cloud security Archives

News
0
0
14 min read

Microsoft Enhances Data Sovereignty Tracking In Security Tools

Organizations must now maintain essential data and operational control in the cloud amid new regulations, higher resilience standards, and rapid technology evolution.

In June 2025, Microsoft CEO Satya Nadella introduced solutions through Microsoft Sovereign Cloud to address these challenges. We continually strengthen our approach to sovereignty, ensuring we meet customer needs and comply with regulations for both our sovereign public and private clouds. Today, we announce new features that enhance our security and digital sovereignty controls, offer advanced AI, and provide broader scale, supported by local partner experts. Key updates include:

End-to-end AI data processing in Europe as part of the EU (European Union) data boundary, which means data processed by artificial intelligence stays completely within the borders of the European Union.

Microsoft 365 Copilot now offers in-country processing for Copilot interactions in 15 countries. Details are available on the Microsoft 365 blog.

Expansion of the Sovereign Landing Zones service, which are pre-configured secure cloud environments set up according to specific sovereignty requirements. Now, Microsoft Azure Local (a locally operated version of Azure) also supports disconnected operations, allowing these systems to run without an active internet connection.

Microsoft 365 Local is now generally available.

Azure Local, a version of Microsoft’s cloud platform operated in specific locations for greater data control, now supports a greater maximum number of servers, external SAN (storage area network, a type of shared data storage), and the latest NVIDIA GPUs (graphics processing units used for complex computing tasks like AI).

Our partner digital sovereignty specialization is now available.

Microsoft Sovereign Cloud: Continuous Innovation

Our latest updates deliver new digital sovereignty features in AI, security, and productivity. More enhancements are coming soon to better support customers’ sovereign cloud needs.

We know that ongoing innovation is important, and we have started putting many of our promises into action. As of this month, we have:

Established a European board of directors composed of European nationals exclusively overseeing all data center operations in compliance with European law, thereby putting Europe’s cloud infrastructure into the hands of Europeans.

Increased European data center capacity with recent launches in Austria and an upcoming launch in Belgium this month

Expanded open source investment through funding secure open source software (OSS) projects and collaborations, as well as publishing

AI access principles that widen safe, responsible access to advanced AI, helping European developers, startups, and enterprises compete more effectively across the region

Advance our European security program by providing AI-powered intelligence and cybersecurity capacity-building initiatives to strengthen Europe’s digital resilience against threat actors.

Building on our sovereign efforts, we are now launching new Sovereign Public Cloud and AI capabilities to further strengthen compliance and control.

Organizations need comprehensive sovereignty solutions that enable compliance and control from the start of their planning.

EU Data Boundary Includes AI Data Processing Residency

We are keeping our promises regarding AI data processing by ensuring that data processed by AI services for EU customers remains within the European Union unless the customer asks otherwise.

This means that all customer data, whether stored or in transit, will be kept and processed only in the EU. We use strict controls and clear processes to meet EU customer requirements.

Expanding Microsoft 365 Copilot In-Country Data Processing To 15 Countries.

After years of investing in global infrastructure and strong data residency, Microsoft will now provide in-country data processing for Microsoft 365 Copilot interactions in 15 countries worldwide.

By the end of 2025, customers in Australia, India, Japan, and the United Kingdom will be able to have their Microsoft 365 Copilot interactions processed in their own country. In 2026, we will add this option for customers in 11 more countries, including Canada, Germany, Italy, Malaysia, Poland, South Africa, Spain, Sweden, Switzerland, the United Arab Emirates, and the United States.

New Sovereign Landing Zone (SLZ) Foundation

We are also launching an updated sovereign landing zone (SLZ) built on the trusted Azua landing zone (ALZ) foundation.

The sovereign landing zone is our recommended setup for customers who want to use sovereign controls in the Azure private cloud.

The refresh of the sovereign landing zone includes:

Updated management group hierarchy and supporting Azure policy definitions, initiatives, and assignments to help implement the sovereign public cloud controls.

We provide guidance on where to deploy Azure Key Vault managed by HSM (Hardware Security Module, a dedicated device for securely managing cryptographic keys), if needed, as part of level two sovereign controls.

Deployment is easier now with the Azure Landing Zone Accelerator and Azure Landing Zone Library. For more details, see the Sovereign Landing Zone (SLZ) implementation options.

In the coming months, we will add more built-in Azure policy definitions, initiatives, and assignments to the sovereign landing zone. This will help customers set up sovereign controls in the public cloud more quickly.

Using sovereign landing zones gives customers a clear structure that speeds compliance with local sovereignty rules and simplifies policy management. It also helps organizations scale their workloads across Azure regions while remaining aligned with regulations and maintaining consistent operations.

New Sovereign Private Cloud and AI Capabilities

As organizations prioritize sovereignty, balancing compliance and innovation is crucial. Our updates merge advanced AI and scalable infrastructure across public and private clouds.

Supporting Thousands Of AI Models On Azure Local With NVIDIA RTX GPUs.

We are improving our sovereign private cloud with Azure Local, introducing a new Azure option that leverages the latest NVIDIA RTX PRO 6000 Blackwell Server Edition GPU for high-performance AI workloads in secure environments.

This GPU can run over 2,000 models, including GPT, OSS, DeepSeek V3, Mistral, NeMo, and Llama 4 Maverick. It enables organizations to accelerate AI projects securely in a private cloud, supporting innovation and the adoption of advanced solutions while ensuring strong data protection and compliance.

Customers can access thousands of ready-to-use open source AI models for tasks such as generative AI, analytics, and real-time decision-making, all with strong governance.

Increasing Azure Local Scale to Hundreds of Servers

Previously, Azure Local supported clusters of up to 16 servers. With our latest updates, it can now handle hundreds of servers. This change helps organizations with large or growing needs run bigger and more complex workloads, scale easily, and meet security and sovereignty requirements in Europe and worldwide.

SAN Support On Azure Local

One important update is that Azure Local now supports storage area networks (SANs), specialized, high-speed networks that provide access to consolidated, block-level data storage. Customers can securely connect their current on-premise storage to Azure Local, making it easier to use their existing storage while taking advantage of cloud services. This helps keep data in the right location and gives European businesses greater flexibility to comply with local data rules without sacrificing performance or control.

Microsoft 365 Local: General Availability of Key Workloads

Another key update is that Microsoft 365 Local is now generally available. This brings core tools like Exchange Server (for email), SharePoint Server (for document management), and Skype for Business Server (for communications) directly to Azure Local. Starting in December, customers can use these tools on Azure Local in connected mode, with a fully isolated option coming early in 2026. This setup lets organizations maintain full control while meeting strict compliance and data residency requirements.

Disconnected Operations: General Availability

Microsoft’s Sovereign Private Cloud brings sovereignty principles to dedicated environments for organizations with strict compliance and control needs using Azure Local. Azure Local lets government agencies, global companies, and regulated groups keep local control while still using Microsoft’s global cloud platform.

Disconnected operations for Azure Local, available in early 2026, let customers manage multiple on-premise clusters from a single control system. Organizations can securely run private cloud operations independently, ensuring business continuity even in remote settings.

New Partner: Digital Sovereignty Specialization Now Available

We are launching the Digital Sovereignty Specialization in the Microsoft AI Cloud Partner Program. This specialization enables partners to demonstrate expertise in secure, compliant, and sovereign cloud solutions for Azure and Microsoft 365. Partners who earn this badge show they can meet strict data privacy and regulatory standards, supporting customer control and innovation. The specialization includes rigorous audits and offers benefits such as increased visibility, special recognition, and priority access to sovereign cloud projects.

Looking Ahead: Advancing Sovereignty Through Greater Controls

The Microsoft Sovereign Cloud Roadmap will introduce new capabilities to address evolving customer needs, including:

Sovereign Private Cloud

Enhanced change controls: We will introduce a set of configurable policies and approval workflows that empower organizations to exercise explicit oversight over changes propagating from the cloud to the edge, strengthening governance and compliance.

