Category Archives: Cloud Computing

Interest in quantum computing is on the rise as, step by step, science fiction becomes science fact. Early-stage commercial quantum computers featuring around a hundred or so qubits can now be accessed via the web through Quantum-Computing-as-a-Service (QCaaS) providers such as QCWare, Azure Quantum, Amazon Bracket, and others. QCaaS takes quantum computing to a new audience outside of the research lab, offering users a much more accessible way to explore potentially exponential processing prospects.

Quantum computers encode and manipulate information using a choice of atoms, electrons, or photons. And because these processing bits (or qubits) are quantum in nature, they can represent not just the familiar ones and zeros of classical computers, but also a wide range of possible states in between. Whats more, thanks to quantum entanglement a phenomenon recognized by the 2022 Nobel Prize in Physics qubits can perform their calculations in concert and begin to describe complex systems beyond the capability of classical computers.

QCaaS opens the door to a range of hardware platforms, including quantum annealers (such as those developed by D-Wave) and various gate-based processors. This latter group includes superconducting electric circuits held at cryogenic temperatures for example, processors designed by rigetti and OQC as well as trapped-ion quantum computers, such as IONQs that manipulate particles with a laser to carry out gate operations. Looking at other architectures, Xanadus modular photonic quantum processors use squeezed light pulses to engineer qubits. And theres no shortage of ingenuity when it comes to designing quantum computers.

Its an exciting time for stakeholders, but numerous challenges remain due to the sensitivity of the measurements involved. Operators have to go to great lengths to prevent the surrounding environment from spoiling the quantum output. Qubits are fragile, Sabrina Maniscalco, CEO and co-founder of Algorithmiq, told TechHQ. They are imperfect and subject to errors. Maniscalco leads a team of quantum computing experts based in Finland that is developing ways to help clean up this noise, so that users can make better use of todays early quantum computers.

Processors inside classical computers are subject to errors too, but over the years, error correction schemes have been perfected that mitigate those missteps. One approach in the quantum computing domain is to build so-called logical qubits comprising a number of physical qubits to engineer fault tolerance. But as images of todays quantum computers reveal, the hardware is complex and scaling up the number of available qubits isnt straightforward. With only a relatively small number of qubits currently at their disposal, developers have little capacity for implementing error correction in this classical way.

No doubt, progress in quantum computing hardware will continue (IBM has a roadmap to ramp up from 127 to 4158 qubits by 2025) and drive progress in qubit-level error correction. But platform-agnostic algorithm processing offers a tool that QCaaS customers can use now to clean up the signal regardless of the type of quantum computer running in the background. Growing interest in quantum-resilient data encryption schemes (driven by the likelihood that powerful quantum computers will one-day break the classical algorithms that protect todays data as it travels over the internet) points to rising confidence in the capabilities of quantum computers.

We are in a moment when we can start with quantum and have useful products, comments Maniscalco. What makes the difference, is the way of reading out the data so that its informationally complete allowing many properties to be extracted at once. Maniscalco, like many in the field, believes that quantum computers can have real-world impact across a range of industries. Application areas include materials design and the prediction of molecular structures. With quantum constituents at their heart, quantum computers have the capacity to be much more capable at simulating chemical systems compared with classical machines. And Maniscalco is particularly keen to apply the exponential power of quantum processors to pharmaceutical drug discovery an area that is ripe for acceleration.

Writing on the topic of quantum network medicine, her research team highlights that the mechanical simulation of the binding between a small molecule and the biologically active site of a protein target is ultimately a quantum problem. And here quantum algorithms have the potential to describe chemical binding from first principles. This is a powerful predictive feature when you consider that alternative artificial intelligence (AI) led approaches demand huge datasets to map out just a small portion of the measurement space.

The quantum nature of the processing architecture has promise in capturing quantum effects that would otherwise be difficult to model. Examples of such characteristics include molecules that are in a stretched configuration, out of equilibrium in the binding process, which could lead to more realistic and accurate drug models. Big pharma is taking note of the gains being made in the quantum computing sector, both in terms of data processing and usability. And many commentators are describing quantum computing as the next big disrupter in the pharmaceutical industry.

Today, there are many more guides available on how to run code on a quantum computer. APIs and SDKs written in popular computing languages such as Python are also easier to find. Plus, there are startups such Algorithmiq, and others, with quantum computing experts at the helm to provide practical tools and assistance. And as the QCaaS ecosystem grows, users will increasingly be able to focus on the results rather than getting bogged down in the technical details, which can be somewhat mysterious and hard to fathom unless you happen to have a PhD in quantum computing.

Follow this link:

Sharpening the predictive power of quantum computers in the cloud - TechHQ

Kyndryl (NYSE: KD), the worlds largest IT infrastructure services provider, and Microsoft today announced plans to expand the reach and impact of their global strategic partnership by helping customers expand and increase access to valuable mainframe data.

Kyndryl, provider of the secure multi-tenant zCloud, is applying its unique expertise to create data pipes that enable connections between the mainframe, including its zCloud platform, and the Microsoft cloud, making it easier for customers to move their mainframe data to the cloud, thereby unlocking new uses and value streams from their entire data estate. Customers will have a holistic view of their data and can take advantage of machine learning, AI, analytics, and reporting, and will be able to leverage low code/no code applications with Microsoft Power Platform.

