𝗕𝗿𝗶𝗻𝗴 𝗰𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆, 𝘀𝗽𝗲𝗲𝗱, 𝗮𝗻𝗱 𝗰𝗹𝗮𝗿𝗶𝘁𝘆 𝘁𝗼 𝗲𝘃𝗲𝗿𝘆 𝗻𝗲𝘄 𝗰𝗹𝗼𝘂𝗱 𝘆𝗼𝘂 𝗼𝗻𝗯𝗼𝗮𝗿𝗱. When you’re asked to support a new cloud provider, the challenges stack up quickly. Each platform has its own controls, compliance rules, and

𝗔𝗰𝗰𝗲𝗹𝗲𝗿𝗮𝘁𝗶𝗻𝗴 𝗔𝗜 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗥𝗼𝗹𝗹𝗼𝘂𝘁𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗚𝗮𝗽𝘀: How one product team got AI features security-approved without the usual red tape. A global systemic bank was ready to ship new AI features on Amazon Bedrock, but security

5/ Your security depends on research that doesn't trust a single source. → See how our research provides weekly updates to our threat models: https://t.co/WfhEPzgNYl #CloudSecurity #ThreatIntelligence #GoogleCloud #BigQuery #CybersecurityResearch

4/ While we worked with Google Cloud to restore the BigQuery dataset, our research continued uninterrupted because we'd already built redundancy into our research process. Multiple data sources. Continuous validation. Automated gap detection.

3/ Here's the deeper problem we uncovered: #GCP has no single, reliable source for all release notes. Some services only publish to individual doc pages. Others appear in aggregate feeds but not in BigQuery. And some, like Valkey, don't appear in any programmatic feed at all.

2/ For security teams relying on this feed, that meant weeks of blind spots: no visibility into Memorystore Cluster updates, Valkey releases, or Firestore MongoDB compatibility changes.

🚨 Our research team found something concerning in Google Cloud. GCP’s BigQuery release notes dataset hadn’t been updated since October 16th. 🧵👇

A lean cloud team expanded from AWS to GCP. ⚡ Audited workloads in GCP in under 6 months 🎯 Unified security across both clouds 🚀 No consultants, no chaos See how they did it 👉 https://t.co/NRUcxBDqKA #CloudSecurity #MultiCloud #TrustOnCloud

🚀 “Before TrustOnCloud, every new cloud service felt like a security gamble. Now, we say yes with confidence and ship faster.” - Executive Director, Public Cloud A Fortune 500 turned security bottlenecks into growth: ⚡️ 70% faster onboarding 🎯 Controls mapped to threats 🧩

Check out the blog by Bryce Johnson, CISSP 👇 https://t.co/YqBTsPy2zO #cloudsecurity #gcp #policyascode #opensource

Think of it as policy-as-code leveled up. Instead of relying only on defaults, you can encode your org’s best practices directly into GCP: closing misconfig gaps before they turn into incidents.

📌 In this post, you’ll learn: ✅ YAML samples for Cloud SQL, GKE, BigQuery & more ✅ Why built-in controls aren’t enough ✅ How to codify best practices as enforceable policy

🚨 Misconfigs are still the top cause of cloud breaches. Built-in GCP org policies don’t cover every gap. We just open-sourced custom constraints to help teams lock down environments with granular, preventative controls. https://t.co/YqBTsPy2zO

𝗧𝗵𝗲 𝗼𝗻𝗲 𝘁𝗿𝗶𝗰𝗸 𝘁𝗵𝗮𝘁 𝗺𝗮𝗸𝗲𝘀 𝗖𝗜𝗦 𝗯𝗲𝗻𝗰𝗵𝗺𝗮𝗿𝗸𝗶𝗻𝗴 𝗳𝗼𝗿 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗔𝘇𝘂𝗿𝗲 𝗳𝗲𝗲𝗹 𝗹𝗲𝘀𝘀 𝗺𝗮𝗻𝘂𝗮𝗹. Mapping to the CIS Microsoft Azure Foundations Benchmark can feel like a checklist chore, especially when your cloud environment

Using RCP in OpenSearch: Odd fit or a glimpse of the future? Read more: https://t.co/KduoRO0Ty7

Defining Cloud Security Controls w/ Tyson Garrett 🎧60-sec clip on the “Security You Should Know podcast” by the @cisoseries. Listen now: https://t.co/9qMsc34fpI #CloudSecurity #CISOSeries #ThreatModeling #CloudControls #SecurityArchitecture

Making Cloud Threat Modeling Executable Tyson Garrett recently sat down with #SafetyDetectives to share how teams can move beyond static frameworks and bring threat modeling into real engineering workflows. Read now: https://t.co/o9wWua5SRC

TrustOnCloud named a Sample Vendor for Threat Modeling Automation in four 2025 Gartner® Hype Cycle™ reports: https://t.co/KlxTmTWVeu

🎧Understanding Cloud Dataflows: 60-sec clip from Security You Should Know @cisoseries Listen now:▶️ https://t.co/9qMsc34fpI #CloudSecurity #CISOSeries #ThreatModeling

🎙️Security You Should Know: Our CTO Tyson Garrett joins Derek Fisher (Temple University) & Davi Ottenheimer (Inrupt) to discuss hidden #Cloud & #SaaS risks + how to tackle them. Listen now:🎧 https://t.co/9qMsc34fpI #CloudSecurity #CISO