It seems nearly impossible to avoid the cloud as a business these days, and for many companies, the benefits cloud computing offers are just too great to ignore for much longer. Because of these, youve already taken the first step and made the decision you want to migrate to the cloud. But now what?

Luckily, with the plethora of tools created by both cloud providers and those built by software vendors, kicking off your migration to the cloud has never been easier whether youre looking to move onsite workloads or build cloud-native solutions from the start.

As cloud experts with experience advising, migrating, architecting, managing and optimising workloads in the cloud, BBD understands the nitty-gritty of what you need to consider before you take the plunge. There is, of course, quite a long list of things we can add here, but we know you also have work to do, so we will keep the rest of this to the point.

Although the right partner on this journey definitely makes your move to the cloud much more streamlined, there are multiple steps in the process. Over the next couple of weeks, this migration-focused series will unpack these steps and the processes you need to run through to ensure you ultimately deploy a secure, compliant, cost-effective and resilient environment.

Two of the most important aspects to consider from the start are security and compliance, because they often help establish whether your initial migration plan is viable or not, and if so, in which direction.

Security

Understanding your security goals and how you should be handling data will create a good foundation for you to know what services to use when architecting your environment.

Jaco Venter, head of BBDs managed cloud services team (MServ), says security should always be top of mind when planning your migration. There are the how do I keep my customers' information secure? and the how do I ensure my applications do not get compromised? conversations. These are both important to unpack with your cloud solution partner.

Both these topics can be addressed by planning for and implementing an architecture that includes best practices. BBD has done well-architected reviews on customer environments and often finds that the basics are covered, and thats a great start, but when looking at security, just the basics wont do, especially if it could lead to your environment being compromised.

As an example, AWS has created an Architecture Center on its website that provides reference architecture diagrams, vetted architecture solutions, well-architected best practices, patterns, icons and more. This easily accessible guidance was contributed to by AWS cloud architecture experts, including solutions architects, professional services consultants and partners.

For AWS migrations, Venter explains there is a shared responsibility model that pretty much goes like this: AWS is responsible for the security of the cloud. AWS will look after all things physical, from the security guards standing in front of their various data centres' doors, all the way through to the security and management of the infrastructure your services will be running on. You (or your cloud enablement partner), on the other hand, will be responsible for security in the cloud. This means you will still have to ensure your data is being protected and backed up.

There are, however, some AWS services that are fully managed, like RDS (relational database service), where AWS will manage and secure everything for you up until the DB table level.

Compliance

Understanding the compliance frameworks your organisation has to comply with is a recommended starting point, as it will influence a lot of the architecture youll need to devise before your cloud migration. An example of this would be when the customers you service are in a country with data residency restrictions/laws (such as GDPR, POPIA, PCI, ISO, etc). Here you need to plan for how you will handle and process those customers data versus the data of your customers in other countries without those restrictions/laws.

When looking at data residency again as an example, AWS has a couple of tools, such as Control Tower, that allow you to manage how data is transferred between regions or if it even can be transferred to another region.

On the whole, compliance will often dictate where you can or cannot deploy your workloads, and which services you can or cannot use. The great thing about AWS having obtained various compliance framework certifications for their infrastructure is that it makes it so much easier for you to be compliant, says Venter. But think about this in the same way as the shared responsibility model; AWS will make sure the infrastructure is compliant you will need to make sure your applications also meet the compliance framework requirements.

Ultimately, its worth understanding that the services you plan to leverage as part of your architecture can sometimes make it a bit easier to comply with the relevant compliance frameworks.

What else needs to be considered before finalising a cloud migration strategy?

It is always best to look at what migration tools the cloud provider you are migrating to has made available to you often at no additional charge.

Venter explains this is exactly the case when looking at the tools made available by AWS. AWS has made more than six tools available at no cost, and some of these tools are perfect for the planning phase, while others make the migration of your servers, applications and databases just so much easier.

One example of such a tool is the AWS Server Migration Service, which is an agentless service applicable when migrating virtual-only workloads from on-premises infrastructure, or from Microsoft Azure to AWS. It allows you to automate, schedule and track incremental replications of live server volumes making it easier to co-ordinate large-scale server migrations.

