Data protection – Noise

New Attacks Against Secure Enclaves

Bruce Schneier — Mon, 10 Nov 2025 12:04:55 +0000

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before:

Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful...

The attendee guide to digital sovereignty sessions at AWS re:Invent 2025

Brittany Bunch — Tue, 21 Oct 2025 19:11:59 +0000

AWS re:Invent 2025, the premier cloud computing conference hosted by Amazon Web Services (AWS), returns to Las Vegas, Nevada, from December 1–5, 2025. This flagship event brings together the global cloud community for an immersive week of learning, collaboration, and innovation across multiple venues. Whether you’re a cloud expert, business leader, or technology enthusiast, re:Invent […]

A Surprising Amount of Satellite Traffic Is Unencrypted

Bruce Schneier — Fri, 17 Oct 2025 11:03:53 +0000

Here’s the summary:

We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth...

Multi-Region keys: A new approach to key replication in AWS Payment Cryptography

Ruy Cavalcanti — Tue, 16 Sep 2025 19:44:18 +0000

In our previous blog post (Part 1 of our key replication series), Automatically replicate your card payment keys across AWS Regions, we explored an event-driven, serverless architecture using AWS PrivateLink to securely replicate card payment keys across AWS Regions. That solution demonstrated how to build a custom replication framework for payment cryptography keys. Based on […]

Use scalable controls to help prevent access from unexpected networks

Sowjanya Rajavaram — Thu, 28 Aug 2025 22:13:26 +0000

As your organization grows, the amount of data you own and the number of data sources to store and process your data across multiple Amazon Web Services (AWS) accounts increases. Enforcing consistent access controls that restrict access to known networks might become a key part in protecting your organization’s sensitive data. Previously, AWS customers could […]

Beyond the ban: A better way to secure generative AI applications

Warnessa Weaver — Mon, 25 Aug 2025 14:00:00 +0000

Generative AI tools present a trade-off of productivity and data risk. Cloudflare One’s new AI prompt protection feature provides the visibility and control needed to govern these tools, allowing

Five facts about how the CLOUD Act actually works

Bob Kimball — Tue, 22 Jul 2025 15:10:41 +0000

French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]

Dutch government successfully completes privacy audit of AWS data protection practices

Gokhan Akyuz — Wed, 16 Jul 2025 16:02:46 +0000

We are pleased to announce the successful completion of a comprehensive privacy audit conducted by Ernst & Young (EY) Netherlands on behalf of the Netherlands Ministry of Justice and Security. This customer audit examined the data protection measures implemented by AWS for a limited number of internal AWS operations when AWS is processing personal data […]

CISPE Data Protection Code of Conduct Public Register now certifies 122 AWS services as adherent

Gokhan Akyuz — Mon, 23 Jun 2025 18:55:18 +0000

We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that 122 services are now certified as adherent to the Cloud Infrastructure Services Providers in Europe (CISPE) Data Protection Code of Conduct. This alignment with the CISPE requirements demonstrates our ongoing commitment to adhere to the heightened expectations for […]

A deep dive into data protection sessions at AWS re:Inforce 2025

Rahul Sahni — Mon, 02 Jun 2025 16:56:49 +0000

A full conference pass is $1,099. Register today with the code flashsale150 to receive a limited time $150 discount, while supplies last. At Amazon Web Services (AWS), security is our top priority. We’re excited to announce the Data Protection track at AWS re:Inforce 2025, happening June 16–18, where we’ll explore how customers use AWS to […]

Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty

Max Peterson — Tue, 27 May 2025 22:00:05 +0000

Customers often tell me that they want a simpler path to meet the compliance and industry regulatory mandates they have in their geographic regions. In our deep engagements with partners and customers, we have learned that one of the greatest challenges for customers is the translation of security and compliance requirements into distinct technical controls. […]

Enhancing cloud security in AI/ML: The little pickle story

Nur Gucu — Wed, 26 Mar 2025 21:53:15 +0000

As AI and machine learning (AI/ML) become increasingly accessible through cloud service providers (CSPs) such as Amazon Web Services (AWS), new security issues can arise that customers need to address. AWS provides a variety of services for AI/ML use cases, and developers often interact with these services through different programming languages. In this blog post, […]

Effectively implementing resource controls policies in a multi-account environment

Tatyana Yatskevich — Wed, 26 Mar 2025 16:17:12 +0000

Every organization strives to empower teams to drive innovation while safeguarding their data and systems from unintended access. For organizations that have thousands of Amazon Web Services (AWS) resources spread across multiple accounts, organization-wide permissions guardrails can help maintain secure and compliant configurations. For example, some AWS services support resource-based policies that can be used to […]

Improving Data Loss Prevention accuracy with AI-powered context analysis

Warnessa Weaver — Fri, 21 Mar 2025 13:00:00 +0000

Cloudflare’s Data Loss Prevention is reducing false positives by using a self-improving AI-powered algorithm, built on Cloudflare’s Developer Platform.

CCN releases guide for Spain’s ENS landing zones using Landing Zone Accelerator on AWS

Tomás Clemente Sánchez — Thu, 23 Jan 2025 17:14:50 +0000

Spanish version » The Spanish National Cryptologic Center (CCN) has published a new STIC guide (CCN-STIC-887 Anexo A) that provides a comprehensive template and supporting artifacts for implementing landing zones that comply with Spain’s National Security Framework (ENS) Royal Decree 311/2022 using the Landing Zone Accelerator on AWS. Spain’s ENS establishes a common framework of […]

AWS KMS: How many keys do I need?

Ishva Kanani — Mon, 16 Dec 2024 19:47:38 +0000

As organizations continue their cloud journeys, effective data security in the cloud is a top priority. Whether it’s protecting customer information, intellectual property, or compliance-mandated data, encryption serves as a fundamental security control. This is where AWS Key Management Service (AWS KMS) steps in, offering a robust foundation for encryption key management on AWS. One […]

Exploring digital sovereignty: learning opportunities at re:Invent 2024

Marta Taggart — Thu, 24 Oct 2024 13:41:22 +0000

AWS re:Invent 2024, a learning conference hosted by Amazon Web Services (AWS) for the global cloud computing community, will take place December 2–6, 2024, in Las Vegas, Nevada, across multiple venues. At re:Invent, you can join cloud enthusiasts from around the world to hear the latest cloud industry innovations, meet with AWS experts, and build […]

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

Noelle Kagan — Tue, 08 Oct 2024 13:00:00 +0000

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services.

How to perform a proof of concept for automated discovery using Amazon Macie

Jason Stone — Tue, 01 Oct 2024 20:00:55 +0000

Amazon Web Services (AWS) customers of various sizes across different industries are pursuing initiatives to better classify and protect the data they store in Amazon Simple Storage Service (Amazon S3). Amazon Macie helps customers identify, discover, monitor, and protect sensitive data stored in Amazon S3. However, it’s important that customers evaluate and test the capabilities […]

Data Wallets Using the Solid Protocol

Bruce Schneier — Thu, 25 Jul 2024 11:05:10 +0000

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture.

Details are here, but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard. We think designing a wallet around Solid makes sense for lots of reasons. A wallet is more than a data store—data in wallets is for using and sharing. That requires interoperability, which is what you get from an open standard. It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide...