Cloud Hosting

NewEdge Wealth LLC Acquires New Stake in First Trust Cloud Computing ETF (NASDAQ:SKYY) – Defense World

April 21, 2024 | Author: admin

NewEdge Wealth LLC acquired a new stake in First Trust Cloud Computing ETF (NASDAQ:SKYY Free Report) during the 4th quarter, Holdings Channel reports. The fund acquired 2,596 shares of the companys stock, valued at approximately $228,000.

Several other institutional investors have also added to or reduced their stakes in the stock. Meitav Investment House Ltd. lifted its position in First Trust Cloud Computing ETF by 31.1% in the 4th quarter. Meitav Investment House Ltd. now owns 39,607 shares of the companys stock valued at $3,484,000 after acquiring an additional 9,398 shares in the last quarter. Blue Bell Private Wealth Management LLC lifted its position in First Trust Cloud Computing ETF by 37.7% in the 4th quarter. Blue Bell Private Wealth Management LLC now owns 720 shares of the companys stock valued at $63,000 after acquiring an additional 197 shares in the last quarter. Mirae Asset Global Investments Co. Ltd. bought a new stake in First Trust Cloud Computing ETF in the 4th quarter valued at $5,468,000. Prime Capital Investment Advisors LLC bought a new stake in First Trust Cloud Computing ETF in the 4th quarter valued at $214,000. Finally, Fulton Bank N.A. lifted its position in First Trust Cloud Computing ETF by 1.5% in the 4th quarter. Fulton Bank N.A. now owns 21,861 shares of the companys stock valued at $1,917,000 after acquiring an additional 315 shares in the last quarter.

SKYY opened at $90.10 on Friday. First Trust Cloud Computing ETF has a 12 month low of $60.65 and a 12 month high of $97.78. The firms fifty day simple moving average is $94.45 and its 200 day simple moving average is $86.67. The stock has a market capitalization of $2.93 billion, a P/E ratio of 20.90 and a beta of 1.06.

The First Trust Cloud Computing ETF (SKYY) is an exchange-traded fund that is based on the ISE Cloud Computing index. The fund tracks an index of companies involved in the cloud computing industry. Stocks are modified-equally-weighted capped at 4.5%. SKYY was launched on Jul 5, 2011 and is managed by First Trust.

Want to see what other hedge funds are holding SKYY? Visit HoldingsChannel.com to get the latest 13F filings and insider trades for First Trust Cloud Computing ETF (NASDAQ:SKYY Free Report).

Receive News & Ratings for First Trust Cloud Computing ETF Daily - Enter your email address below to receive a concise daily summary of the latest news and analysts' ratings for First Trust Cloud Computing ETF and related companies with MarketBeat.com's FREE daily email newsletter.

Oracle Invests $8B to Expand Cloud, AI Offerings in Japan – AI Business

April 21, 2024 | Author: admin

Oracle is investing more than $8 billion over the next decade to expand AI infrastructure and cloud computing in Japan.

The investment aims to expand Oracle Cloud Infrastructure (OCI), the company's cloud computing service in Japan, to meet growing demand.

Oracle also announced a commitment to help local customers with their digital sovereignty plans. A recent Omdia report found that businesses in Asia and Oceania are more interested in local, sovereign solutions.

The company said its expanded operations would include hiring Japanese personnel and engineering staff to support local AI and cloud efforts.

Oracles Japanese expansion will also increase access to public clouds in Tokyo and Osaka.

Oracle Alloy is also being expanded in Japan. Alloy allows customers to offer cloud services wherever they want. The company said this would enable local governments and businesses to continue to move their mission-critical workloads to the Oracle Cloud and embrace sovereign AI solutions.

We are dedicated to meeting our customers and partners where they are in their cloud journey, said Toshimitsu Misawa, Oracle Corp. Japans corporate executive officer and president. By growing our cloud footprint and providing a team to support sovereign operations in Japan, we are giving our customers and partners the opportunity to innovate with AI and other cloud services while supporting their regulatory and sovereignty requirements.