There is a long list of other considerations youll need to consider before kicking off your migration, some that are more important than others, but each could have an impact on your final architecture and how you manage that environment in the long run. These will be discussed in more detail as this series unfolds.

BBD has helped various clients reach their security and compliance goals in preparation for their coming migration to the cloud, and understands the importance of tool selection to aid in an efficient migration to the cloud.

If youve made the decision and are looking for a cloud enablement partner to guide you through devising a relevant strategy, implementing the migration and optimising as your business grows reach out to BBD at http://www.bbdsoftware.com.

Go here to see the original:
So you want to migrate to the cloud? - ITWeb

Cloud computing services have become a vital tool for most businesses. It's a trend that has accelerated recently, with cloud-based services such as Zoom,Microsoft 365 and Google Workspaceand many others becoming the collaboration and productivity tools of choice for teams working remotely.

While cloud quickly became an essential tool, allowing businesses and employees to continue operating from home, embracing the cloud canalso bring additional cybersecurity risks, something that is now increasingly clear.

Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use ofcloud applicationsmeant that suddenly this wasn't the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools.

Cloud computing security threats

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let's look at the top cloud storage options.

Read More

While positive for remote workers because it allows them to continue with some semblance of normality working remotely also presents an opportunity for cyber criminals, who havequickly taken advantage of the switch to remote workingto attempt tobreak into the networksof organisations that have poorly configured cloud security.

SEE: IT Data Center Green Energy Policy (TechRepublic Premium)

Corporate VPNs and cloud-based application suiteshave become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do isget hold of a username and password by stealing them via aphishing emailor usingbrute force attacksto breach simple passwords and they're in.

Because the intruder isusing the legitimate login credentials of someone who is already working remotely, it's harder to detect unauthorised access, especially considering how the shift to remote working has resulted in some people working different hours to what might be considered core business hours.

Attacks against cloud applications can be extremely damaging for victims as cyber criminalscould be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for aransomware attackthat can lead to themboth stealing data and deploying ransomware. That's why it's important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services no matter where they're working from while also being able to use them efficiently.

Use multi-factor authentication controls on user accounts

One obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that's a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.

"One of the things that's most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power," says Christian Arndt, cybersecurity director at PwC.

Whether it's software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer,multi-factor authentication(MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft,MFA protects against 99.9% of fraudulent sign-in attempts.

Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers.

Use encryption

The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn't involve simply uploading data to the cloud and forgetting about it. There's an extra step that businesses can take to protect any data uploaded to cloud services encryption.

Just as when it's stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.

Apply security patches as swiftly as possible

Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn't make it invulnerable to security vulnerabilities and cyberattacks.

Critical security patches for VPN and RDP applicationshave beenreleased by vendorsin order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren't applied quickly enough, there's the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks.

Use tools to know what's on your network

Companies are using more and more cloud services and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposedwithout an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk.

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches.

"Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there's something in the system that means more can be exploited for compromise purposes," says Merritt Maxim, VP and research director at Forrester.

SEE: Network security policy (TechRepublic Premium)

CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure.

"You don't have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation," says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company.

Ensure the separation of administrator and user accounts

Cloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.

It's, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.

It's also important to ensure that regular users who don't need administrative privileges don't have them, because in the event of account compromise an attacker could quickly exploit this access to gain control of cloud services.

Use backups as contingency plan

But while cloud services can and have provided organisations around the world with benefits, it's important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach and that's especially true if extra security measures haven't been applied.

SEE:Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

That's why a good cloud security strategy should also involvestoring backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there's something there for the company to work with.

Use cloud applications that are simple for your employees to use

There's something else that organisations can do to ensure the security of cloud and that's provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.

A business could set up the most secure enterprise cloud suite possible, but if it's too difficult to use, employees, frustrated with not being able to do their jobs,could turn to public cloud tools instead.

This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn't have two-factor authentication or other controls in place to protect their personal account.

Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole.

Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security.