Kyndryl and Microsoft also plan to combine mainframe data with other internal and external cloud-based data sources that will enable customers to create new applications that leverage modern analytics and visualisation tools to deliver advanced insights at scale.

As part of the joint mainframe modernisation initiative, Kyndryl will launch consulting and integration services developed to help customers more easily and efficiently plan, design, and connect mainframe data to Azure Cloud and Edge Computing environments.

As part of our collaboration with Microsoft on mainframe modernisation, we are helping customers increase access to valuable mainframe data and leverage new capabilities that will show benefits of cloud automation and insights from their IT environments, said Petra Goude, Kyndryl Global Practice Leader, Core Enterprise and zCloud. Through this initiative, we are teaming with Microsoft to increase flexibility and availability of mainframe datawhether workloads are in the cloud, on-premises, or at the edge.

Microsofts AI-enabled Power Platform capabilities, Kyndryls rich mainframe ecosystem and managed services experience are a strong combination that will help customers unlock their mainframe data, said Kelly Rogan, Corporate Vice President, Global System Integrator and Advisory Partners at Microsoft. Were excited that our expanded collaboration will allow us to deliver new innovations that make it easier for customers to take advantage of the cloud to access data and make informed, data-driven business decisions.

Go here to read the rest:

Kyndryl and Microsoft deliver cloud-based innovation to mainframe customers - ETCIO South East Asia

- Tietoevry Banking will onboard their Payments product portfolio, including Card Suite, Payment Hub, Virtual Account Management, and Instant Payments Solutions to the IBM Cloud for Financial Services.

- IBM Consulting enters into a global business transformation and system integration initiative with Tietoevry Banking supporting the digitization of new and existing banking clients with focus on payments, card issuing and merchant acquiring.

Oct 10, 2022

Amsterdam, October 10, 2022.Today at Sibos 2022, IBM (NYSE: IBM) and Tietoevry, an IT software and services company headquartered in Finland announced a global technology and consulting collaboration for its financial technology software unit Tietoevry Banking to help deliver secured and innovative solutions for payment and transaction technology to banks globally.

Payment transactions, card payments and instant payments are a rapidly changing and growing industry that affects millions of households globally. As payment transactions continue to grow, cybercrime and data breaches are also on the rise. It has been estimated that financial services may suffer billions of dollars in losses due to cybercrime.1Tietoevry Banking chose to collaborate with IBM to leverage IBM Cloud for Financial Services and IBM Consulting to help accelerate clients hybrid cloud adoption while balancing the need to address security and compliance requirements with driving innovation.

Ilkka Korkiakoski, Head of Tietoevry Banking, Payments: For Tietoevry Banking, the collaboration signifies a leap into a financial market sector that is on another scale. Together with IBM we can offer significant added value to the financial sector: scalable consultancy practice for system integration and volume transition to cloud designed to support regulatory compliance, best practices from the SaaS and SLA industries, automation and flexibility in performance and volumes processing. Combining IBMs state of the art with our deep knowledge in payments and cards is a perfect match to drive the payments industry to the next level. It will open new doors and can extend our footprint and delivery capability outside the Northern Europe, Ilkka Korkiakoski says.

Tietoevry Banking provides scalable and modular Banking as a Service and software built by extensive industry expertise, accelerating the digital transformation of financial institutions focused on clients across the Nordics and globally. In the synergetic collaboration, Tietoevry Banking will onboard its Payments software portfolio, such as Card Suite, Payment Hub, Virtual Account Management, Instant Payments Solutions, to IBM Cloud for Financial Services and provide its managed services and SaaS capabilities to help global banks facilitate card management and payments on an industry cloud with built in security and compliance controls. The collaboration aims to help banks address the industrys stringent compliance, security, and resiliency requirements while supporting business transformation, volume migration to new platforms and innovation. In addition, IBM Consulting and Tietoevry Banking will work together to help joint clients transform and modernize at scale and support them in their journey to a hybrid cloud.

Paul Krogdahl, CTO, Global Core Banking & Payments ISV Practice at IBM said: "IBM has a long history working with clients in highly regulated industries and IBM Cloud for Financial Services was designed to help banks drive innovation and to support security and compliance needs. This initiative with Tietoevry Banking further expands our technology portfolio of financial services ecosystem partners with additional capabilities. We expect to see robust growth in the payments, cards and banking services as a platform space as an increasing number of banks globally choose to consume services as part their business strategy rather than buying or building software on their own."

As part of this work, IBM Consulting will be a global system integrator, implementation partner and managed operations partner for Tietoevry Bankings payment software portfolio. IBM Consulting will provide the deep financial services expertise needed to bring long-term value to both existing and future clients and help guide their transformation. This collaboration will also help Tietoevry Banking advance its digitization strategy and enhance its payments solution with increased security and scalability.

