While AI is taking the world by storm, the gold at the end of the rainbow for many CIOs follows digital transformation initiatives that lower operational costs and transition legacy systems to virtual environments on private and public clouds.

Consumer websites and development environments run applications in privately controlled data centers and take advantage of the compute, network and storage resources of public cloud service providers (CSPs), better known as infrastructure as a service (IaaS) providers. Attracted by the flexibility and cost savings, businesses use this "cloud burst" pay-as-you-go model for high-volume data processing, load balancing and redundancy, avoiding downtime during peak demand, such as a holiday selling period.

But, for many organizations, connecting private and public clouds over the internet using a dedicated network connection isn't that simple. Business transitions, incompatible technology environments and rapid changes in dynamic public cloud services can cause hybrid cloud security challenges.

Single hybrid cloud is now multiple clouds, said Mark Buckwell, executive cloud security architect at IBM, during last April's RSA Conference. It's not unusual for organizations to run Microsoft Active Directory as a managed service on AWS and connect to on-premises workloads, he told the audience during a session called "Architecting Security for Regulated Workloads in Hybrid Cloud."

"They still don't want to move the crown jewels of the organization off premise into cloud," Buckwell said, "so we end up integrating different parts of an application with different components, sitting on different technologies ... and this seems to be the way the world is going. And that just makes the whole solution a lot more complex because now we have data flowing in all sorts of different places." The result, he added, is different policies, depending on the technology and cloud provider, as well as a potential "split of responsibilities" among the cloud provider, other third parties and the organization.

Legacy systems might work with some public cloud services and not others. Security teams need to ensure on-premises security controls and processes coexist with native-cloud technologies to meet business and compliance requirements.

The "SANS 2022 Multicloud Survey" of IT professionals reported that 86% of respondents said their organizations used services from multiple cloud providers and 28% used private cloud for at least one-fourth of their compute workloads. "You're juggling clouds, each from a different vendor, wanting flexibility and the best tools," said the survey's co-author, Kenneth Hartman, owner of Lucid Truth Technologies, a digital private investigation agency and forensic consulting firm. "Sounds cool, right? But there's a catch, like a security gremlin hiding in each cloud. That gremlin is complexity."

Organizations need a centralized security architecture and governance to keep those "gremlins" in check, Hartman advised, without blowing the budget on fancy systems that just add to the complexity. It's critical to choose the right cloud providers and individual services, he added, "like picking trustworthy housemates who won't let just anyone in."

Companies focused on solving a business problem might lift and shift existing systems and controls to a CSP. And IT teams might be tasked with addressing tricky integration issues involving technology, protocols and standards after the hybrid cloud environment is up and running. Fixing these issues can cost more than addressing security and compliance upfront. "A weak spot for the cloud, [but] network security is improving," said Dave Shackleford, founder and principal consultant at Voodoo Security.

Fortune 1000 organizations used to bring their existing network security stack with them to meet regulatory requirements. Now, many of these companies use native firewall services and native logging and management tools. "We've done a good job of moving from A to B," noted Shackleford, a SANS instructor and analyst who serves on the institute's board of directors. Still, it's a struggle to find skilled personnel for even basic network security, like firewall administration. "Every tiny bit of processing costs money," he explained. "The expectation of security management is that [IT administrators] are comfortable doing cost optimization around these firewalls."

In theory, API tools and protocols enable web apps, containers and microservices to securely communicate with each other over the internet. But securing APIs remains a major problem. In the SANS survey on multi-cloud, 58.9% of respondents said "poorly configured or insecure APIs or interfaces" was their top concern. APIs can expose the application's back-end logic, as well as sensitive data, making APIs prime targets for attackers. It's almost impossible to have visibility into which APIs are exposed. A critical resource on API vulnerabilities is the Open Web Application Security Project's Top 10 API Security Risks -- 2023.

For most companies, security is ultimately about protection of sensitive data -- where it is, who has access to it and how it's used. Hybrid cloud deployments enable organizations to house sensitive data and applications on private clouds or on premises and take advantage of wider network infrastructure provided by public clouds for managed services, workload distribution and storage. Mapping data flows through these systems, ensuring traceability and understanding how the data is protected in transit and at rest are necessary for legal and regulatory compliance in financial services, healthcare and other industries. Encryption protects data privacy in communication and storage. With IaaS, organizations can specify the physical or geographic storage location, also known as data residency, where their digital data is stored and processed.

Security managers need to have visibility into all resources, systems and data in motion in their organization's hybrid cloud environment. Their number one concern is: "We don't know what is going on," Shackleford said. Better visibility can improve security and compliance. In addition to taking inventory, security teams should monitor all access attempts and configuration changes.

Security teams rely on logs and syslog to monitor application files and network devices for anomalies and potential security events. IaaS providers are starting to offer native security information and event management (SIEM) as a service through tools such as Amazon Detective, Azure Sentinel and Google Chronicle. How do security teams figure out which data to collect for SIEM and which data to leave behind?

"Let's say you get your security logs from a service within four hours of an event of interest. But something changes at the cloud service provider, and now, you're not getting the logs until 12 hours later," Hartman theorized. "Or what if the event never shows up at all?" Threat modeling in the cloud, which has more trust boundaries, can help, he said, adding, "Just make sure that your list of possible threats includes lack of visibility."

The chief information security officer (CISO) protects the company's information assets by setting up a security strategy, policies supporting that strategy and incident response. Mixed environments such as hybrid cloud architecture have a shared security model. Security responsibilities should be documented in contractual agreements with the service provider before a security incident like a data leakage occurs. Supply chains, notorious for security risks, must be compliant with the service provider and the enterprise customer.

Companies focus on the resilience hybrid cloud offers, but "they don't have a cloud strategy," said Lisa McKee, co-founder of consultancy American Security and Privacy. "Where is the data going to go? Who is responsible for patching across these environments? Are access controls going to be outsourced?"

Responsibility for application security is shared with the SaaS provider, but organizations might have limited control over service configuration settings. At the same time, organizations are accountable for platform and application security in IaaS deployments, but the responsibility for configuring and securing the infrastructure is shared. CSPs are responsible for securing their locations and physical assets.

The responsibility for governance, risk and compliance is cross-functional at most organizations, ensuring that business activities align with the company's goals and industry regulations. Guidance is available in frameworks such as HIPAA, Payment Card Industry Data Security Standard, Federal Risk and Authorization Management Program, ISO and NIST 800-83.

CISOs need to align standards and frameworks to overall business and cybersecurity strategies. These efforts will come under the spotlight with the new Securities and Exchange Commission's (SEC) cybersecurity rules. Public companies must report "material cybersecurity incidents" within four days of discovery and provide information on board oversight, cybersecurity policies and procedures in annual reports (10-K and others). In an unprecedented move, the SEC sued SolarWinds, makers of Orion IT management software used by government agencies, alleging the company and its CISO, who is named in the lawsuit, misled and defrauded investors by failing to disclose system vulnerabilities that led to cyberespionage by Russia-backed hackers in 2019.

With the SEC reporting kicking in, Amazon in November offered AWS Cyber Insurance Competency Partners to quantify risk using customer data that's in AWS Security Hub. "This may be a tipping point of an ecosystem of cloud that we never saw coming," Shackleford said.

As hybrid cloud security challenges increase network complexity, CISOs and CIOs face resource cuts. Of the nearly 15,000 IT professionals surveyed in the global 2023 "ISC2 Cybersecurity Workforce Study," 47% said their organizations faced budget constraints. Respondents ranked cloud computing (35%) as the number one skills gap in their security teams, followed by AI and machine learning (32%) and zero-trust implementation (29%).

"The cloud security and operations professionals of today must be able to do so much more than plug in and configure a hardware device," Hartman said. "They need to be very comfortable with infrastructure code up to and including being able to read and write it. They must also have a good grasp of the principles of cloud security architecture and identity and access management systems -- someone who can roll up their sleeves and dive into the details yet keep the big picture in mind."

Organizations need to update their security strategies and design models to better manage their cloud infrastructures, including the following:

Kathleen Richards is a freelance journalist and industry veteran. She's a former features editor for TechTarget's Information Security magazine.

Go here to read the rest:
8 Hybrid Cloud Security Challenges and How to Manage Them - TechTarget

The market didn't respond well to Oracle's (ORCL 3.25%) report for the fiscal second quarter, which ended on Nov. 30. The database and software giant missed analyst expectations for revenue, reporting growth of just 5%.

Software license revenue tumbled 18%, hardware revenue dropped 11%, and services revenue slipped 2%. The cloud services and license support segment, the largest by far, grew sales by 12%.

Overall cloud revenue, which includes infrastructure-as-a-service (Iaas) and software-as-a-service (Saas), expanded by 25%. That compares to 30% growth in the first fiscal quarter. IaaS and SaaS revenue rose 52% and 15%, respectively, down from 66% and 17% growth in the previous quarter.

It's clear from Oracle's results that demand for its software has weakened. Given the current economic environment, marked by companies pulling back on spending in some areas, that's not too surprising.

It's also clear that demand for Oracle's cloud infrastructure is booming. Oracle is still a small player in the IaaS market, which is dominated by Amazon Web Services and Microsoft Azure, but it's growing much faster than its larger competitors. Oracle's IaaS business produced $1.6 billion in revenue in the second quarter.

CEO Safra Katz and Chairman Larry Ellison made it clear during the earnings call that the slowdown in IaaS growth wasn't a demand problem. "So, again, the demand is extraordinary, we can build the data centers relatively fast, and I expect the OCI [Oracle Cloud Infrastructure] growth rate to be over 50% for a few years," said Ellison. "Yes, we're not demand-limited in any way right now," Katz added.

Oracle is having success winning artificial intelligence (AI) workloads, which require powerful GPUs that are in short supply. The bottleneck for Oracle is acquiring those GPUs. "[A]s more GPUs become available and we can put those in, we have just really unlimited amount of demand," said Ellison.

Oracle is seeing strong demand for its cloud infrastructure for other types of workloads, as well -- so much so that the company is embarking on a massive expansion of its cloud computing capacity. Oracle is in the process of expanding its 66 existing cloud data centers and is planning to build 100 new cloud data centers. No timeline was given, but the company emphasized that it's capable of building data centers quickly.

This cloud data center expansion won't be cheap. Oracle expects to spend about $8 billion in fiscal 2024 on capital expenditures, a bit below fiscal 2023 levels but still nearly double what it spent in fiscal 2022. Oracle's capital spending was just $2.4 billion through the first half of the fiscal year, so the company will more than double its rate of spending in the second half as it brings more cloud computing capacity online.

Oracle is not traditionally a capital-intensive company, but its cloud infrastructure business has changed that.

ORCL Capital Expenditures (TTM) data by YCharts.

The risk for Oracle is that it overbuilds and is stuck with excess capacity and low utilization rates. Demand for AI workloads appears unlimited today, but that may not remain the case once the AI frenzy dies down a bit. And in the general-purpose cloud infrastructure market, a downturn in the economy could slow demand as companies rethink their cloud spending.

It's taken years for Oracle's cloud infrastructure business to gain real traction. The company is looking to take advantage of soaring demand, but it's important to remember that IaaS represented just 12% of total revenue in the second quarter. The rest comes from software, support, services, and hardware, and those businesses aren't exactly booming.

Oracle has the potential to grow into a major player in the cloud infrastructure market, but it won't be smooth sailing for investors. For now, IaaS growth can only move the needle so much.

John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Timothy Green has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Amazon, Microsoft, and Oracle. The Motley Fool has a disclosure policy.

Read the rest here:
What Investors Need to Know About Oracle's Cloud Slowdown - The Motley Fool

The widespread spread of the Internet of Things (IoT) and cloud computing has become obvious in this continually developing tech world. Everyone is embracing the potential of these transformative technologies to improve daily life activities.

Lets take a look at the advantages and difficulties that come with the prevalent adoption of IoT and cloud computing, revealing insights into the dynamics of modern digital connectivity.

IoT has changed how the world interacts. It has smoothly integrated into almost every aspect of our daily lives, from smart homes and wearable devices to autonomous vehicles and industrial sensors. However, this has also paved the way for cyber threats. There has been a larger avenue for threat actors due to the magnitude of interconnected devices, making traditional measures incompetent.

Cybersecurity has started concentrating on data encryption, device-level security, and robust authentication mechanisms to address security challenges. Presently, manufacturers emphasize that security is incorporated into the plan of IoT devices from the onset. This includes executing secure boot processes, regular firmware updates, and traceability and accountability enhancement using unique devices.