Site-to-site disaster recovery: Azure site recovery in Azure local helps maintain business continuity by keeping business apps and workloads running during outages.

Moving from hybrid to fully disconnected: Azure Local enables customers to transition workloads from hybrid to fully disconnected operations, providing flexibility for business continuity.

National Partner Clouds

National partner clouds are a key part of our sovereign cloud strategy. They offer independent cloud environments that deliver Microsoft Azure and Microsoft 365, all under local ownership and control.

Delos Cloud is designed to meet the German government’s BSI cloud platform requirements.

Bleu is designed to meet the French government’s ANSSI SecNumCloud requirements.

For many public sector organizations, ERP is a critical workload that requires modernization to cloud environments. SAP is planning to deploy its RISE with SAP offering on Microsoft Azure for both Bleu and Delos cloud customers. In addition to supporting RISE with SAP for customers using Microsoft Azure public cloud deployments.

Learn More About Microsoft’s Sovereign Solutions

Microsoft offers leading sovereign solutions, including a flexible public cloud, a private cloud that grows with your business, and national partner clouds built for specific compliance needs. We are committed to ongoing investment and innovation so our customers can achieve sovereignty without compromise.

Find out more about the latest in cloud innovation this November at Microsoft Ignite. Learn more and sign up today.

Source: Microsoft strengthens sovereign cloud capabilities with new services

News
0
0
9 min read

Google Cloud Launches AI-Driven Incident Response System

As organizations rapidly adopt AI, safeguarding these advances is mission-critical. Google Cloud empowers you to securely develop and deploy AI, addressing compliance and privacy from the start.

Today, we’re introducing a solution to manage risk throughout the AI lifecycle. AI protection is a tool set designed to secure your AI workloads and data across any cloud or model, regardless of platform.

AI protection helps teams manage AI risk in several ways:

It discovers AI assets in your environment and checks them for possible vulnerabilities.

It secures AI assets using controls, policies, and guardrails.

It manages threats to AI systems with tools for direction, investigation, and response.

AI Protection integrates with the Security Command Center to manage security risks across clouds. This provides security teams with a unified view for monitoring AI and cloud risks.

Discovering AI Inventory

Managing AI risk begins with knowing where and how AI is used. Our tools automatically find and catalog models, applications, data, and their connections.

Understanding the data supporting AI applications and protecting that data is critical. Sensitive Data Protection (SDP) identifies and secures sensitive information, now automating data discovery for Vertex AI datasets. SDP displays sensitivity and types of training data, as well as data profiles for deeper insights.

Once sensitive data locations are identified, AI Protection leverages SCC’s virtual red teaming to detect risky combinations and potential attack paths, and to recommend steps to strengthen security.

Securing AI Assets

Model Armor, an AI protection feature, is now available. Model Armor protects AI models against certain attack types, including prompt injection (manipulating AI responses by inserting malicious input), jailbreak (bypassing restrictions on AI behavior), data loss, malicious URLs (web addresses leading to harmful sites), and offensive content. Model Armor works with many models across different clouds, so you get consistent protection for your models and platforms, even if your needs change later.

Developers can now add Model Armor’s prompt and response screening automatic checks for inappropriate, harmful, or unsafe inputs and outputs to their applications using a REST API (a way for applications to communicate over the web) or by integrating with Apigee (an API management platform). Soon, you’ll be able to use Model Armor inline without changing your apps, thanks to upcoming integrations with Vertex AI and our cloud networking products.

We are using Model Armor not only because it provides robust protection against prompt injections, jailbreaks, and sensitive data leaks, but also because it helps us achieve a unified security posture through the Security Command Center. We can quickly identify, prioritize, and respond to potential vulnerabilities without impacting the experience of our development teams or the apps themselves. We view Model Armor as critical to safeguarding our AI applications and to centralizing the monitoring of AI security threats alongside our other security findings within SCC. It is a game changer,” said Jay DePaul, Chief Cybersecurity and Technology Risk Officer, Dun & Bradstreet.

Organizations can use AI protection to enhance the security of Vertex AI applications by applying security postures in the Security Command Center. These controls are built on a deep understanding of Vertex AI’s design, helping you set secure configurations and prevent unwanted changes.

Managing AI Threats

AI protection uses security intelligence and research from Google and Mandiant to help protect your AI systems. Security Command Center detectors can spot initial access attempts, privilege escalation, and persistence threats in AI workloads. New detectors based on the latest intelligence, including those for model hijacking, will be available soon.

“As AI-driven solutions become increasingly commonplace, securing AI systems is paramount and surpasses basic data protection. AI security – by its virtue – necessitates a holistic strategy that includes model integrity, data provenance, compliance, and robust governance,” said Dr. Grace Trinidad, Research Director, IDC.

Piecemeal solutions can leave critical vulnerabilities exposed, rendering organizations susceptible to threats such as adversarial attacks or data poisoning, and adding to the overwhelming security challenges that security teams already face. A comprehensive lifecycle-focused approach enables organizations to effectively mitigate the multifaceted risks posed by generative AI and manage increasingly complex security workloads. By taking a holistic approach to AI protection, Google Cloud simplifies and thus improves the experience of securing AI for customers,” she said.

Enhance AI Protection With Expert Support.

The Mandiant AI security consulting portfolio helps organizations assess and strengthen the security of AI systems across multiple clouds and platforms. Our consultants review your entire AI setup and suggest ways to enhance its security. They also offer red teaming for AI using insights from the latest real-world attacks.

Building on a Secure Foundation

Customers can benefit from running AI workloads on Google Cloud’s secure-by-design infrastructure, which features safeguards, encryption, and strict supply chain controls.

If your AI workloads are regulated, assured workloads create environments with strict policy guardrails, such as data residency, which ensures your data stays within a specified location, and customer-managed encryption, which means you control the encryption keys for your data. Audit Manager demonstrates compliance with regulations and new AI standards by providing reports and evidence of adherence. Confidential computing protects data during processing; this means data remains encrypted and inaccessible to unauthorized parties even from users with system access or internal threats.

If you want to find unsanctioned or shadow AI use in your workforce, Chrome Enterprise Premium can help. It gives you visibility into end-user activity and helps prevent both accidental and intentional leaks of sensitive data in generative AI applications.

Next Steps

Google Cloud remains dedicated to supporting organizations in protecting AI innovations. Additional information is available in the showcase paper from Enterprise Strategy Group and at the online security talks event on March 12th.

To try AI protection in the Security Command Center or learn about subscription options, contact a Google Cloud sales representative or an authorized partner.

More exciting capabilities are coming soon, and we will share in-depth details on AI protection and how Google Cloud can help you securely develop and deploy AI solutions at Google Cloud Next in Las Vegas, April 9 to April 11.

Source: Announcing AI Protection: Security for the AI era

News
0
0
8 min read

Apple Expands Private Cloud Compute For Secure AI Processing

Apple introduced new updates throughout its platforms to give users more control over their data. Private Cloud Compute, a feature that processes information on remote Apple servers without storing it long-term, brings the iPhone’s strong privacy protections to the cloud so users can get both smart features and privacy. New tools such as locked and hidden apps which require authentication for app access and conceal selected apps help secure sensitive information on devices. Other updates include privacy-focused features in Mail (which limit email tracking), satellite messaging (allowing texts in areas without cell service), and Presenter Preview (a preview before sharing your screen).

Private cloud compute allows Apple Intelligence to process complex user requests with groundbreaking privacy,” said Craig Federighi, Apple’s senior vice president of software engineering. “We’ve extended iPhone’s industry-leading security to the cloud with what we believe is the most advanced security architecture ever deployed for cloud AI at scale. Private Cloud Compute uses your data only to fulfill your request and never stores it, ensuring it’s never accessible to anyone, including Apple. And we’ve designed the system so that independent experts can verify these protections.”