To learn more about IBMs insights and solutions for the financial services industry, please visithttps://www.ibm.com/banking

Contact persons:

Tietoevry

Geir Remman

+47 97055017

IBM

Willemijn Steegenga

+31 6 53 691481

willemijn_steegenga@nl.ibm.com

About Tietoevry

Tietoevrycreates purposeful technology that reinvents the world for good. We are a leading technology company with a strong Nordic heritage and global capabilities. Based on our core values of openness, trust, and diversity, we work with our customers to develop digital futures where businesses, societies, and humanity thrive.

Our 24,000 experts globally specialize in cloud, data, and software, serving thousands of enterprise and public sector customers in more than 90 countries. Tietoevrys annual turnover is approximately EUR 3 billion and the companys shares are listed on the NASDAQ exchange in Helsinki and Stockholm, as well as on Oslo Brs. http://www.tietoevry.com

About IBM

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries.Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely.IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients.All of this is backed by IBM's legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visitwww.ibm.com.

Read this article:

IBM and Tietoevry Form a Global Collaboration Taking a New Step Forward in the Development of Financial Services Technology - IBM Newsroom

The probe will focus on so-called "hyperscalers" like Amazon Web Services and Microsoft Azure, which let businesses access computing power and data storage from remote servers.

Chesnot | Getty Images

British media regulator Ofcom is investigating Amazon, Microsoft and Google's tight grip on the cloud computing industry.

In the coming weeks, the watchdog will launch a study to examine the position of firms offering public cloud infrastructure and whether they pose any barriers to competition.

Its probe, announced Thursday, will focus on so-called "hyperscalers" like Amazon Web Services, Microsoft Azure and Google Cloud, which let businesses access computing power and data storage from remote servers, rather than host it on their own private infrastructure.

Further action could be taken by the regulator if it finds the companies are harming competition. Selina Chadha, Ofcom's director of connectivity, said the regulator hadn't yet reached a view on whether the cloud giants are engaged in anticompetitive behavior. Ofcom said it will conclude its review and publish a final report including any concerns and proposed recommendations within the 12 months.

Amazon, Microsoft and Google were not immediately available for comment when contacted by CNBC.

The review will form part of a broader digital strategy push by Ofcom, which regulates the broadcasting and telecommunications industries in the U.K.

It also plans to investigate other digital markets, including personal messaging and virtual assistants like Amazon's Alexa, over the next year. Ofcom said it is interested in how services including Meta's WhatsApp, Apple's Facetime and Zoom have impacted traditional calling and messaging, as well as the competitive landscape among digital assistants, connected TVs and smart speakers.

"The way we live, work, play and do business has been transformed by digital services," Ofcom's Chadha said in a statement Thursday. "But as the number of platforms, devices and networks that serve up content continues to grow, so do the technological and economic issues confronting regulators."

"That's why we're kick-starting a programme of work to scrutinise these digital markets, identify any competition concerns and make sure they're working well for people and businesses who rely on them," she added.

Ofcom has been selected as the enforcer of strict new rules policing harmful content on the internet. But the legislation, known as the Online Safety Bill, is unlikely to come into force anytime soon after Liz Truss replaced Boris Johnson as prime minister.With Truss' government grappling with a plethora of problems in the U.K.not least the cost-of-living crisisit's expected that online safety regulation will move to the back of the queue of policy priorities for the government.

The move adds to efforts from other regulators to rein in large tech companies over the perceived stranglehold they have on various parts of the digital economy.

The Competition and Markets Authority has several active probes into Big Tech companies and wants additional powers to ensure a level playing field across digital markets. The European Commission, meanwhile, has fined Google billions of dollars over alleged antitrust offences, is investigating Apple and Amazon in separate cases, and has passed landmark digital laws that may reshape internet giants' business models.

Amazon holds a comfortable lead in the cloud infrastructure services market, with its Amazon Web Services division making billions of dollars in profits every year. In 2021, AWS raked in $62.2 billion of revenue and over $18.5 billion in operating income.

Microsoft's Azure is the first runner up, while Google is the third-largest player. Other firms, including IBM and China's Alibaba, also operate their own cloud arms.

Combined, Amazon, Microsoft and Google generate roughly 81% of revenues in the U.K.'s cloud infrastructure services market according to Ofcom, which estimates the market to be worth 15 billion ($16.8 billion).

Microsoft recently announced a number of changes to its cloud contract terms, effectively making it easier for customers to use competing cloud platforms as well as Microsoft. The Redmond, Washington-based company had faced complaints from rivals in Europe that it was limiting choice in the market.

Read more:

Amazon, Microsoft and Google face UK probe over dominance in cloud computing - CNBC

For the last few years, cloud adoption has seen an upward trajectory in the Middle East, with many organisations moving data to the cloud. The region is undergoing an economic transformation, with many nations implementing smart city initiatives and updating their national visions while improving their digital economies. National visions in countries such as UAE, Saudi Arabia, Bahrain and Kuwait encourage governments to use emerging technologies in order to achieve their transformation objectives.

For instance, the digital transformation of government operations is a key component of Saudi Arabias Vision 2030. A cloud-first strategy aids lowering total cost of ownership, and strengthening cybersecurity.

Meanwhile, Bahrains cloud-first policy is also devoted to modernising government ICT and setting the bar high for employing cloud computing services in order to cut costs, boost security and efficiency and create first-rate citizen services.

Accelerating cloud adoptionPublic and private sectors in the region are investing in cloud computing to improve their infrastructure and services and leverage this technology to organise and streamline their processes.

Going by the numbers, Gartner forecasts end-user spending on public cloud services in the Middle East and North Africa (MENA) to grow 19 per cent this year. A renewed focus on technology growth post-Covid-19 in the region is leading to continued growth in public cloud spending, said Colleen Graham, senior research director at Gartner, in a statement. Various MENA governments policies on telemedicine, usage of autonomous vehicles, smart cities, and a rapid move towards the next phase of the fourth industrial revolution are opening new growth avenues for public cloud in the region. Additionally, the attention given to building and nurturing talent will turn a new leaf in the regions shift towards becoming a digital economy.

Gartner also stated that in 2022, MENA chief information officers will spend the most on cloud application services, which include business intelligence applications, email and authoring, content services, customer experience and relationship management and supply chain. This segment will total $2.3bn, an increase of 16 per cent from 2021, and will account for 40 per cent of the total investment made in public cloud services.

The second largest segment will be cloud application and infrastructure services, which is forecast to total $1.1bn in 2022, an increase of 25.8 per cent from 2021. Cloud system infrastructure services will record the highest growth. This segment will grow 36.8 per cent to a total $895m in 2022. Dario Sarmiento, manager Service Delivery at Kyndryl Gulf and Levant, believes that disruptive technologies have been at the centre of the IT industry for decades. However, their adoption has recently increased at an accelerated pace, forcing businesses to work in and keep up with a very competitive environment.

In the last five years, we have seen how the convergence of cheaper network access, coupling with the development of better mobile and wireless technologies (peaking, for example, at the current promise of 5G speed for wireless communications) and improvements in the underlying virtualisation technologies, has created multiple options for enterprises to enhance their competitiveness. On the flip side, with all thats available today, some businesses are finding it challenging to prioritise IT initiatives based on their own strategic objectives. Cloud Computing is part of any of those relevant options, so a decision to move there cannot be disregarded, notes Sarmiento.

Are some companies reluctant to move to the cloud?As the world becomes technology-driven, cloud computing has become an integral part of daily life, especially for regional businesses. The cloud helps companies organise their data and keep a backup of every single piece of information used for product development and customer experience enhancement. However, many organisations are still putting off migrating their infrastructure to the cloud. Reason while some may lack IT personnel, others fear the loss of accessibility. Furthermore, the decision-makers focus on the cost. Meanwhile Fayez Eweidat, senior director META at Juniper Networks, observes security as one of the biggest concerns surrounding public cloud adoption. As more companies empower a work-from-anywhere workforce, access to cloud-based applications provides a seamless experience from home to office. However, some companies are hesitant to walk down this path due to concerns about how to transition their existing security, policies and frameworks and continue to meet their compliance commitments, he adds.

However, Sarmiento says it could be one or a combination of various reasons. We have seen organisations wanting to move to the cloud but are held back by the rigidity of their legacy systems. The reality is that the larger the organisations, the longer the legacy systems have been in place. Another stumbling block is the shortage of cloud skills, which can easily impede cloud transformation projects.

The risks of not moving to the cloudSo, what risks are associated with an organisation not moving to the cloud? With the cloud at the centre of all digital transformation journeys, businesses may not be able to capture more extensive opportunities, and they could face limitations on scalability, where the cost would be too high for them to grow because of traditional IT spending that utilises funds that the business could instead use for growth initiatives or innovation.

Not being part of the cloud community also reduces the intelligence of a business. By that, I mean that in todays corporate world, startups and SMEs need to have a smart approach to data. Business intelligence and data analytics need a good understanding of data collection and storage. Not having a robust cloud storage system supporting your business can, therefore, leave a negative impact on having to dig into your data, making your business less efficient, explains Candid Wuest, vice president Cyber Protection and Research at Acronis.

However, before investing in the cloud, organisations should consider how it aligns with their overall business strategy and understand which workloads are best suited to run on the cloud. In short, investing in the cloud must be aligned with developing strategic initiatives. Primarily, an organisation should consider security, compliance, hidden costs, networking, complexities and performance before investing in a cloud environment. Additionally, the preparedness of the team to manage not only the technical aspects of migration and ongoing operations but also the business considerations of optimising costs and assuring compliance are critical factors. Lastly, organisations must assess the technical readiness of any application before moving it to the cloud, comments Eweidat.

Cloud security Tools and best practices Although the cloud is constantly evolving, some best practices have remained firm for ensuring the security of cloud environments. Experts suggest that organisations with existing cloud solutions in place or looking to implement them should consider the advice below to ensure data security.

Emad Haffar, head of Technical Experts at Kaspersky, explains that basic antivirus and anti-malware protection are not enough to protect a cloud infrastructure. Industry best practices dictate that every operating system in the infrastructure needs comprehensive, multi-layered protection that safeguards various types of workloads running on different platforms. Understanding the difference between the cybersecurity responsibility of a cloud host and a cloud tenant is vital as well. In a private cloud setup, protecting the underlying virtualisation and storage as well as network connectivity, must be considered. And while this responsibility is on the shoulders of the provider in a public cloud setup, workload security is still needed, and it is on the tenant side. He adds that having a comprehensive security solution that can cater to all these different scenarios can make the task more manageable.

Meanwhile, Eweidat puts focus on zero trust on how security teams should redesign networks into secure micro perimeters, strengthen data security using obfuscation techniques, limit the risks associated with excessive user privileges and access, and dramatically improve security detection and response with analytics and automation. Organisations investing in security tools and architectures should ensure their investment focuses on managing and monitoring of cloud environments, actionable insights for faster threat detection, security behaviour and event-driven capabilities for real-time alerts.

OverviewMoving forward, the cloud will drive technological innovation and serve as the foundation for business innovation. Thanks to the rising user demand, evolving needs of the organisations and the massive quantity of data, the future of cloud computing in the Middle East is on a steady path to proliferate in the coming years.

Read: Case study: How UAEs Mercury Payments Services fast-tracked its cloud migration with Oracle

Excerpt from:

How cloud computing will serve as the foundation for business innovation - Gulf Business

Can you remember the halcyon days of the video game arcades? This will probably date me, but I have fond memories entering the magical world of a gaming arcade while in first year at university. When the odd early morning Control Systems or Principles of Electricity lecture didnt sound too compelling, Id skip class and head to the local arcade with my friends for an hour or two of Defender, Tempest, Frogger, Space Invaders, or Pac-Man.

I was briefly reminded of the arcade gaming world when I came across a recent publication by the Cloud Security Alliance (CSA): Top Threats to Cloud Computing Pandemic Eleven. The paper discusses cloud security themes and considers a range of cloud-related threats for practitioners and those planning migration to the cloud. As you can see from the front cover illustration above, they have designed the artwork inspired by the Pac-Man maze user interface with the 11 threats replacing the traditional Pac-Man ghosts.

The 11 issues are based on feedback from 700 industry experts who identified these, listed in priority as the top issues in their cloud environments. Each of the 11 topics are discussed briefly before considering the business impact, offering key takeaways and then anecdotes and real examples of exploits and exfiltrations to illustrate what has and can happen if you dont protect against these threats. Each threat is also cross-referenced to other CSA resources such as their Security Guidance document and Cloud Controls Matrix (CCM) template spreadsheet. Useful for any cloud practitioners looking to tighten up their cloud environment.

The 11 threats outlined in the report are as follows:

Things have moved on since the 1980s when Pac-Man was ubiquitous, and the attack vectors were the fast-moving ghost gang characters. Blinky was one of them. Maybe you can remember the others? Internet search engine reports Pinky, Inky, and Clyde were the other ghosts in the Pac-Man gang. Full marks if you named all four! Reading the CSA publication reminded me how challenges have evolved from the on-premises environment where the threats were known, the data center was in close proximity, and the processes and procedures were documented and practiced. In the cloud, we have shared responsibility, and the dynamic as well as the threat models/attack vectors have changed.. Yes, the cloud offers the rigor and security diligence of the major cloud service providers but the need for careful allocation of system admins, setting least privilege, environmental hardening, due diligence, and compliance has not gone away.

Entrust CloudControl offers a compliance-centric, enterprise-grade solution for virtualized and containerized environments. It ensures DevSecOps and security administrators can establish, manage, and maintain a robust security posture across multiple clouds and on-prem environments. This prevents inadvertent or malicious misconfigurations leading to failed audits, service disruption, or breaches in security.

For those organizations migrating to multi-cloud and hybrid deployments, Entrust provides a complete suite of security solutions offering the right tools to protect against the top cloud computing threats outlined by the report. Entrust offers solutions that deliver across categories and enable enterprises to achieve their multi-cloud security strategy through a single vendor, securing the workload, creating trust in the environment in which it runs, and ensuring compliance with defined policy managed and maintained across all artifacts and across all deployment environments.

The post Taking a holistic approach to tackling the Top Threats to Cloud Computing in a multi-cloud world appeared first on Entrust Blog.

*** This is a Security Bloggers Network syndicated blog from Entrust Blog authored by Iain Beveridge. Read the original post at: https://www.entrust.com/blog/2022/09/taking-a-holistic-approach-to-tackling-the-top-threats-to-cloud-computing-in-a-multi-cloud-world/

Read the original:

Taking a holistic approach to tackling the Top Threats to Cloud Computing in a multi-cloud world - Security Boulevard

SEATTLE--(BUSINESS WIRE)--The Cloud Security Alliance (CSA), the worlds leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Recommendations for Using a Customer Controlled Key Store. Written by CSAs Cloud Key Management Working Group, the paper offers guidance to organizations that opt to use a customer controlled key store (CCKS), whereby the key management system (KMS) is external to a cloud service provider (CSP) despite the KMS being a dependency of a cloud service.

Because CCKS is still relatively new within cloud computing, there isnt a deep bench of best practices available. Even so, this pattern is growing in popularity and because of this, we felt it imperative to provide a sound set of guidelines that will help companies taking this path optimize their security and related costs, as well as their operational and business agility, said Paul Rich, a lead author and co-chair of the Cloud Key Management Working Group.