More here:
Cloud security in 2021: A business guide to essential tools and best practices - ZDNet

New York, July 22, 2021 (GLOBE NEWSWIRE) -- Reportlinker.com announces the release of the report "Data Center Accelerator Market by Processor Type, Type, Application And Geography - Global Forecast to 2026" - https://www.reportlinker.com/p05494008/?utm_source=GNW A growing number of tech giants and startups have begun offering machine learning as a cloud service due to the burgeoning demand for AI-based computation.

Most companies and startups do not develop their own specialized hardware or software to apply deep learning to their specific business needs.Cloud-based solutions are ideal for small and midsized businesses that find on-premises solutions costlier.

Thus, the increasing adoption of cloud-based technology is necessitating the need for deep learning.

Artificial intelligence to drive the growth of cloud data centerCloud data center is dominating the data center accelerator market owing to rise in demand for AI based solution.The growth of AI is leading to changes in cloud server configuration.

The cloud computing market has witnessed significant growth owing to the surge in the volume of data being transferred to the cloud from consumers.The surge in AI-centric data has led to the growth of co-processors (accelerators) embedded in the servers.

The accelerators optimize data processing at the servers by reducing the latency.According to Intel, currently, ~7% of the servers are used in deep learning activities.There are ~12 million server units around the globe as of 2021.

In the AI-capable servers for deep learning training, the typical CPU to GPU attach rate is 14 GPUs; in some cases, it is around 18 GPUs.Deep learning is expected to account for the majority of cloud workload during the forecast period, which, in turn, is likely to propel the demand for accelerators for cloud servers.

More than one-third of servers to be shipped in 2026 are likely to run either deep learning training algorithms or deep learning inference algorithms.Accelerators are likely to be deployed in the cloud servers for both public and enterprise cloud inference applications.

However, training applications are expected to account for the majority of the server applications by the end of 2026.

Asia Pacific is the fastest-growing region in the data center accelerator marketThe data center accelerator market in APAC is anticipated to register the highest CAGR of 42.7% between 2021 and 2026. The organizations in APAC have more preference for deploying a hybrid cloud. The organizations are adopting a mix of on-premises, third-party, co-location, private cloud, hosted cloud, and public clouddepending on the nature of workloads, legacy decisions made by the team, budgets, and technology maturity within the organization.The 2 major players in the data center accelerator market are NVIDIA Corporation (US) and Intel Corporation (US).Intel mainly focuses on its Xeon Phi processors and FPGA co-processors; however, NVIDIA has nearly reached a monopoly in the data centers accelerator market with its GPU accelerators.

Apart from NVIDIA and Intel, several start-ups are working on ASIC and FPGA accelerator architectures.

The breakup of primaries conducted during the study is depicted below: By Company Type: Tier 1 45 %, Tier 2 32%, and Tier 3 23% By Designation: C-Level Executives 30%, Directors 45%, and Others 25% By Region: North America 26%, Europe 40%, APAC 22% and ROW 12%

Research CoverageThe report segments the data center accelerator market and forecasts its size, by volume and value, based on region (North America, Europe, Asia Pacific, and RoW), Processor Type (CPU, GPU, FPGA, ASIC), Type (HPC Accelerator, Cloud Accelerator), Application (Deep Learning Training, Public Cloud Interface, Enterprise Interface).The report also provides a comprehensive review of market drivers, restraints, opportunities, and challenges in the data center accelerator market.

The report also covers qualitative aspects in addition to the quantitative aspects of these markets.

Key Benefits of Buying This Report This report includes market statistics pertaining to the processor, type, application, and region. An in-depth value chain analysis has been done to provide deep insight into the data center accelerator market. Major market drivers, restraints, challenges, and opportunities have been detailed in this report. Illustrative segmentation, analyses, and forecasts for the market based on processor, type, application, and region have been conducted to provide an overall view of the data center accelerator market. The report includes an in-depth analysis and ranking of key players.Read the full report: https://www.reportlinker.com/p05494008/?utm_source=GNW

About ReportlinkerReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need - instantly, in one place.

