Category Archives: Cloud Hosting
Radware Selected by Fortune 100 Manufacturer to Support its Hybrid Cloud Strategy and Protect Thousands of Applications – StreetInsider.com
Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.
MAHWAH, N.J., Aug. 12, 2021 (GLOBE NEWSWIRE) -- Radware, (NASDAQ: RDWR) a leading provider of cyber security and application delivery solutions, today announced that one of Americas Fortune 100 manufacturing companies selected Radware to support its hybrid cloud security strategy. In a multimillion-dollar agreement, this world leading manufacturer chose Radwares cloud application security to protect thousands of web applications hosted on Amazon Web Services (AWS), Microsoft Azure and a private cloud.
The manufacturer wanted to ensure the comprehensive and consistent protection of its web applications across multiple hosting environments. In addition, the manufacturer was looking for more flexibility, visibility, and control over its application security, while enabling maximum agility. Radware was selected for its state-of-the-art technology, consultative approach, deep expertise, and its consistent cloud agnostic application protection.
We can help companies deal with the complicated challenges and uncertainties they face when transitioning to the cloud, said Haim Zelikovsky, vice president of Radwares cloud service business. Because we understand plans often change as this journey unfolds, we offer companies a consistent security strategy regardless of where their applications are hosted or how their content is delivered. Our security services enable threat surfaces to be covered, so applications are protected whenever they move from one cloud environment to another.
Radwares cybersecurity and application delivery solutions provide infrastructure, application and data center protection and availability services across physical, cloud and software-defined data centers. Radware was recently recognized as a Customers Choice in the 2021 Gartner Peer Insights Voice of the Customer: Web Application Firewall Report. The company also was ranked a global leader in Forresters March 2021 report, The Forrester Wave: DDoS Mitigation Solutions, Q1 2021.
About RadwareRadware (NASDAQ: RDWR), is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection and availability services to enterprises globally. Radwares solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit http://www.radware.com.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.
2021 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other countries. For more details please see:https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement This press release includes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radwares plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as believes, expects, anticipates, intends, estimates, plans, and similar expressions or future or conditional verbs such as will, should, would, may and could. For example, when we say that our security services enable threat surfaces to be covered, so applications are protected whenever they move from one cloud environment to another, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radwares current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; risks and uncertainties relating to acquisitions or other investments; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; changes in government regulation; outages, interruptions or delays in hosting services or our internal network system; compliance with open source and third-party licenses; the risk that our intangible assets or goodwill may become impaired; our dependence on independent distributors to sell our products; long sales cycles for our solutions; changes in foreign currency exchange rates; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; changes in tax laws; our ability to realize our investment objectives for our cash and liquid investments; our ability to attract, train and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radwares Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radwares public filings are available from the SECs website at http://www.sec.gov or may be obtained on Radwares website at http://www.radware.com.
Media Contacts:Gerri DyrekRadwareGerri.Dyrek@radware.com
Microsoft records protest over awarding the NSA contract to Amazon – TechEngage
Considering the bitter competition between Amazon and Microsoft for the now-defunct $10 billion Defense Department JEDI cloud contract, weve seen both companies competing for government contracts.
In this new cloud competition, theyre up against each other over a $10 billion contract awarded by the US National Security Agency called WildandStormy.
Amazon Web Services has been named the winner of WildandStormy and is now opposed by its competitor, i.e., Microsoft.
Two weeks after receiving notice that the National Security Agency had selected Amazon Web Services for the contract, Microsoft filed a bid protest with the Government Accountability Office.
According to Microsoft, the NSA didnt conduct a legitimate assessment when it made that decision. It claims that Microsoft would have won over Amazon Web Services if the agency had been evaluated properly.
In spite of the lack of details for this endeavor, there are several initiatives underway within the national security community to bring in commercial cloud computing capabilities. NSA currently uses an on-premise program, GovCloud, which it wants to get rid of.
As part of NSAs Hybrid Compute Initiative, the agency manages what pieces can be transferred into commercial cloud infrastructure and which parts cannot.
In addition to WildandStormy, commercial cloud enterprise contracts awarded last year in the amount of tens of billions of dollars could provide cloud hosting services to some 17 intelligence agencies over the next 15 years.
It seemed as if AWS controlled the intelligence market until just a few years ago. AWS signed its first cloud contract with the CIA in 2013, known as C2S, a $600 million deal that provided cloud-based services to the CIA and sister intelligence agencies. The CIA awarded some portions of its multibillion-dollar C2E contract to Amazon Web Services last year. According to a Microsoft blog post published last year, the company is working on US government accreditation for top-secret regions in Azure Government. Pentagon recently canceled that multibillion-dollar contract after years of litigation when Microsoft won two multibillion-dollar contracts over AWS. The U.S. Department of Defence (DoD) confirmed that it had canceled a whopping $10 billion Joint Enterprise Defense Infrastructure (JEDI) contract with Microsoft for cloud computing. Soon after the agreement between Pentagon and Microsoft was arrived at, Amazon Web Services had filed a lawsuit and leveled the allegation that then U.S. President Donald Trump misused his authority and assigned the contract to Microsoft.
Over the last few years, Microsoft has expanded its top-secret cloud capabilities. Both of these companies are expected to continue competing fiercely.
Microsoft filed the protest on July 21. GAO is expected to make a decision by Oct. 29.
See the original post here:
Microsoft records protest over awarding the NSA contract to Amazon - TechEngage
Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation – The Daily Swig
Adam Bannister11 August 2021 at 10:58 UTC Updated: 13 August 2021 at 10:29 UTC
Pen testers and vendor disagree over appropriate mitigations
Security researchers have achieved remote code execution (RCE) and privilege escalation on web hosting platform cPanel & WHM via a stored cross-site scripting (XSS) vulnerability.
cPanel & WHM is a suite of Linux tools that enable the automation of web hosting tasks via a graphical user interface (GUI). cPanel is used in the hosting of more than 168,000 websites, according to Datanyze.
During a black-box pen test, RCE was also demonstrated via a more convoluted CSRF bypass chained with across-site WebSocket hijacking attack that was possible because WebSockets failed to check their requests Origin header, according to a technical write-up published by Adrian Tiron, cloud AppSec consultant at UK infosec firm Fortbridge.
The Websocket hijacking attack was tested in Firefox, since Chrome has SameSite cookies enabled by default.
The web hosting firm has not fixed these flaws it only patched a separate, XXE vulnerability reported by Fortbridge because attackers must be authenticated with a reseller account with permission to edit locales, which is not a default configuration.
The Locale interface can only be used by root and Super Privilege resellers that root must grant this specific ACL to, Cory McIntire, product owner on the cPanel security team, told The Daily Swig.
This is labelled a Super Privilege with a warning icon in the server admins WHM interface and also flagged as such in the cPanel documentation, he added.
DONT FORGET TO READ Top Hacks from Black Hat and DEF CON 2021
When you expand this icon, it is explained to the server admin that they will be allowed to insert HTML into this interface, as many of our customers expect to be able to do.
He added: Again, this is an option root must enable for the reseller and should only be done so for users that are trusted as though you are giving them root to your server.
However, Tiron believes the XSS could have been fixed while maintaining the intended functionality.
He told The Daily Swig: What theyre saying is correct, in a sense that this covered by the documentation, but just because its documented doesnt make it secure. People dont often read documentation and theyre not [usually] security experts either, so they won't be able to make the right decision most of the time.
Weve seen this approach quite a lot recently, with other vendors weve worked with. The correct approach should be secure by default, not its documented, its your responsibility now.
Catch up on the latest cybersecurity vulnerability news
The researcher suggests the issue could have been completely mitigated by applying some filtering/encoding on that vulnerable input.
He added: Even if they consider the edit locale as a super privilege this wasnt clear to us during the pen test and it was definitely not clear to our customer either.
cPanels McIntire said that to protect themselves the server admin would simply have to remove any Locale Super Privileges granted to untrusted resellers.
We appreciate Fortbridges responsible disclosure to us and hope that these explanations will ease any worries our customers may have regarding this issue, he continued.
It is of upmost importance that you only give Super Privileges to people you would trust with root on your server.
Tiron said cPanel was notified of the vulnerabilities during May and June of this year.
