CloudQuery

Getting started: The integration uses Zoom's Server-to-Server OAuth authentication. See the docs for setup and configuration examples.

Technical details: https://www.cloudquery.io/blog/introducing-the-zoom-source-plugin

The integration pulls data from the Zoom API for users, roles, role memberships, groups, and group admins.

This gives you the raw material for access audits, compliance checks, and cross-platform identity reconciliation.

Group admins can manage members within their groups - a permission that's easy to hand out and forget about.

One query surfaces all group admin assignments across your entire workspace.

Cross-reference Zoom users against Okta to find orphaned accounts - former employees, contractors whose access wasn't revoked, or shadow accounts.

Your team stops clicking through admin panels and starts running queries for least-privilege reviews.

If someone has Admin or Owner who shouldn't, you'll spot it.

The new CloudQuery Zoom Source Integration syncs your workspace data - users, roles, groups, and group admins - into PostgreSQL, Snowflake, BigQuery, or any supported destination.

Now you can query it all with SQL.

Managing Zoom access across a growing workspace usually means clicking through the admin console one user at a time.

Who has admin privileges? Are there accounts that should have been deprovisioned?

We just released a better way to answer these questions. 🧵

We analyzed what worked in year one, common failures, and what to expect from regulators.

Full analysis: https://www.cloudquery.io/blog/dora-ict-asset-register

BaFin made it clear in December: the "transformation year" is over.

Stricter enforcement coming in 2026, including on-site inspections. No further grace period.

We built CloudQuery to take that hassle away.

Your team stops chasing data across consoles and starts answering auditor questions in minutes instead of weeks.

Organizations that stopped chasing their own data saw different results.

Automation handled 80% of DORA technical tasks, cutting compliance time and personnel by 50-70%.

The problem wasn't effort or budget. It was approach.

Teams were logging into three different cloud consoles, exporting CSVs, reconciling spreadsheets, and still ending up with gaps and stale data.

McKinsey found institutions spending €5-15M on DORA programs. 40% dedicated 7+ full-time employees just to managing the register.

Yet only 33% felt confident they could meet requirements by the deadline.

Organizations with automated asset inventories submitted in hours.

Those relying on spreadsheets scrambled for weeks. Luxembourg's CSSF had to extend deadlines until May 31 because so many needed to fix errors and resubmit.

One year into DORA enforcement, 46% of financial institutions cited the Register of Information as their biggest compliance challenge.

The April 2025 deadline exposed a clear divide. 🧵

We wrote SQL detection queries and remediation steps for CodeBreach.

Covers terminology, vulnerable patterns, and other CodeBuild security checks (PR approval, event filters).

Read the full guide: https://www.cloudquery.io/blog/codebreach-vulnerability-detection

The fix:
1. Anchor all patterns: `^755743$|^123456$` instead of `755743|123456`
2. Enable Pull Request Comment Approval
3. Use fine-grained GitHub PATs with minimal permissions
4. Audit build environment variables

CloudQuery syncs all your CodeBuild configurations into SQL-queryable tables.

One query audits every project across all AWS accounts and regions to find unanchored patterns. Takes seconds after the initial sync.

Who's affected?
→ Public repos with CodeBuild webhooks
→ Projects using `ACTOR_ACCOUNT_ID` filters
→ Builds triggered by external PR contributors

Highest risk: public repositories where anyone can open a pull request.

Wiz Security disclosed this in Jan 2026. AWS patched within 48 hours, no customer environments compromised.

But the vulnerability class still exists in any organization using CodeBuild webhooks with actor ID filtering.

The vulnerability: AWS CodeBuild's `ACTOR_ACCOUNT_ID` filters used regex patterns without `^` and `$` anchors.

Pattern `755743` matches any GitHub ID *containing* that string, not just exact matches. An attacker with ID `226755743` would pass the filter.

Two missing characters nearly compromised the AWS Console.

CodeBreach: a supply chain attack exploiting regex patterns in AWS CodeBuild webhook filters. Here's how to audit your own configurations 🧵

Full post breaks down the technical specs, why networking was easier, and what unified visibility actually requires across clouds.

https://www.cloudquery.io/blog/aws-google-cloud-networking-partnership

Solving multicloud visibility means normalizing data across different APIs.

AWS credentials, GCP service accounts, Azure principals. Different rate limits, pagination, continuous syncing.

The harder problem remains unsolved.

A faster network pipe doesn't help when you can't answer:

"Which resources across all our clouds are missing encryption right now?"

Network connectivity was never the hard part of multicloud.

Multiply that across storage, databases, IAM, networking, serverless.

AWS uses IAM roles. GCP uses service accounts. Azure uses managed identities.

82% of enterprises expect AI to accelerate multicloud demand. More clouds = more API inconsistency.

But convenience wasn't the blocking issue.

The blocking issue: AWS and Google speak completely different languages.

AWS DescribeInstances vs GCP compute.instances.list - same concept, different schemas, auth, pagination, rate limits.

BGP has been around since 1994. Dedicated fiber connections between data centers aren't new. Companies like Megaport and Equinix offered cross-cloud connectivity for years.

What changed? Convenience. Provisioning drops from weeks to minutes.

The partnership combines AWS Interconnect-multicloud with Google Cross-Cloud Interconnect.

1 Gbps during preview, scales to 100 Gbps. Five US and European regions. Azure joining in 2026.

Technical specs matter for network teams.

AWS + Google partnered on multicloud networking.

Provision connections in minutes instead of weeks. MACsec encryption, quad-redundancy, open spec.

But here's the thing: network pipes were the easy problem. 🧵