News & Updates

Two interactive scenarios are now publicly available: secret injection into Kubernetes pod memory, and client-side S3 encryption through the CloudTaser proxy. Both run on real infrastructure with a live EU vault — no signup required.

The CloudTaser S3 Proxy now performs full envelope encryption using OpenBao's transient secret engine: unique AES-256-GCM data key per object, wrapped via Transit, plaintext DEK never persists. Compatible with any S3-compatible storage (AWS S3, GCS, MinIO).

The Kubernetes mutating admission webhook now reliably injects the CloudTaser wrapper into pods. Auto-detects container image entrypoints from OCI registries (supports private registries), rewrites commands transparently. No sidecar containers — zero resource overhead compared to vault-agent-injector. Full CI/CD with integration tests on every release.

The eBPF agent now attaches to sys_enter_openat tracepoints and kprobes for comprehensive kernel-level monitoring. Detects /proc/environ reads, secret material in network buffers, and translates container PIDs to host PIDs for cross-namespace visibility. Enforcement mode can block unauthorized access in real time.

The privacy advocacy group noyb filed formal complaints against EU institutions (including the European Commission) for using Microsoft 365 and AWS without adequate data protection measures. The complaints argue that EU institutions are themselves violating the GDPR by transferring data to US providers without effective supplementary measures. Source: noyb.eu

The EU-US Data Privacy Framework (the successor to Privacy Shield) faces renewed legal challenges. Philippe Latombe, a French MP, filed an action before the CJEU arguing that US surveillance reforms are insufficient. If invalidated (a "Schrems III" scenario), companies relying on the framework for US cloud transfers would lose their legal basis overnight — only technical measures that prevent provider access would remain viable. Source: IAPP

The Danish Data Protection Authority (Datatilsynet) ordered Helsingør municipality to cease using Google Workspace and Chromebooks, finding that Google's data processing does not provide adequate protection against US government access. The ruling was upheld despite Google's claims of encryption — because Google holds the keys. Source: Datatilsynet

The European Commission adopted the EU-US Data Privacy Framework, providing a new legal basis for data transfers. However, the EDPB stressed that the framework does not eliminate all risks and that supplementary technical measures remain recommended for sensitive data. The EDPB's guidance explicitly recommends client-side encryption where the data importer (cloud provider) does not have access to keys. Source: EDPB Recommendations 01/2020

The Court of Justice of the EU ruled in Case C-311/18 (Schrems II) that the EU-US Privacy Shield was invalid because US surveillance laws (FISA 702, EO 12333) do not provide equivalent protection to EU fundamental rights. The ruling required that any data transfers to the US must include "effective supplementary measures" to prevent access by US authorities. This is the legal foundation for why technical controls — not just contracts — are necessary. Source: CJEU

The Clarifying Lawful Overseas Use of Data (CLOUD) Act was signed into US law, requiring US-based service providers to comply with warrants for data regardless of where the data is physically stored — including EU data centers. This law is the direct mechanism by which US authorities can compel access to EU customer data on AWS, GCP, and Azure, even when stored in Frankfurt, Dublin, or Amsterdam. Source: congress.gov