RECOMMENDED A whole new attack surface Researcher Orange Tsai documents ProxyLogon exploits against Microsoft Exchange Server
NICE Actimize Recognized as a Leader in Enterprise Fraud Management by Independent Research Firm, Receiving Highest Scores in Current Offering and…
HOBOKEN, N.J.--(BUSINESS WIRE)--NICE Actimize, a NICE business (Nasdaq: NICE) today announced that it has been recognized as a Leader in Enterprise Fraud Management (EFM) by Forrester Research, a leading global research and advisory firm. The analyst group included NICE Actimize among the most significant vendors in the market in its recent report titled, "The Forrester Wave: Enterprise Fraud Management, Q3 2021." To download a complimentary copy of The Forrester Wave report for Enterprise Fraud Management, Q3 2021, please visit this page here.
NICE Actimize received the highest score possible in ten criteria in the "Current Offering" category and in ten criteria in the "Strategy" category. In the Current Offering category, NICE Actimize's IFM-X enterprise fraud solution received the highest score possible for ten criteria including data integration, model building, segmentation and behavioral profiles, queue management, transaction types coverage, reporting, scalability: customer accounts, and scalability: number of investigators.
NICE Actimize also received the highest scores possible in criteria within the Strategy category including execution roadmap; data integration plans; data scientist workflow improvement plans; rules-based risk scoring plans; supervised machine learning plans; unsupervised and deep learning plans; model governance plans; and productized model plans.
In NICE Actimize's vendor profile, the Forrester Enterprise Fraud Report stated, The solution is a great fit for organizations looking for an end-to-end fraud management solution with built-in channel and transaction-specific logic.
The Forrester report cited, "The vendor introduced its new account fraud solution as well as Xceed to uncover new fraud patterns. X-Sight Cloud analytics allows customers to use their own models for fraud detection. The vendor plans to 1) ease and speed up data acquisition and processing, 2) execute on its AI-first strategy using incremental learning and model governance improvements, and 3) use consortium data for improved fraud risk scoring.
As our global customers face escalating fraud scenarios, NICE Actimize continues to make substantial investments in advanced cloud and artificial intelligence-based solutions as exemplified by the recent introduction of our IFM-X and New Account Fraud solutions, said Craig Costigan, President, NICE Actimize. "We are honored that Forrester has recognized us as a leader in this year's Enterprise Fraud Wave report."
To download a complimentary copy of The Forrester Wave report for Enterprise Fraud Management, Q3, 2021, please visit this page here.
Additional assets:
About NICE Actimize
NICE Actimize is the largest and broadest provider of financial crime, risk and compliance solutions for regional and global financial institutions, as well as government regulators. Consistently ranked as number one in the space, NICE Actimize experts apply innovative technology to protect institutions and safeguard consumers and investors assets by identifying financial crime, preventing fraud and providing regulatory compliance. The company provides real-time, cross-channel fraud prevention, anti-money laundering detection, and trading surveillance solutions that address such concerns as payment fraud, cybercrime, sanctions monitoring, market abuse, customer due diligence and insider trading. Find us at http://www.niceactimize.com, @NICE_Actimize or Nasdaq: NICE.
About NICE
With NICE (Nasdaq: NICE), its never been easier for organizations of all sizes around the globe to create extraordinary customer experiences while meeting key business metrics. Featuring the worlds #1 cloud native customer experience platform, CXone, NICE is a worldwide leader in AI-powered contact center software. Over 25,000 organizations in more than 150 countries, including over 85 of the Fortune 100 companies, partner with NICE to transform - and elevate - every customer interaction. http://www.nice.com.
Trademark Note: NICE and the NICE logo are trademarks or registered trademarks of NICE Ltd. All other marks are trademarks of their respective owners. For a full list of NICEs marks, please see: http://www.nice.com/nice-trademarks.