Business operations have changed from traditional on-premises infrastructure to scalable and flexible cloud-based solutions since the advent of cloud computing. According to Statista, the worldwide public cloud computing market was worth 478 billion dollars in 2022 and is estimated to reach 679 billion dollars in 2024. Thats a whopping 201 billion increase in the space of 2years.

Although Cloud computing brings evident benefits such as availability and cost savings, it also has cyber security challenges. Cloud services are centralized in nature; which implies that a breach could expose a tremendous amount of sensitive data. To tackle these threats, advanced cybersecurity measures focus on data encryption, multi-factor authentication, and strong access controls.

Cloud service providers now invest greatly in advanced security measures, like real-time monitoring, threat intelligence, and automated incident response systems. The shared responsibility model emphasizes the collaboration between cloud providers and their clients which has become a foundation of cybersecurity to ensure a comprehensive security posture.

The merging of IoT and Cloud Computing has created a mutual relationship that increases both the risks and benefits. The cloud provides the necessary infrastructure for storing, processing, and analyzing the vast amount of data produced by IoT devices. Even so, this connection also presents a complex security landscape.

In the end, cybersecurity aims to create a consistent and secure data flow, so it has evolved to provide end-to-end protection that involves securing the communication channels between devices and the cloud.

For the benefit of the IoT and Cloud Computing ecosystem, cybersecurity solutions apply improved identity and access management and use AI for anomaly detection and to predict threat analysis.

Despite the developments in cybersecurity, there are difficulties in the changing landscape of IoT and Cloud Computing.

Different IoT devices each have its own specifications and security protocols, which is a major challenge. In security practices across the industry, standardization is vital for guaranteeing a uniform and robust security posture.

The ever-changing nature of cyber threats is another challenge. As technology changes, so do the techniques employed by cybercriminals; they keep finding new ways to breach security. Cybersecurity Ventures states that global cybercrime costs will grow by 15 percent annually over the next five years, from $3 trillion in 2015 to reaching $10.5 trillion year-over-year by 2025.

Cybersecurity measures need continuous monitoring, regular updates, and joint effort between cybersecurity experts, device manufacturers, and network security providers to remain dynamic and versatile in front of rising threats.

The human factor is an essential component of cybersecurity. While the focus is on technological solutions, users must also be educated on the risks and best practices for maintaining a secure digital environment.

Ransomware attacks, insider threats, and phishing attacks are major concerns. Phishing email statistics show that 1.2 percent of all emails sent are malicious, which translates into 3.4 billion phishing emails daily.

Education and awareness programs are very important. People should be taught to recognize and report these threats, attend cybersecurity forums and events, and they should stay informed about safe online practices, including using strong passwords or password managers.

Also, organizations must hold regular training sessions and conduct strict cybersecurity policies to keep employees informed on the most recent cyber threats and precautions. According to Cybersecurity Ventures, in 2023, global spending on security awareness training for employees is up from around $5.6 billion and is predicted to exceed $10 billion by 2027 a whole 15 percent yearly increase.

As the world relies on digital networks daily, there is a need to strengthen and improve cybersecurity. Marshs U.S. Cyber Purchasing Trends report states that during the first quarter of 2023, insurance for cyber security pricing increased by 11 percent in the U.S. compared to 28 percent in 2022, and the cost is still on the rise.

The future of cybersecurity will be shaped by technologies such as artificial intelligence (AI) which has an important role to play in threat detection and solutions, quantum computing which might present new decryption challenges and solutions, and 5G networks.

Although the spread of 5G networks will result in faster speed and connectivity, it can also give way to cyber threats. Therefore, getting the right foundation of 5G networks on vital systems and services is necessary to get ahead of attacks.

The evolution of cybersecurity is a continuous ride and is constantly changing. With the emergence and merging of technologies like IoT and Cloud Computing, there has been an increase in the risks of cyber threats, and cybercriminals find new ways to breach security daily.

Managing these challenges requires teamwork and an extensive security strategy. This strategy should aim to improve the digital ecosystems connection and make the digital future secure. It should also involve education, regular monitoring, a combination of all the latest technologies, and the creation of cybersecurity awareness.

Featured Image Credit: Tima Miroshnichenko; Pexels

I'm an Experienced Content Writer and Marketer, SEO and PR Expert. To boost your online presence, increase traffic, and grow your business, reach out to work with me via LinkedIn or E-mail: [emailprotected]

Read the original here:
The Evolution of Cybersecurity in the Age of IoT and Cloud Computing - ReadWrite

This is an Insight article presented by Microsoft.

