: Bringing DevOps Principles to Controls and Audit
Ian Miell delivered a talk at QCon London 2025 on a modernised approach to compliance, announcing an open-source project that aims to solve many of the problems seen in the audit and compliance process. Miell highlighted that there's a disconnect between modern DevOps practices of automation and repeatability, and traditional audit and compliance procedures.
-
AWS Launches Trust Center: a Centralized Resource for Security and Compliance Information
AWS Trust Center is a comprehensive online resource that enhances cloud security transparency. It details AWS's security practices, compliance protocols, and data protection controls, making it easier for customers to understand and manage their cloud security. This centralized hub provides real-time service status, security bulletins and essential resources, improving client trust & confidence.
-
Logic App Standard Hybrid Deployment Model Public Preview: More Flexibility and Control On-Premise
Microsoft's Logic Apps Hybrid Deployment Model offers unparalleled flexibility for organizations, enabling the execution of workflows on-premises or in private/public clouds. With enhanced local processing, regulatory compliance, and dynamic scalability, businesses can optimize their infrastructure while ensuring data integrity- ideal for sectors like Government, Healthcare, and Manufacturing.
-
AWS Releases User Guide for the Digital Operational Resilience Act (DORA)
Amazon recently released the AWS User Guide to the Digital Operational Resilience Act (DORA). The document details how AWS services support financial entities in complying with DORA's requirements for operational resilience, including ICT risk management, incident reporting, testing, and third-party risk management.