Forward-Looking Statements
This press release contains forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. Such forward-looking statements, including the statements by Mr. Costigan, are based on the current beliefs, expectations and assumptions of the management of NICE Ltd. (the Company). In some cases, such forward-looking statements can be identified by terms such as believe, expect, seek, may, will, intend, should, project, anticipate, plan, estimate, or similar words. Forward-looking statements are subject to a number of risks and uncertainties that could cause the actual results or performance of the Company to differ materially from those described herein, including but not limited to the impact of changes in economic and business conditions, including as a result of the COVID-19 pandemic; competition; successful execution of the Companys growth strategy; success and growth of the Companys cloud Software-as-a-Service business; changes in technology and market requirements; decline in demand for the Company's products; inability to timely develop and introduce new technologies, products and applications; difficulties or delays in absorbing and integrating acquired operations, products, technologies and personnel; loss of market share; an inability to maintain certain marketing and distribution arrangements; the Companys dependency on third-party cloud computing platform providers, hosting facilities and service partners;, cyber security attacks or other security breaches against the Company; the effect of newly enacted or modified laws, regulation or standards on the Company and our products and various other factors and uncertainties discussed in our filings with the U.S. Securities and Exchange Commission (the SEC). For a more detailed description of the risk factors and uncertainties affecting the company, refer to the Company's reports filed from time to time with the SEC, including the Companys Annual Report on Form 20-F. The forward-looking statements contained in this press release are made as of the date of this press release, and the Company undertakes no obligation to update or revise them, except as required by law
Cloud Technology and Healthcare Evolution: Microsoft in the Spotlight HIT Consultant – HIT Consultant
Gerry Miller, CEO & Founder, Cloudticity
In April, software giant Microsoft made a lot of headlines announcing itsmultibillion-dollar acquisition of Nuance, the cloud-based clinical intelligence developer best known to healthcare providers for its Dragon and PowerScribe speech-recognition products.
Business analysts and reporters zeroed in on impressive financial details and utilization potential for ambient AI technologies in health settings. But more than anything, the deal shows how serious Microsoft is about its healthcare IT ambitions and how central itsAzurecloud service is to those goals.
Longbeforethe acquisition news (or even the launch of Microsoft Cloud for Healthcare last year), Microsoft has been aggressively investing in making its Azure cloud computing service attractive to healthcare for hosting, building, testing, deploying, and managing applications and services. Its worth noting that all Nuances leading speech-to-text healthcare products, designed to integrate nicely with electronic health record (EHR) systems, are software-as-a-service (SaaS) offerings built on Microsoft Azure.
The Cloud and Healthcare IT
In the age of digital transformation, the healthcare industry is leveraging the cloud for more than nifty EHR documentation services. Organizations need its flexibility to rapidly scale resources without big capital expenditures, build and host myriad applications, facilitate collaboration, generate clinical/operational insight, and deal with expanding volumes of health data. In the hyperconnected and data-deluged modern world, the cloud is really the only feasible option for computing and storage infrastructure moving forward in most industry sectors and that includes healthcare. Microsoft knows this.
But cloud utilization in healthcare comes with unique requirements health data are sensitive, protected, and subject to distinct regulatory constraints. In the US, maintainingHIPAAandONC Cures Act Final Rulecompliance and ensuring the privacy and security of as well as appropriate accessibility to protected health information (PHI) is compulsory.
And while public cloud providers like Microsoft Azure supplyguidanceand resources for designing CURES Act- and HIPAA-compliant environments, that doesnt mean that everything on Azure is automatically safe for healthcare use. Cloud utilization comes with shared responsibilities, and healthcare organizations using the cloud are responsible for their own regulatory compliance and data protection functions and processes.
The IaaS Shared Responsibility Model
In a traditional data center, the organization owns and is responsible for security entirely from physical space and server hardware to the network and data and applications. With Infrastructure-as-a-Service (IaaS) and public clouds like Azure, the security responsibilities are shared between the user (in this case, the healthcare organization) and the cloud infrastructure provider (Microsoft).
For example, Microsoft ensures that its physical infrastructure is secured, and assumes responsibility for hardware and facility access control across geographical locations. It also ensures that its Azure cloud service is fault-tolerant and reliable, with failover provisions for outages.
But customers using Azure are responsible for securing the data they put in the cloud and the way their applications behave (for example, by enforcing complex password policies and authentication measures to ensure that hackers cant easily break-in).