The great cloud migration of recent years isnt over yet plenty of organizations are still busy leveling up. But today the drive towards cloud adoption is more and more propelled by the desire to leverage the potential of AI especially generative AI, says Tony Korolis, senior product marketing manager (Azure) at Microsoft, and the team has watched the shift happen in real time. His team manages two Azure offerings: Azure Migrate and Modernize & Azure Innovate which help customers accelerate their cloud aspirations.

Customers have been asking not only for help in migrating their existing setup, but using the cloud to start taking advantage of AI, to build innovative new products and services, says Korolis. He adds, In the next year the number of AI-focused customers may overtake the number of migrating customers coming through our Azure offerings.

Its not just the need to jump onto this movement in our industry, Korolis adds. Its seeing early adopters succeed in bringing to real life AI use cases that had previously just been conceptual, and seeing how they impact day-to-day business and the bottom line. Plus, cloud democratizes access to the kind of scalable, cost-effective computing power that AI demands, letting companies of any size seize that advantage.

But many companies are finding that it takes some discipline as an organization to fully realize the promise of cloud. Many organizations launch cloud strategies simply assuming cost savings are automatically going to happen, Korolis says. But the cloud has more than just hard dollar costs, and it takes effort and governance to realize a return on your investment.

Some of the costs involved with cloud computing are obvious the initial investment in technology, and professional services to implement a solution. There are also the consumption costs which should be managed and governed centrally. If some applications are staying on-premises, organizations should account for managing both. And then theres the expense and time it requires to train, reskill or upskill anyone involved in a cloud strategy and implementation.

Training staff not only takes time, but it also takes those administrators and developers away from their regular responsibilities Korolis says. It takes time to develop training plans, and it takes time to study for certifications as well, no matter what solution youre deploying.

Part of the challenge comes from the need to find talent with a background in AI, he adds. This skill gap is an industry-wide challenge and it will require not just upskilling and reskilling, but a whole new cohort of job applicants to really fill the needs. That said, platform and technology certifications that test applicants on objective criteria are proving to be useful, Korolis says.

For instance, there are certifications like Azure AI engineer, among others. These certifications can often give engineers a head start on studying for other certifications, since some of the same foundational principles apply to other cloud workloads.

Organizations that are eager to throw themselves into the AI fray are often also balancing other initiatives, including cloud migration, Korolis says. And, he adds, to stay competitive and ensure progress, keep doing both.

The most successful practice is to divide and conquer, he explains. Allocate some teams to keep migrating on-premises workloads, and at the same time carve off teams of innovators who are encouraged to experiment on new projects. Thats how you create more value, faster.

More value, faster is a rallying cry for many companies, but he warns that it can also mean rushing past the essential groundwork and flinging yourself into an abyss of complications down the road.

Customers need to spend more time in the planning phase. A lot of customers want to rush past that phase and get right to deployment, but honestly, those projects often go off the rails, Korolis says. Planning is essential. We find that the really successful customers might spend months in the planning phase getting the cloud strategy hammered out and getting everyone in the organization aligned before they even engage an implementation partner.

The importance of planning is one of the reasons recent Azure offerings distinguish between the planning and deployment phases, he adds.

For instance, Azure Migrate and Modernize, which helps efficiently move existing workloads to Azure at scale, helps you discover and assess the on-premises environment before you deploy, and determine the best migration plan and Azure architecture upfront.

Azure Migrate and Modernize & Azure Innovate offer customer benefits like assessments, pilot/proof-of-concepts and deployment assistance from experts. Customers receive offers that can consist of expert guidance, partner funding, Azure credits, migration tooling and technical skilling. Customers are able to accelerate their projects with these offers since theyre based on proven approaches used by thousands of other customers.

From our standpoint, the most crucial thing to look at is which providers give you end-to-end help to get you to their cloud, Korolis says. What we see is that different providers have varying amounts of investment in their customers, and Microsofts priority is helping customers succeed.

Learn here how Microsoft Azure is helping organizations of all sizes seize the full potential of cloud and AI-led transformation with Azure Migrate and Modernize & Azure Innovate.

Read more:
Managing costs to realize the potential of cloud and generative AI - VentureBeat