Related:Oracle AI Tool Strengthens Financial Crime Prevention in Banks

In addition to expanding its presence in Japan, Oracle is partnering with Fujitsu to offer local cloud and AI services. Through the partnership, Fujitsu will deploy Alloy, providing Japanese customers with access to OCI services.

Our collaboration with Oracle positions us to deliver a sovereign cloud offering that enables hyperscale functionality and digital sovereignty capabilities while ensuring operational governance by Fujitsu, said Kazushi Koga, Fujitsus senior executive vice president.

Oracles announcement comes on the heels of Microsoft announcing last week that it plans to invest $2.9 billion to expand local AI efforts and open a new research lab in Tokyo.

Read this article:
Oracle Invests $8B to Expand Cloud, AI Offerings in Japan - AI Business

Anodot Releases The State of Cloud Cost Optimization 2024 Report – PR Newswire

April 21, 2024 | Author: admin

Anodot updates its annual survey report, offering an in-depth summary of cloud cost optimization in 2024 for FinOps professionals

NEW YORK, April 19, 2024 /PRNewswire/ -- Anodot publishes its annual Cloud Cost Optimization Report, delivering insights from customer data and analysis of news and trends within theFinOps sector to prepare cloud users for 2024.

The report summarizes key findings from major organizations and companies in the FinOps space, including Anodot's recommendations on how to use these findings.

Additionally, Anodot utilizes its customer data to inform the report, showing how users optimize their cloud investments using their platform.

Key insights include:

Anodot collects this data to help FinOps teams understand how colleagues manage cloud costs for navigating the cloud in 2024.

David Drai, CEO of Anodot commented:

"Cloud computing faces challenges with inflation, economic uncertainty, and resource demand from generative AI investments. Our new State of Cloud Cost Optimization Report provides data-driven insights and a TLDR summary for navigating 2024. At Anodot, we proudly support FinOps practitioners, offering them the insights for informed cloud decisions, significant savings, and sustainable growth."

The State of Cloud Cost Optimization Report 2024is available for download on Anodot's website.

About Anodot

AI-based cost Optimization platform that forecasts, detects waste, and providestransparency and recommendations. Allowing you to facilitate strategic financial planningand management of your multicloud, K8s pods, and SaaS tools. Our multi-tenant, multi-billing platform optimizes costs across departments, teams, products, unit economics,and customers.

SOURCE Anodot

Read the original here:
Anodot Releases The State of Cloud Cost Optimization 2024 Report - PR Newswire

Will using the cloud stop us achieving our green targets? – Euronews

April 21, 2024 | Author: admin

Cloud computing already has a bigger footprint than the aviation industry, warns Hewlett Packard Enterprises Matt Harris.

Every day at work were sending emails, saving documents, adding numbers to spreadsheets. Outside of work we frivolously snap photos on our phone. In summary, were incessant data producers but how much of it do you ever delete?

By 2035 we are predicted to be producing 2,000 zettabytes of data. One zettabyte is equal to a trillion gigabytes.

To put that into context further, to print out one zettabyte of data youd need around 20 trillion trees worth of paper.

Theres only 3.5 trillion trees on Earth.

In this episode of The Big Question, Matt Harris, Senior Vice-President and Managing Director UK IMEA for Hewlett Packard Enterprise discusses the importance of managing our business data better.

Whoever first thought of The Cloud, named it incredibly strategically.

Matt Harris describes our current attitude towards The Cloud as looking to the sky vapourware - this concept of it being a non-physical storage, floating around us. In fact, all your data is still on a hard drive, youre just paying someone else to store it on their really big hard drive for you.

And while being able to access your data from anywhere in the world is incredibly convenient, our attitude towards its seemingly endless abundance is where it gets problematic.

In the past 10 years, companies have moved to a Cloud-first storage system, not necessarily because it was the best option for them but because its what everyone else was doing.