Microsoft will sign a HIPAA Business Associate Agreement (BAA) with Azure healthcare customers that define and covers in-scope services, as is required by law for HIPAA compliance. But the healthcare organization using Azure still bears responsibility for achieving and maintaining its state of HIPAA compliance and ensuring its cloud instances are configured correctly.
This IaaS shared-responsibility model is a lot like renting an apartment. The landlord may be responsible for the safety and soundness of the building as a whole, but youre still responsible for locking the door to your own apartment.
The Future of Healthcare IT
It may sound like all this requires outsized effort just to manage IT, but the truth is that modern healthcare IT is experiencing a complex evolution. There are many industry-specific considerations organizations must navigate to master cloud utilization, and regulatory compliance is only one of them. On the other side of all that effort lies technological capability that can profoundly transform day-to-day operations.
The upsides of cloud power are too significant to ignore: scalable, agile, cost-efficient technology resources running secure, reliable, and largely automated services that extend capabilities while actually reducing complexity.
Microsofts continued interest in the healthcare industry is a good thing and its cloud service is helping to drive a virtuous cycle in healthcare innovation. For example, automatic speech recognition is an incredibly compute-intensive function. Without Azures cloud power, would Nuance have even become a healthcare trailblazer worthy of such high valuation? The cloud model has enabled the development and use of tools that can listen as a doctor chats with a patient to automatically generate EHR documentation. Its pretty amazing when you think about it and it will power more evolutionary leaps in healthcare IT moving forward.
About Gerry Miller
Gerry Miller is CEO and founder of Seattle-based Cloudticity, a digital enablement partner for the healthcare industry. Gerry is a serial entrepreneur and healthcare fanatic with over 30 years in the technology industry. Prior to Cloudticity, Gerry was brought in as the chief operating officer at ePrize; he turned around a failing company that was eventually sold for a fourfold return on the initial private equity investment. Before ePrize, Gerry spent eight years at Microsoft, first as chief technology officer for the US central region, then running the global business unit that oversaw General Motors (Microsofts second-largest customer), growing that account from $20MM to over $100MM in three years. Prior to Microsoft, Gerry spent nearly a decade in the technology consulting and startup industry. He holds all five AWS certifications.
Hostwinds Review 2021: Not The Cheapest Web Hosting Option, But A Quality One – Forbes
Hostwinds boasts that it owns 100% of its servers, systems and structuresas such, the company can get issues resolved quickly and in a more cost-effective manner. Also, for this reason, Hostwinds claims it passes on the savings to its customers. All plans come with unlimited storage and bandwidth, free website migration and unlimited email accounts.
Its shared hosting plans come in three tiers:
Hostwinds also has hosting services specifically for businessesthe pricing tiers are similar to its regular shared plans. The main difference is that its business packages offer faster loading speeds with Litespeed web servers and optimize their network path selection to ensure fast loading speeds. Plans start at $10.49 per month with one domain.
Customers can also sign up for other hosting services, including VPS, cloud and dedicated server hosting. Both Linux and Windows servers are available. Prices range from will vary depending on the type of hosting and how much storage space, RAM and bandwidth are needed.
Hostwinds backs up your website each evening so that your important information and files will be secure. That way, if anything goes wrong like malware attacks, youll be able to restore your website to a fairly recent version. Youll also be able to keep your backups indefinitely and access them whenever you wish. This is rare for basic shared hosting plans, which may only include backups bi-weekly, weekly or not at all.
The shared and business hosting plans include Weebly, a drag and drop website builder. This tool is great if youre a small business owner who is starting out and wants to create simple websites yourself. You can customize the layout using various themes and ensure that its also mobile-ready.
Otherwise, you can use other website builders such as WordPress. Depending on your technical skill level or whether youre hiring someone to build your site.
Visit link:
Hostwinds Review 2021: Not The Cheapest Web Hosting Option, But A Quality One - Forbes
How We Cancel-Proofed Our Online Start-Up By Leaving The Cloud – The Federalist
Big Tech corporations worked in concert this past January to deplatform Parler, a fast-growing social network friendly to conservatives. Parlers vendors, such as Amazon Web Services, bowed to influential ideological forces and weaponized their Terms of Service, basing their actions on the expectation that Parler could not moderate content to AWSs satisfaction on a timely basis (a subjective standard impossible for any company of any size to meet).