__________________________

Read the original:
Data center accelerator market was valued at USD 13.7 billion in 2021 and is anticipated to - GlobeNewswire

Oracle cofounder and CTO Larry Ellison

Reuters/Robert Galbraith

Oracle Cloud Infrastructure, the database giants flagship cloud unit and its answer to the dominant Amazon Web Services, has instructed its employees to focus on an updated set of priorities for the next several quarters, according to a memo viewed by Insider.

Other feature and development work is paused to assist in this effort, said the memo, sent to OCIs over 10,000 employees last week.

We know this change impacts many of the teams directly and indirectly. We appreciate your ability to Expect and Embrace Change, and your ability to continue to iterate and deliver a world class platform, the memo said, referring to the units leadership principles. Oracle declined to comment for this story.

The email lists those priorities in order of importance, starting with security (e.g. patching), followed by operations & support, region build for big customers (Telesis, NRI) and gov work [sic], and finally, region build for all other regions.

Two Oracle insiders say that several of the region build projects, with deadlines before the end of the year, are running behind schedule. In industry parlance, a region generally refers to the cloud servers or data centers intended to serve a particular area or country, and a region build is the process of setting those up. New regions would help expand Oracles reach and make it more appealing for large customers and government deals.

The memo says that its highest-priority region after those built for customers and the government right now is in Israel, followed by other dedicated regions including Oman, then rest of commercial. Oracles dedicated cloud regions only serve particular areas or countries.

Region bootstrap, across regions, will need to happen on a 247 basis in order to hit our delivery dates. All teams will need to resource appropriately to accommodate this expectation. This means, in some cases, temporarily reallocating personnel from other projects, teams, or orgs, the memo says, further calling on teams to facilitate war rooms on a 247 basis to troubleshoot issues and create 24-hour-a-day on-call rotations.

Notably, however, three Oracle employees told Insider that company leadership has since reduced the schedules to 147 after widespread discontent that one person characterized as a backlash.

Two people close to OCI speculate the updated priorities could be, at least in part, related to the fact that Oracle wants to make itself a stronger competitor for the Pentagons Joint Warfighter Cloud Capability contract, the successor to the now-scrapped $10 billion JEDI deal. Oracle lost out on the JEDI contract, which was awarded to Microsoft, but was ultimately canceled amid a lengthy legal challenge from Amazon.

The email suggests security is OCIs new top priority. The company recently reorganized the cloud security organization, which has a few hundred employees, and replaced its leader after only about a year, according to company insiders and an internal email viewed by Insider.

The changes come as OCIs workplace culture comes under scrutiny. More than a dozen current and former Oracle employees and executives recently told Insider that OCI is led by what one person described as a culture of fear, telling Insider that OCI boss Clay Magouyrk is known for trying to get results by beating down employees emotionally.

Magouyrks leadership style was cited in a pair of lawsuits filed by former vice presidents against the company and an executive. One of the former VPs who sued Oracle died by suicide in April. An attorney for the VPs said the cases are headed for arbitration.

Do you work at Oracle? Contact reporter Ashley Stewart via encrypted messaging app Signal (+1-425-344-8242) or email ([emailprotected]).

See the rest here:
Leaked memo shows Oracles flagship cloud unit told employees to ramp up for 247 work on projects that insiders say have fallen behind schedule - Times...

Vulnerabilities highlight risks of knit-your-own crypto

UPDATED An analysis of the popular Telegram secure messaging protocol has identified four cryptographic vulnerabilities.

Although none of the flaws are particularly serious or easy to exploit, security researchers have nonetheless warned that the software falls short on some essential data security guarantees.

Computer scientists from from ETH Zurich and Royal Holloway, University of London, uncovered the vulnerabilities after examining the open source code used to provide encryption services to the Telegram app. The audit excluded any attempt to attack any of Telegrams live systems.

The researchers found that Telegrams proprietary system falls short of the security guarantees enjoyed by other, widely deployed cryptographic protocols such as Transport Layer Security (TLS).

ETH Zurich professor Kenny Paterson commented that encryption services could be done better, more securely, and in a more trustworthy manner with a standard approach to cryptography.