But now many businesses have found they are struggling with soaring Cloud costs, so much so that in a survey conducted by a recent documentary, Clouded II, funded by Hewlett Packard Enterprise, 47% of respondents said they were looking to move away from using The Cloud in the next year.

One of the main culprits of these rising costs is simply, paying for more than you actually need.

Depending on the reports you look at, per annum, customers and enterprises are spending anywhere between $150 - $200 billion (140-187M) a year, explains Matt Harris.

How much is wastage? Some reports would say we've got customers who say that 30% of their cloud bill is wastage or they don't know what it's used for. And even if we're half right on that, it is a sizable and significant number.

The data centres used to store all of our files require a huge amount of energy to run. And its not just electricity, they also need large amounts of water for their cooling systems.

Theres been reports in various drought-vulnerable parts of the world of farmers having to compete with data centres for water for their animals to drink.

Its hard to quantify exactly the environmental impact of our cloud usage, as data centre emissions vary enormously depending on the location due to temperature and access to clean energy.

So whats the solution?

We think it's a really good time for every organisation to re-evaluate their cloud strategy and start with the end state and goal, says Matt.

As a society, we are naturally hoarders.

We have comfort in keeping things, it gives us a degree of safety. If you think about data and what as businesses, as consumers, we're storing, do you need 32 copies of something which is not necessarily hugely valuable? How long do you need to store that piece of information for? We have historically kept things for tens of years, decades, 50 years. And the reality is, does that information require us to continue to hold it?

Matt also stresses that businesses should look at a hybrid strategy to their storage - choosing to host some things on the cloud and others in house.

Thinking through what data you dont want to be on a shared service and to have more control of its security will dictate what should be stored on public cloud, private cloud or on premises with a Cloud-like experience,

Don't end up in a hybrid by accident strategy. Do it by design, Matt says.

Its especially important to adapt our strategy now and put in place better building and management practices before AI becomes a widespread and fully integrated part of our lives.

The way the AI works is even hungrier than our classic data storage and enterprise workloads that sit on clouds today.

If you run AI workloads into our classic cloud models we have today, they'd be wildly inefficient.

So if we're not conscious and conscientious of how we build, how we consume, what we delete, then we are going to get to some astronomical wastage figures, which is really scary for all of us, Matt adds.

Time for a spring clear out? If youre not going to do it for the planet, at least save yourself, potentially, billions.

The Big Question is a series from Euronews Business where we sit down with industry leaders and experts to discuss some of the most important topics on todays agenda.

Watch the video above for the full conversation with Hewlett Packard Enterprise.

More here:
Will using the cloud stop us achieving our green targets? - Euronews

Oracle to invest over $8 billion in Japan in cloud computing, AI – Yahoo Singapore News

April 21, 2024 | Author: admin

(Reuters) -Oracle said on Wednesday it will invest more than $8 billion over the next 10 years to meet demand for cloud computing and AI infrastructure in Japan.

The latest investment will grow the footprint of Oracle Cloud Infrastructure (OCI), the company's cloud computing service, across Japan, Oracle said in a statement.

Oracle will also expand its operations and support engineering teams with Japan-based personnel, it added.

(Reporting by Maria Ponnezhath in Bengaluru; Editing by Jacqueline Wong and Christopher Cushing)

More here:
Oracle to invest over $8 billion in Japan in cloud computing, AI - Yahoo Singapore News

Google fires 28 workers after sit-in protest against Israel cloud contract – The Jewish News of Northern California

April 21, 2024 | Author: admin

Your access to this page has been blocked. Your request appears similar to malicious requests sent by robots.

If you are using a VPN, try disabling it.

If your browser is out of date, try updating it.

Please make sure JavaScript is enabled and then try loading this page again.