When AWS enforced their evolving content moderation policies on Parler, with maximum consequences, the entire tech industry realized they could do it to anyone.Watching AWS and partners arbitrary enforcement against specifically and only Parler, while ignoring the many other offenders they host, highlighted the vulnerabilities any conservative company reliant upon the cloud faces.
CaucusRoom.com is a social network designed to help conservatives gather, encourage and engage locally. We are a small but growing player among conservative platforms that see a need, and a business opportunity. Operating on the Cancel Cloud posed a liability to our company legally, financially, and technically. Now unshackled from Big Techs chains, CaucusRoom is better off in every respect.
Tech startups use cloud platforms because they offer cost-effective, incremental, and instantly scalable access to hosting, infrastructure, data storage, and a host of other key services. However, these platforms and hosting providers tend to breed ecosystems of tightly integrated sub-vendors and service-boosters, which can severely disincentivize a company from operating outside of the ecosystem, colloquially known as a walled garden or vendor lock-in. In addition to the constellation of services it already offers, AWS owes much of its market dominance to its well-established network of cloud platforms and providers.
At CaucusRoom, not only did we subscribe to some AWS services, but nearly every other platform we subscribed to in turn extended AWSs services to host our website and core services, run our infrastructure, and store our data. These services include container orchestration, managed databases, caching systems, static content storage, load balancers, to name a few. The myriad contracts multiplied our vulnerability to a cancel moment, as each sub-vendor must adhere to AWSs terms in addition to their own terms.
When AWS deplatformed Parler, all of AWSs parasitic sub-vendors booted Parler as well. Imagine being booted off of a Mac when all of your programs are made for Mac, and you cant find any other computer designed to run your programs.
Fortunately for CaucusRoom, our tech stack was still small and nimble enough to maneuver off the cloud on our own terms. Within days of the Parler deplatforming, we received about a dozen calls from conservative-friendly data centers and tech vendors. We easily found a data center with owners anxious to help companies like ours. The customer service is fantastic. Every person we work with is someone weve personally met can you imagine saying that about a Big Tech company?
The move took about a month of preparation, testing, and transitioning. Backend infrastructure management is a different engineering discipline than the front-facing website seen by our users, but fortunately, our engineers spoke the language. If needed, our data center hosts also offer a team ready to personally help make the transition, and our monthly fee includes a few hours of their engineering time whenever needed. Now we are using the hardware we want, directly, and without a gaggle of woke gatekeepers.
CaucusRoom is now faster off of the cloud. We can move data around more easily to speed up queries. We can balance traffic in ways that reduce bottlenecks. Colocation of the core services for the site significantly increases responsiveness and eliminates the need for many third-party cloud services.
But what about the cost? The total monthly cost is just a few hundred dollars more per month (about 10 percent). Its a bargain given the engineering time saved, and the assurance offered to our investors and users.
By moving off of the cloud, we reduced our total number of online hosting vendors by 80 percent, while increasing our selection of possible data solutions. Each time we eliminate a data vendor, we eliminate a potential cancel moment that could paralyze our site.
If we do find ourselves in need of a move, shifting quickly to a new data center becomes much easier it would take minutes, instead of weeks, to untangle our data contracts and sign new ones. The same goes for the engineering required.
As a startup, eliminating potential risk is critical to raising investment. Its also important to reassure potential customers in our case, those customers include political campaigns and conservative causes looking for a new home away from Facebook. Conservative digital campaign directors know they are not safe from cancellation on Facebook or Twitter, and they need confidence that any new platform they use cannot be arbitrarily wiped off the internet.
In the chaotic world of politics, as in business, its important to focus on what you can control. After Parlers deplatforming, anyone with a website may control less than he previously thought. We encourage you to take an inventory of your websites tech stack. How many of your vendors, and their terms, are subservient to a Big Tech master?
Beware of vendor lock-in and keep your stack nimble. Get a few bids for services from conservative-friendly data centers. Most will bend over backward to help you cancel the cloud, and even help with any engineering needed to make the move. Your costs wont go up much, but if they do make sure and tell your investors and supporters youre hosted on a freedom-loving data center. They will likely double-down, reassured that youve reduced your risks.