Because CCKS deals with the integration of a chosen KMS and at least one public cloud service, the document provides recommendations for choosing, planning, and deploying a KMS within the context of an integration pattern. It offers guidance pertaining to the technical, operational, legal, regulatory, and financial issues that an enterprise must consider when opting for a CCKS.

Using a CCKS presents numerous challenges, not the least of which is establishing a rationale for selecting a more complex and costly pattern. Despite the potential hurdles, there are several reasons a company might opt to use a CCKS, including:

With this document, we hope to guide the program or project manager as they lead their company through the CCKS lifecycle, providing them with the critical information they need to successfully map the pattern to their organization, said Michael Born, one of the papers lead authors.

The Cloud Key Management Working Group aims to facilitate the standards for seamless integration between cloud service providers and key broker services. Individuals interested in becoming involved in Cloud Key Management future research and initiatives are invited to join the working group.

Download the full document. Those interested in gaining a deeper understanding of Cloud Key Management Service patterns, as well as guidance for its use are encouraged to read Key Management in Cloud Services: Understanding Encryptions Desired Outcomes and Limitations.

About Cloud Security AllianceThe Cloud Security Alliance (CSA) is the worlds leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud from providers and customers to governments, entrepreneurs, and the assurance industry and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at http://www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Read more from the original source:

Cloud Security Alliance Offers Recommendations for Using Customer Controlled Key Store - Business Wire

SAN JOSE, Calif.--(BUSINESS WIRE)--Skyhigh Security today announced it has joined the Cloud Security Alliance (CSA), the world's leading organization dedicated to raising awareness of best practices to ensure a secure cloud computing environment. As a CSA member, Skyhigh Security will further educate the market on best practices for data-aware cloud security that supports rapid digital business transformation and hybrid work environments, while minimizing the impact on security performance, complexity, and cost.

The acceleration of data usage and collaboration outside the network perimeter has caused seismic shifts in IT environments, which inherently comes with risk, said Gee Rittenhouse, CEO, Skyhigh Security. Were excited to join the CSA and their diverse and extensive network of professionals who work together to create and maintain a trusted cloud ecosystem. Were eager to share our approach to data-aware cloud security with our industry peers and other like-minded organizations.

The CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its members to offer cloud security-specific research, education, certification, events, and products. Its activities, knowledge, and extensive network benefit the entire community impacted by the cloud. As an involved member of the CSA, Skyhigh Security will participate in collaborative initiatives to influence, leverage, and partake in all aspects of CSA's Research Lifecycle. Skyhigh Security will be leading and contributing to multiple groups in the cloud security space, including Zero Trust and Serverless.

We welcome Skyhigh Security and look forward to their innovative and forward-thinking contributions to best practices for securing data and applications in the cloud from anywhere or on any device, said Jim Reavis, CEO, Cloud Security Alliance. In an era when the mobile remote workforce model is ubiquitous, this is an essential element of a secure cloud environment. Our collaboration will help businesses understand how they can minimize risk by confidently managing data and application security at every access point in their environment.

Skyhigh Security is focused on cloud security that protects sensitive data no matter where users are, what device they are using, or wherever their data resides: on the web, cloud, and private applications. Its portfolio is cloud-native, architected with Zero Trust principles from the ground up, and provides a common data loss prevention (DLP) and policy engine. Skyhigh Security Service Edge (SSE) includes Skyhigh Secure Web Gateway (SWG), Skyhigh Cloud Access Security Broker (CASB), and Skyhigh Private Access, among other products, providing one of the most comprehensive portfolios in the market.

About Skyhigh Security:

Skyhigh Security is focused on helping customers secure the worlds data. It protects organizations with cloud-native security solutions that are both data-aware and simple to use. Its market-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security. For more information, visit http://www.skyhighsecurity.com.

Excerpt from:

Skyhigh Security Joins the Cloud Security Alliance - Business Wire

Nucamp and Google Cloud

BELLEVUE, Wash. (PRWEB) September 27, 2022

Nucamp, a leader in the coding bootcamp space, today announced a partnership with Google Cloud to integrate Google Cloud Skills Boost labs into its 22-week Full Stack Web & Mobile Development bootcamp as well as into its 17-week Front End Web & Mobile Development bootcamp. This curriculum expansion will provide learners 12 months of subsidized access to Google Cloud Skills Boost labs, the definitive destination for Google Cloud Learning, giving users access to hundreds of courses, labs, and credentials authored by Google Cloud. With access to these courses, students will gain job-critical experience, like learning how to deploy and manage websites and apps in the cloud.

In addition, Nucamp and Google Cloud have co-created a Women in Tech Scholarship to make technical education more affordable and accessible to women. Through this scholarship, $50,000 has been made available in 2022 to assist women looking to gain coding skills using Nucamp.

Outside of this partnership with Google Cloud, Nucamp incorporates new learning content into its courses by working with instructors who work full-time in the technology industry. With these subject matter experts contributing to Nucamp content as part-time instructors, students get to learn directly from trained professionals within the Nucamp learning community.

Nucamps approach to delivering high-quality classroom experiences at low cost is unique in the industry and is strategically significant in helping more aspiring developers learn with Google Cloud technologies, said Chris Pirie, Director of Learning Programs and Partnerships, Google Cloud. This partnership will help provide students greater access to Google Cloud Skills Boost labs in a guided, structured, and engaged learning environment that bolsters learning success.