Superior Privacy for AI Capabilities

Apple Intelligence is a personal intelligence system built into iPhone, iPad, and Mac. It uses advanced generative models to make these devices more helpful and enjoyable to use.

A key part of Apple Intelligence is on-device processing, which means features are powered directly on the user’s device without collecting user data. When more computing is needed, private cloud computing steps in and uses larger server-based models software that runs on powerful remote computers to handle complex tasks while still protecting customer privacy.

When a user makes a request, Apple Intelligence checks whether it can handle it locally on the device. If the task is too complex, only the necessary data is sent to Apple Silicon servers using private cloud compute. The data is not shared, stored, or shared with Apple, and is used only to complete the request.

Apple silicon servers that power Private Cloud Compute provide strong cloud security. The Secure Enclave protects important encryption keys by keeping them isolated from the rest of the system. Secure Boot is a feature that ensures only approved and verified software can run on the server’s operating system, as it does on an iPhone. Trusted Execution Monitor is a security tool that ensures only approved code runs on the servers. Attestation allows devices to verify a server’s identity before sending any data. Independent experts can review the server code to confirm Apple’s privacy claims.

More Privacy Features Intended To Support Users

Locked and hidden apps help users keep their information private when sharing their screen or device. Users can lock an app to protect its content or hide it so others can’t see it. If someone tries to open a locked app, they must use Face ID, Touch ID, or a passcode. Hidden apps are moved to a special folder that also requires authentication to open.

“We relentlessly deliver on our pledge to give users the strongest and most innovative privacy protections,” said Eric Neuenschwander, Apple’s Director of Customer Privacy. “This year is no exception, and the ability to lock and hide apps is just one example of Apple helping users remain in control of their information, even if they are sharing their devices with others.”

Apple has long worked to let users control what they share and with whom. In 2020, the Photos picker allowed users to select specific photos for apps without granting full access. This year, new features have been built on that. Contacts permission improvements in iOS 18 let users pick which contacts to share with an app. The Accessory Setup Kit gives developers a way to pair accessories without apps, see all devices on the network, and keep things private and easy.

Other updates throughout Apple’s platform make it even easier for users to use privacy and security features.

The new Passwords app builds on Keychain, which Apple introduced over 25 years ago. It lets users easily access account passwords, passkeys, Wi-Fi passwords, and two-factor codes stored securely. The app also warns users about weak, reused, or leaked passwords.

Additional Features Built With Privacy By Design

Apple has added privacy and security protections to its apps and services for years, and iOS 18, iPadOS 18, and macOS Sequoia sustain this approach.

In iOS 18, Mail now sorts messages directly on the user’s iPhone into primary promotions, transactions, and updates, helping users focus on what matters most.

With iOS 18, users can send messages to friends and family over satellite when they don’t have cellular or Wi-Fi. They can use their regular iMessage and SMS conversations, and iMessage stays end-to-end encrypted.

Presenter preview in macOS Sonoma helps users avoid sharing too much during video calls, AirPlay, or when connecting with a cable. In apps like FaceTime and Zoom, users can choose to share their entire screen or just one app, and the presenter preview appears automatically.

Availability

Access the developer betas of iOS 18, iPadOS 18, and macOS Sequoia now at developer.apple.com if you are an Apple Developer Program member. Expect public betas at beta.apple.com next month. Receive the updated software this fall as a free update. Be aware that features may change and may not be available everywhere in every language or on all devices. Check apple.com for detailed availability.

Use Apple Intelligence in beta this fall on iPhone 15 Pro, iPhone 15 Pro Max, or any iPad or Mac model with an M1 chip or newer as part of iOS 18, iPadOS 18, and macOS Sequoia. Set Siri’s language to US English to enable it. Get more information at apple.com/apple-intelligence.

Source: Apple extends its privacy leadership with new updates across its platforms