In just a few weeks after moving off the Cancel Cloud, CaucusRoom added new investors and landed a major national network of conservative activists. Our product improved, our risks decreased, and our future capabilities expanded.
Matt Knoedler is the Co-Founder and CEO of CaucusRoom.com. Nathan Carlson is the companys Lead Engineer.
See the article here:
How We Cancel-Proofed Our Online Start-Up By Leaving The Cloud - The Federalist
Only 50% of Amazon Is Retail – Marketplace Pulse
Amazons retail sales are down to only 50% of the companys total revenue. It now generates nearly as much revenue from its services businesses like AWS cloud hosting, Prime memberships, the third-party marketplace, and advertising.
In the second quarter, Amazons services business grew nearly three times faster than its retail sales. Amazon sold $53 billion worth of products online and $4 billion in physical stores like Whole Foods. Up 15% for a total of $57 billion. All services combined for $56 billion and were up 42% year-over-year.
Given how long Amazon has been growing its third-party marketplace, AWS cloud hosting, and other services businesses, it is perhaps surprising that it took the company until 2021 for retail sales, its original business, only to represent 50% of the total. But then, there are no critical reasons for it to forgo retail for the marketplace. And so it continues to do both.
Three years ago, in 2018, retail sales were 60% of Amazons revenue. The third-party marketplace, its second-largest business unit, has been growing faster than retail for years. The third-party marketplace business will soon be half as large as retail and will generate over $100 billion in revenue for Amazon in 2021.
Advertising has started to accelerate as brands appetite for ads is driving up ad prices. It was up 87% in the second quarter, accelerating for the fourth quarter in a row and posting the fastest growth in nearly three years. The business is now half as large as AWS cloud hosting.
The second quarter in 2020 saw sales on Amazon spike due to the pandemic tailwinds. Compared to that, this years second quarter saw expected weak growth (it would have been even lower if not for Amazon pulling Prime Day into the quarter). The current quarter will show slower growth still - Amazons guidance for the third quarter is 10% to 16%.
For the remainder of the year, the big issue is fulfillment. There, the company said that theyve been playing catch-up pretty much since the pandemic started. It added that units shipped to its warehouses - both retail and FBA by third-party sellers - have doubled in two years. Thus inventory restrictions affecting the marketplace are not going away anytime soon, and fulfillment will again be a factor in the fourth quarter.
The rest is here:
Only 50% of Amazon Is Retail - Marketplace Pulse
The 6 Most Popular Types of Web Hosting Services in 2021 – London Post
Its no secret that entrepreneurs need high-performing websites. Your site is the key to boosting your visibility and scaling your company. To ensure that your website performs as it should, youll need to choose the best web hosting service.
Before you can even choose a provider, its important to learn about the different types of web hosting. To help you get up to speed, lets explore the most popular types of web hosting services.
Colocation means renting a space for your hardware and servers, from a third-party data centre. Usually, colocation providers include the physical space, security, cooling systems, networking, and redundant power. You pay to host your personal servers in a colocation, maintaining ownership of the servers, networking equipment, and the storage.
By using a colocation service you can limit the size of your data centre, and reduce the associated expenses. Colocation offers a scalable business solution, companies can access higher bandwidth levels, to support their growing web traffic.
Cloud Hosting uses the Internet to provide access to computing resources, websites and apps. It differs from traditional hosting because it does not rely on just one server.
Cloud-hosting offers a powerful solution, using a network of both physical and virtual servers. There are many cloud hosting benefits, including:
Some businesses want web hosting services that are optimized to their WordPress site. These businesses can choose WordPress Hosting, which generally falls under two categories.
Shared WordPress hosting is a shared model specifically designed for WordPress sites. Managed WordPress Hosting offers extra advantages, including staging, server caching, better security, and improved page speed. Improved security is particularly useful for WP sites.
WordPress is the most popular CMS in the world, hackers continually attempt to identify WordPress vulnerabilities and exploit them.