Cloud computing is becoming the new normal. More companies are recognizing the benefits: cost reduction, data security, disaster recovery, scalability, and more. Businesses need employees who have cloud computing expertise, and the need is growing. Nucamp and Google Cloud are ready to help fill that need.

Understanding cloud services has never been more important for web development job readiness than it is today, said Nucamp CEO Ludo Fourrage. By partnering with Google Cloud to integrate Google Cloud Skills Boost into the Front End and Full Stack bootcamps, we are better equipping our students to meet that demand.

For more information, go to http://www.nucamp.co/bootcamp-overview/full-stack-web-mobile-development.Nucamps coding bootcamps include:

About Nucamp:Mission-driven Nucamp has been making top-tier coding instruction available to and affordable for everyone since 2017. Nucamp offers the industry's only truly affordable 22-week Full Stack Web & Mobile Development coding bootcamp for under $2,500. It delivers a high-quality curriculum using a unique hybrid evening and weekend format in small classes of no more than 15 students. Nucamp further distinguishes its bootcamps by the talent of its instructors, who teach part-time while working in the industry. They bring topic-specific expertise and front-line knowledge into the classroom to ensure the coursework content is highly relevant. Learn more about Nucamps innovative teaching approach.

Share article on social media or email:

See the rest here:

Nucamp to Address Surging Demand for Tech Professionals through partnership with Google Cloud - PR Web

Amazon Web Services (AWS) remains the 800lb gorilla in the cloud computing market which it pioneered in as early as 2006 when it started selling IT infrastructure services to businesses in the form of web services.

It continues to enjoy that first-mover advantage to this day, even with Microsoft and Google nipping at its heels. In the Asia-Pacific (APAC) region, where overall cloud adoption is growing, AWS remains the frontrunner in four of the five APAC sub-regions, putting it well ahead of its regional rivals, according to market data from Synergy Research Group.

In an interview with Computer Weekly, Phil Davis, managing director of AWS in Asia-Pacific and Japan (APJ), offers insights on the companys growth strategy in the region amid the groundswell of cloud adoption, how it is retaining customers and supporting them in their cloud journey.

Could you tell us more about how AWSs business in the region has been over the past two years?

Davis: We saw strong growth globally as we went into the second half of 2020. We were excited about that growth, but we saw a little bit of a slowdown in 2021. And now, in 2022, were growing faster than we were before the pandemic. Our business in APJ has been following the same trend.

I think what happened was many people with the uncertainty around Covid-19 were trying to constrain their near-term spend. A national railway, for example, saw their ridership fall by 90% during the pandemic, but the cost to run their IT stayed the same. So, in the medium to long term, we see companies accelerating their move to cloud to get more flexibility and, ultimately, more business agility. Thats kind of how the past couple of years have been for us.

Where do you see growth coming from in Asia-Pacific?

Davis: Its still early days in the cloud many workloads still reside on-premise and theres a lot of opportunity to help customers go through that cloud journey. Its hard to pin down a growth area. We have five areas in APJ Australia, New Zealand, Japan, Korea, ASEAN and India. In the past two years, each of the five areas has seen the strongest growth in one quarter or another.

In terms of segments, we have our SMB [small and medium-sized business] segment, including digital natives, our ISVs [independent software vendors], and then we have enterprise. Were seeing pretty balanced growth across those segments in the region, with the SMB segment accelerating over the past three quarters or so.

In the enterprise segment, were seeing financial services accelerate the use of cloud as more regulators get comfortable with cloud. Manufacturing also continues to be a growth area, and thats around everything from smart factories to applying AI [artificial intelligence] to consumer demand.

For example, Dominos came to us with a difficult business problem of getting you a pizza within 10 minutes. The only way they can do that is to make the pizza before you actually order it, so theyre using our AI to better predict when youre going to need a pizza.

More often, organisations are running a vast majority of workloads, let's say on AWS, and they may have some workloads on a different cloud, but thats not true multicloud. Thats being selective on where you place your workloads Phil Davis, AWS

Other examples include helping farmers in India look at different variables to achieve better crop yields and helping airlines like Korean Air move 98% of their applications to AWS, which includes everything from flight operations all the way through to customer loyalty.

AWS has had a headstart over other cloud players in the market. How are you keeping that momentum going in the region?

Davis: Its related to what I talked about in terms of the richness of capabilities. We continue to bring more investments to the APJ region. We just announced new cloud regions in Indonesia, New Zealand, Australia and Hyderabad in India. Weve also announcedLocal Zones in Hanoi for customers that want data sovereignty and local processing for common and popular services and still use a cloud region to get the full range of services.

Were also partnering with telcos, whether its Singtel, Telstra or Globe, for things like Outposts to build out infrastructure for our customers. At the same time, were building up our teams here, particularly our solution architects and prototyping teams. Were also continuing to bring all of the new services that we announce at re:Invent every year to the region as well.

More organisations today are using multiple cloud providers, often a key provider for a majority of their workloads and one or two others for other workloads. Over the past two years, have you seen customers increasing their investments in AWS vis-a-vis some of the other cloud providers?