Catch up with the latest encryption-related news and analysis

The most significant vulnerability among the quartet makes it possible for an attacker to manipulate the sequencing of messages coming from a client to one of the cloud servers operate by Telegram.

A second flaw made it possible for an attacker on the network to detect which of two messages are encrypted by a client or a server, an issue more of interest to cryptographers than hostile parties, the researchers suggest.

The third security issue involves a potential manipulator-in-the-middle attack targeting initial key negotiation between the client and the server. This assault could only succeed after sending billions of messages.

A fourth security weakness made it possible (at least in theory) for an attacker to recover some plain text from encrypted messages a timing-based side-channel attack that would require an attacker to send millions of messages and observe how long the responses take to be delivered. The researchers admit the attack is impractical while Telegram goes further and categorises it as a non-threat.

"The researchers did not discover a way to decipher messages," a representative of Telegram told The Daily Swig.

In a statement, the firm welcomed the research

The traits of MTProto pointed out by the group of researchers from the University of London and ETH Zurich were not critical, as they didn't allow anyone to decipher Telegram messages. That said, we welcome any research that helps make our protocol even more secure.

These particular findings helped further improve the theoretical security of the protocol: the latest versions of official Telegram apps already contain the changes that make the four observations made by the researchers no longer relevant.

The researchers notified Telegram about their research in April. Telegram has since patched all four flaws, clearing the way for researchers to go public with their findings through a detailed technical blog post.

Royal Holloway professor Martin Albrecht told The Daily Swig that the researchers offered lessons for other developers of secure messaging apps for example, industry standard TLS encryption should be a preferred design choice.

The mode of Telegram we looked at was when messages are encrypted between the client and the server only, Albrecht explained.

This is no different from running Facebook Messenger or IRC [Internet Relay Chat] over TLS. Here it makes little sense to not use TLS (or its UDP variants). It is well studied, including its implementations, it does not need special assumptions, it is less brittle than [for example] MTProto.

MTProto is the encryption scheme used by Telegram.

READ Kaspersky Password Manager lambasted for multiple cryptographic flaws

Telegram already relies on TLS for its security for messages from the server to Android clients, but it relies on proprietary approaches elsewhere.

Whether apps are built using TLS as a foundation or not, an audit by cryptographers is highly advisable.

Albrecht commented: When we talk about secure messaging apps specifically, i.e messages are encrypted between the parties not just the transport layer between client and server, they should have cryptographers on staff who formally reason about the design. In the future this should get easier with the MLS standard.

The research into Telegram was motivated by use of technology by participants in large-scale protests such as those seen in 2019/2020 in Hong Kong.

We found that protesters critically relied on Telegram to coordinate their activities, but that Telegram had not received a security check from cryptographers, according to Albrecht.

Albrecht was part of a team that researched what makes the Telegram platform attractive to high-risk users involved in mass protests, who are likely to be targeted by surveillance.

Telegram does seem to have the advantage of staying up in light of government crackdown in contrast to other social networks and seemingly not complying all that much with government requests, according to Albrecht.

YOU MAY LIKE Threema, the European rival to Signal, wins pivotal privacy battle in Swiss Court

Although mobile messaging apps such as Signal are often recommended and used by the security-savvy, features and utility are more important for mainstream users and go some way to explaining use of Telegram among protesters in Hong Kong and beyond.

It might be better to compare Telegram to Facebook or Twitter (in terms of features and appeal) than to, say, Signal, he added.

Telegram may be preferred to Facebook even if the latter is likely better or at stricter when it comes to data governance, Albrecht concluded.

On the flip side, it is not clear what security policies, processes and safeguards Telegram have in place to, e.g continuously vet their (server and client) code for software vulnerabilities, to prevent their own staff from snooping.

This story was updated to add comment from Telegram that welcomed the work of the researchers but disputed the impact of one of the admitted vulnerabilities.

RELATED Encryption issues account for minority of flaws in encryption libraries research

Excerpt from:
Multiple encryption flaws uncovered in Telegram messaging protocol - The Daily Swig