Shared Hosting provides a basic web hosting solution. When you choose this option youll be sharing resources with multiple websites, all on the same server.
Shared hosting is the least expensive hosting system. A large group of people are paying the server costs, meaning you can get a basic plan for around 2-12 per month.
Shared hosting sites are incredibly easy to set up, you wont need any tech knowledge to get started. These hosting packages are best for amateur bloggers and small startups. The downsides? You may experience slower page speeds, plus shared hosting isnt a particularly scalable solution.
Dedicated Hosting means that your site has its own very own server. With a server thats dedicated to your site alone, youll experience improved performance and ultimate flexibility. Like cloud hosting, dedicated hosting is incredibly powerful.
It can be an expensive option, so why would you pay out? Here are a few reasons:
Virtual Private Server hosting uses a shared server to replicate the experience of a dedicated server. Technically youre still using a shared physical server, however, your website gets a virtual space to call its own.
VPS systems offer improved performance compared with a shared hosting system. They arent quite as powerful as dedicated hosting systems, yet they can offer a similar experience, at a reduced price.
With a VPS system, you can adjust the environment and install apps without the support of the hosting provider. These hosting systems are private, scalable, cost-effective, and reliable.
Using tech you can improve your business in plenty of different ways. To enhance the performance of your site, you need the best web hosting solution. Colocation services and cloud-based services both offer powerful and cost-effective business solutions. If youre a new startup on a limited budget, you might prefer to start with a shared hosting service.
Whichever type of hosting service you choose, its advisable to compare a few different providers.
Read the rest here:
The 6 Most Popular Types of Web Hosting Services in 2021 - London Post
HTML smuggling is the latest cybercrime tactic you need to worry about – TechRepublic
It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.
Image: oatawa, Getty Images/iStockphoto
Cybersecurity company Menlo Labs, the research arm of Menlo Security, is warning of the resurgence of HTML smuggling, in which malicious actors bypass perimeter security to assemble malicious payloads directly on victims' machines.
Menlo shared the news along with its discovery of an HTML smuggling campaign it named ISOMorph, which uses the same technique the SolarWinds attackers used in their most recent spearphishing campaign.
SEE: Security incident response policy (TechRepublic Premium)
The ISOMorph attack uses HTML smuggling to drop its first stage on a victim's computer. Because it is "smuggled," the dropper is actually assembled on the target's computer, which makes it possible for the attack to completely bypass standard perimeter security. Once installed, the dropper grabs its payload, which infects the computer with remote access trojans (RATs) that allow the attacker to control the infected machine and move laterally on the compromised network.
HTML smuggling works by exploiting the basic features of HTML5 and JavaScript that are present in web browsers. The core of the exploit is twofold: It uses the HTML5 download attribute to download a malicious file that's disguised as a legitimate one, and it also uses JavaScript blobs in a similar fashion. Either one, or both combined, can be used for an HTML smuggling attack.
Because the files aren't created until they are on the target computer, network security won't pick them up as maliciousall it sees is HTML and JavaScript traffic that can easily be obfuscated to hide malicious code.
The problem of HTML obfuscation becomes even more serious in the face of widespread remote work and cloud hosting of day-to-day work tools, all of which are accessed from inside a browser. Citing data from a Forrester/Google report, Menlo Labs said that 75% of the average workday is spent in a web browser, which it said is creating an open invitation to cybercriminals, especially those savvy enough to exploit weak browsers. "We believe attackers are using HTML Smuggling to deliver the payload to the endpoint because the browser is one of the weakest links without network solutions blocking it," Menlo said.
SEE:How to manage passwords: Best practices and security tips (free PDF)(TechRepublic)
Because the payload is constructed directly in a browser at the target location, typical perimeter security and endpoint monitoring and response tools make detection nearly impossible. That's not to say that defending against HTML smuggling attacks is impossible, thoughit just means companies need to assume the threat is real and likely, and to construct security based on that premise, suggests U.K.-based cybersecurity firm SecureTeam.
SecureTeam makes the following recommendations for protecting against HTML smuggling and other attacks that are likely to pass with ease through perimeter defenses:
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Read the rest here:
HTML smuggling is the latest cybercrime tactic you need to worry about - TechRepublic