Free AWS Security Whitepaper
    Toc Consulting Logo
    AWS Security Digest·Week 11 of 2026·Mar 10-15, 2026·5 items

    Security Hub Goes Multicloud, Sovereign Cloud Gets SOC 2

    Security Hub Extended officially expands to AWS, Azure, GCP, OCI, and Kubernetes, the long-anticipated cross-cloud play. European Sovereign Cloud completes SOC 2 Type 2 and BSI C5 audits. IAM Roles Anywhere ships post-quantum signing via ML-DSA. Inspector Classic gets a May 2026 EOL date.

    In this issue1critical1high2medium1info

    Highlights

    5 items
    $ tail -f /var/log/aws-security.log
    critical/Feature Launch/

    Security Hub Expanding to Multicloud Environments

    AWS announced Security Hub is expanding to aggregate and correlate findings across multicloud environments. New capabilities include unified risk analytics across clouds, expanded Amazon Inspector scanning for VMs/containers/serverless, external network scanning for internet-facing exposure, and integrations with CrowdStrike, Okta, Proofpoint, Splunk, and Zscaler. This positions Security Hub as a multicloud CNAPP.

    Security HubInspector
    high/Compliance/

    European Sovereign Cloud Achieves First Compliance Milestone

    SOC 2 Type 1, C5 Type 1, and seven ISO certifications (27001, 27017, 27018, 27701, 22301, 20000-1, 9001) are now available for the European Sovereign Cloud, covering 69 services. This is the fastest compliance ramp for any new AWS partition.

    European Sovereign Cloud
    medium/Feature Launch/

    IAM Roles Anywhere: Post-Quantum ML-DSA Support

    IAM Roles Anywhere now supports FIPS 204 Module-Lattice Digital Signature Standard (ML-DSA) for quantum-resistant digital certificates. Available in all regions including GovCloud, European Sovereign Cloud, and China. This is part of AWS's broader post-quantum cryptography migration.

    IAMRoles Anywhere
    medium/Service Update/

    Amazon Inspector Classic End-of-Life: May 20, 2026

    AWS will end support for Inspector Classic on May 20, 2026. Users must migrate to the modern Amazon Inspector, which offers continuous scanning, SAST, SCA, and IaC scanning capabilities that Classic never had.

    Inspector
    info/Compliance/

    AWS at RSAC 2026 Conference (Mar 23-26)

    AWS announced its RSAC 2026 presence in San Francisco with four sessions covering expanded Security Hub, AI security, privacy-by-design, and AI-native incident response.

    Security Hub

    Key Takeaway

    1 item
    $ cat WEEKLY_SUMMARY.md

    Security Hub multicloud is the headline. AWS is explicitly positioning Security Hub as a multicloud CNAPP competitor to Wiz, Prisma Cloud, and Orca. Combined with the Extended Plan (Week 9), Security Hub is transforming from a finding aggregator into a full security operations platform. If you evaluate third-party CNAPP tools, Security Hub should now be in the comparison.

    Filed Under
    Security HubMulticloudSovereign CloudPost-QuantumInspectorRSAC
    Previous
    Week 10 - Mar 3-9, 2026
    Next
    Week 12 - Mar 16-22, 2026

    Need Custom Security Briefings?

    These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.

    All DigestsSubscribe via RSSGet in Touch