Davis: We certainly see our current customers doubling down on AWS. More often, organisations are running a vast majority of workloads, lets say on AWS, and they may have some workloads on a different cloud, but thats not true multicloud. Thats being selective about where you place your workloads.

If you look at the depth and breadth of capabilities on AWS, and you want to move them elsewhere, then you have to dumb them down to the least common denominator and you dont get all the advantages of all the innovation were bringing to market. And so, we see customers making selective decisions on which workloads to run on which clouds and keeping those workloads there.

Also, one of the biggest challenges were going to see in APJ is digital skills, and more specifically cloud skills. If I dont have enough skills for one cloud, having enough skills for two or three clouds makes the problem harder, not better.

In the enterprise segment, do you come face to face with Microsoft most of the time as it tends to have a pretty established presence in many enterprises?

Davis: Youve probably heard that we really try to focus on our customers and work back from there, but theres no doubt we bump into those folks, particularly in the enterprise. And I will tell you and this is not a Microsoft-specific comment it goes back to the broader point that customers dont want to be held hostage to a technology stack. They want choice and the flexibility to be able to run the things where they think its best and not be leveraged based on legacy technology stacks. I think thats one of the big advantages that we can help customers with.

AWS has famously said that in the fullness of time, all workloads will move to the public cloud, but at the same time, there are these partnerships with the likes of VMware and Red Hat with solutions that enable organisations to run and manage their workloads on-premise as well as on multiple public clouds. What are your thoughts on that?

Davis: Its not going to be one size fits all. Some customers want to run Kubernetes while other customers arent containerised and still want to run on a virtual environment. Some of those want to run OpenShift for their containers and others want to work with VMware environments. Its important that we listen to customers and offer them alternatives that work with their existing tools.

Number two, theres a big difference between modernising an application and writing a modern application from the ground up. Over time, youre going to see more and more truly cloud-native containerised applications that take advantage of microservices with speed and agility. Thats a very different environment from a risk management system that is being moved to the cloud. You still get the cost benefits and agility, but its not the same degree of benefits as when you write things cloud native.

We certainly acknowledge that there's huge responsibility associated with the privilege we've been given to work with these customers Phil Davis, AWS

By the way, there are years, if not decades, of legacy code out there that will take a long time to modernise, and that journey takes several different paths. If you look at Kmart in Australia and New Zealand, they had a mainframe that theyre emulating in the cloud to run Cobol code, but theyve also retired some code and rewritten other code into cloud native. This is where our partner network becomes very important, whether they are global and local systems integrators, or born in the cloud people like Cloud Comrade. Customers want help navigating their IT strategy and the best practices to adopt.

AWS has grown bigger over the years, with more organisations now running mission-critical applications on the AWS cloud. Over the past year, there have been some major outages in AWS that affected customers. How are you reassuring customers when these outages happen?

Davis: We certainly are very grateful and honoured that customers trust us so much every day. In fact, one of our newer leadership principles is with size and scale comes great responsibility. We certainly acknowledge that theres huge responsibility associated with the privilege weve been given to work with these customers.

There are a number of different ways we are working with our customers to improve resiliency. Decisions on architecture are made upfront and we have reviews where well sit down with our solution architects, and even our professional services team, to make sure that, depending on the availability and uptime requirements and recovery point objective, weve built in the right resiliency.

As an example, maybe an application can live with eight minutes of downtime a year, and you choose to run that in one availability zone. Or maybe its an application that needs to run in two or three different availability zones across three different regions. There are trade-offs and cost implications of running in multiple regions, so we try to understand what the customer is trying to accomplish and then architect something that meets their resiliency, availability and redundancy requirements.

The other thing weve been doing is to proactively look at the resiliency that customers have built into their application layer, not the infrastructure layer. A lot of customers make trade-offs that theyre not aware of and there can be surprises. We also have tools that will help them in terms of reporting and remediating problems. The last piece is were continuing to put security at the centre of everything we do. Every single customer I talk to has security as one of their top concerns today.

Some companies are looking at cloud repatriation because cloud services can get expensive over time for certain workloads. I understand AWS has been reducing prices for certain services and provides cost-management tools, but what is AWS doing to retain such customers?

Davis: Let me break this down into a couple of different categories. First, there are architectural decisions that can have a big impact on cost. Let me give you an example. Our Graviton processors have a significantly better price-performance ratio, so one of the things we work with customers on is, how do we help them optimise their workloads for Graviton and take cost out of the overall system?

We also look at where people spend their money. A lot of people spend on proprietary, older technologies that frankly are not really fit for purpose. Think about databases if we can help a customer move to open source technologies and databases, they will be better fit for purpose.

There are also a number of ways customers can engage with us that can give them better benefits. There are reserved instances and enterprise discount programmes, for instance. For us, if a customer makes a longer-term commitment and helps us plan capacity better, then it helps us make better resource commitments.

Right now, theres a lot of uncertainty in the world and customers tend to focus on the cost side of things, so were leaning in very aggressively to proactively have those kinds of architecture or software and commercial-type discussions to help customers.

Follow this link:

How AWS is tapping the groundswell in cloud adoption - ComputerWeekly.com