If you continue to be blocked, please send an email to s ecruxurity@sizetedistrict.cVmwom with:

Go here to see the original:
Google fires 28 workers after sit-in protest against Israel cloud contract - The Jewish News of Northern California

Fujitsu and Oracle Collaborate to Deliver Sovereign Cloud and AI Capabilities in Japan – PR Newswire

April 21, 2024 | Author: admin

Fujitsu to deploy Oracle Alloy as part of its hybrid IT solutions

KAWASAKI, Japan and TOKYO, April 18, 2024 /PRNewswire/ -- Fujitsu Limited and Oracle are collaborating to deliver sovereign cloud and AI capabilities that help address the digital sovereignty requirements of Japanese businesses and the public sector. With Oracle Alloy, Fujitsu will expand its Hybrid IT offerings for FujitsuUvance,which helps customers grow their businesses and solve societal issues. Fujitsu will be able to operate Oracle Alloy independently in its data centers in Japan with additional control over its operations.

Fujitsuwill deploy Oracle Alloy, a cloud infrastructure platform that provides more than 100 Oracle Cloud Infrastructure(OCI) services, including generative AI, as part of its Fujitsu Uvance Hybrid ITportfolio, which supports customers with on-premises and cloud-based infrastructure. This will enable businesses and the public sector to utilize sovereign cloud infrastructure and sovereign AI directly from data centers operated by Fujitsu in Japan.Oracle is a leading hyperscaler capable of delivering AI and a full suite of 100+ cloud services locally, anywhere.Based on the knowledge accumulated through use cases in the Japanese market, Fujitsu will actively consider expanding Oracle Alloy to other markets.

Kazushi Koga, SEVP, Fujitsu Ltd., said,"Fujitsu has been working with partners who have strengths in their respective fields to solve customers' challenges as part of its Fujitsu Uvance Hybrid IT offerings. Our collaboration with Oracle positions us to deliver a sovereign cloud offering that enables hyperscale functionality and digital sovereignty capabilities while ensuring operational governance by Fujitsu."

Scott Twaddle, senior vice president, Product and Industries, Oracle Cloud Infrastructure,said, "With Oracle Alloy we will be bringing our best cloud technologies to help Fujitsu's customers transform and modernize their businesses and society. Fujitsu's sovereign cloud approach in Japan is a testament to their forward-looking technology strategy. We look forward to continuing to partner with Fujitsu to bring cloud services to more customers around the world."

Toshimitsu Misawa, member of the board, corporate executive officer and president, Oracle Japan, said, "This strategic collaboration with Fujitsu is an important step forward in delivering a cloud that addresses the digital sovereignty requirements of Japanese businesses and the public sector. Fujitsu and Oracle will continue to promote the use of cutting-edge cloud technologies, including sovereign AI, to help customers improve the resilience of their mission-critical operations."

The collaboration will:

About FujitsuFujitsu's purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$28 billion) for the fiscal year ended March 31, 2023 and remains the top digital services company in Japan by market share. Find out more: http://www.fujitsu.com.

About OracleOracle offers integrated suites of applications plus secure, autonomous infrastructure in the Oracle Cloud. For more information about Oracle (NYSE: ORCL), please visit us at http://www.oracle.com.

TrademarksOracle, Java, MySQL and NetSuite are registered trademarks of Oracle Corporation. NetSuite was the first cloud companyushering in the new era of cloud computing.

SOURCE Oracle

Continued here:
Fujitsu and Oracle Collaborate to Deliver Sovereign Cloud and AI Capabilities in Japan - PR Newswire

Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M – Ars Technica

April 21, 2024 | Author: admin

Getty Images

Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providersone based in Seattle and the other in Redmond, Washingtonout of $3.5 million.

The indictment, filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III45 of Omaha, Nebraskawith wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday.

Prosecutors allege that Parks defrauded two well-known providers of cloud computing services of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means.

Details laid out in the indictment underscore the failed economics involved in the mining of most cryptocurrencies. The $3.5 million of computing resources yielded roughly $1 million worth of cryptocurrency. In the process, massive amounts of energy were consumed.

