InfoQ Homepage Compliance Content on InfoQ
-
Uber’s Hive Federation Decentralizes 16K Datasets and 10+ PB for Zero-Downtime Analytics at Scale
Uber has decentralized its Hive data warehouse, migrating 16,000 datasets totaling over 10 petabytes using pointer-based federation. The migration ensures zero downtime, strict ACL enforcement, improved governance, and scalable, domain-specific datasets for analytics and machine learning workloads.
-
GitHub Will Use Copilot Interaction Data from Free, Pro, and Pro+ Users to Train AI Models
GitHub will use Copilot interaction data from Free, Pro, and Pro+ users to train AI models starting April 24, opting in by default. Collected data includes code snippets, inputs, outputs, and navigation patterns from active sessions, including private repos. Business and Enterprise tiers are excluded. Community concerns include dark patterns, IP exposure, and GDPR compliance.
-
"Pick and Mix" Custom Regions: Cloudflare Introduces Fine-Grained Data Residency Control
Cloudflare recently introduced Custom Regions, an expansion of its Regional Services that lets customers precisely define where their data is processed. By selecting specific groups of data centers by country or region, customers can ensure that TLS termination and application-layer processing remain within chosen geographic boundaries for compliance and control.
-
European Initiative for Data Sovereignty Released a Trust Framework
The Danube release of the Gaia-X trust framework provides mechanisms for the automation of compliance and supports interoperability across sectors and geographies to ensure trusted data transactions and service interactions. The Gaia-X Summit 2025 hosted facilitated discussions on AI and data sovereignty, and presented data space solutions that support innovation across Europe and beyond.
-
Meta Applies Mutation Testing with LLM to Improve Compliance Coverage
Meta applies large language models to mutation testing through its Automated Compliance Hardening system, generating targeted mutants and tests to improve compliance coverage, reduce overhead, and detect privacy and safety risks. The approach supports scalable, LLM-driven test generation and continuous compliance across Meta’s platforms.
-
Azure Virtual Desktop Goes Fully Hybrid with Arc-Enabled Servers
Microsoft's Azure Virtual Desktop (AVD) now supports hybrid environments, enabling on-premises Arc-Enabled Servers to act as session hosts. This integration enables customers to run virtual desktops in their data centers while leveraging cloud management tools. The update enhances flexibility, compliance, and operational integrity across various industries.
-
Microsoft Addresses Data Residency with Private Cloud Expansion
Microsoft has strengthened its Sovereign Cloud offering to meet stringent global data-residency and control regulations, particularly in Europe. New capabilities include a commitment to EU Data Boundary, expanded in-country data processing, and enhanced Sovereign Private Cloud features.
-
AWS Launches Capabilities by Region Tool
AWS has launched "AWS Capabilities by Region," a powerful tool that streamlines service visibility for architects and developers. No more manual checks—now you can compare AWS services across regions interactively and plan deployments efficiently. With enhanced transparency and automated capability checks, streamline global projects and minimize delays.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
AWS Introduces EC2 Instance Attestation
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
-
Google Cloud Unveils New Data Security Posture Management Offering in Preview
Google Cloud unveils its new Data Security Posture Management (DSPM) offering, enhancing data governance, privacy, and compliance. This innovative solution provides visibility into sensitive data, helping organizations identify risks and enforce controls. With advanced features integrated into the Security Command Center, it addresses the evolving challenges of cloud data security.
-
How to Build Secure Software without Sacrificing Productivity
Security can clash with development efficiency. Focusing on minimizing breach impact can be more effective than prevention. Dorota Parad argues for flexibility in compliance and collaborating with security teams to define practical protections. Limiting blast radius and using automation can boost security with minimal productivity loss.
-
AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance
Introducing AWS Shield Network Security Director: a game-changer in DDoS protection and network security visibility. This innovative feature automates resource discovery, evaluates configurations against best practices, and prioritizes security findings. With actionable remediation steps and natural language queries via Amazon Q Developer, organizations can enhance their security posture.
-
Docker Launches Hardened Base Images
Docker has launched its Docker Hardened Images (DHI), a security-focused range of base images that reduce vulnerabilities by up to 95%. Built using a distroless approach, these minimal images eliminate unnecessary components, offering automatic patching and compatibility with existing Dockerfiles. Ideal for regulated environments, DHI enhances software supply chain security and transparency.
-
GitLab 17.11 Enhances DevSecOps with Custom Compliance Frameworks and Expanded Controls
On April 17, 2025, GitLab released version 17.11, introducing significant advancements in compliance management and DevSecOps integration. A standout feature of this release is the introduction of Custom Compliance Frameworks, designed to embed regulatory compliance directly into the software development lifecycle.