Parks scheme allegedly used a variety of personal and business identities to register numerous accounts with the two cloud providers and in the process acquiring vast amounts of computing processing power and storage that he never paid for. Prosecutors said he tricked the providers into allotting him elevated levels of services and deferred billing accommodations and deflected the providers inquiries regarding questionable data usage in unpaid bills. He allegedly then used those resources to mine Ether, Litecoin, and Monero digital currencies.

The defendant then allegedly laundered the proceeds through cryptocurrency exchanges, an NFT marketplace, an online payment provider, and traditional bank accounts in an attempt to disguise the illegal scheme. Once proceeds had been converted to dollars, Parks allegedly bought a Mercedes-Benz, jewelry, first-class hotel and travel accommodations, and other luxury goods and services.

From January to August 2021, prosecutors allege, Parks created five accounts with the Seattle-based on-demand cloud computing platform using different names, email addresses, and corporate affiliations. He then allegedly tricked and defrauded employees of the platform into providing elevated levels of service, deferring billing payments, and failing to discover the activity.

During this time, Parks repeatedly requested that the provider provide him access to powerful and expensive instances that included graphics processing units used for cryptocurrency mining and launched tens of thousands of these instances to mine cryptocurrency, employing mining software applications to facilitate the mining of tokens including ETH, LTC and XMR in various mining pools, and employing tools that allowed him to maximize cloud computing power and monitor which instances were actively mining on each mining pool, prosecutors wrote in the indictment.

Within a day of having one account suspended for nonpayment and fraudulent activity, Parks allegedly used a new account with the provider. In all, Parks allegedly consumed more than $2.5 million of the Seattle-based providers services.

The prosecutors went on to allege that Parks used similar tactics to defraud the Redmond provider of more than $969,000 in cloud computing and related services.

Prosecutors didnt say precisely how Parks was able to trick the providers into giving him elevated services, deferring unpaid payments, or failing to discover the allegedly fraudulent behavior. They also didnt identify either of the cloud providers by name. Based on the details, however, they are almost certainly Amazon Web Services and Microsoft Azure. Representatives from both providers didnt immediately return emails seeking confirmation.

If convicted on all charges, Parks faces as much as 30 years in prison.

The rest is here:
Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M - Ars Technica

Google Fires 28 Staffers Involved in Office Protests Over Israel Contract – TheWrap

April 21, 2024 | Author: admin

Google fired the 28 employees who protested against the Alphabet divisions $1.2 billion cloud-computing contract with the Israeli government, just days after they staged sit-ins at offices around the nation.

The protests took place Tuesday at offices in New York City, Sunnyvale, California, Seattle and elsewhere. The group in Sunnyvale occupied the office of Google Cloud CEO Thomas Kurian and livestreamed the sit-in on a Twitch channel called notech4apartheid.

On the stream, they said New York staffers had been arrested after they sat down in a common space in the office and opened up a banner reading, No Tech for Genocide. They were released several hours later.

The protest focused on Project Nimbus, the cloud computing service Google provides Israeli government agencies in partnership with Amazon as part of a contract worth $1.2 billion.

The group also has a website, NoTechForAparteid.com, which encourages visitors to petition both Google and Amazon to stop doing business with Israel.

While the contract has long been an issue for some of Googles staffers, the tensions surrounding it have escalated since the start of Israel-Gaza war in October, The New York Times reported.

Google Vice President for Global Security Chris Rackow said in a company-wide email that the staffers were let go after they took over our office spaces, defaced our property and physically impeded the work of other Googlers..

Their behavior was unacceptable, extremely disruptive, and made co-workers feel threatened, said the memo, which CNBC posted.

Rackow said the 28 were fired after an investigation. We will continue to investigate and take action as needed, he wrote. Behavior like this has no place in our workplace and we will not tolerate it.

The overwhelming majority of our employees do the right thing, Rackow continued. If youre one of the few who are tempted to think were going to overlook conduct that violates our policies, think again.

No Tech for Apartheid said in a statement that the comapny indiscriminately engaged in wholesale firings, including of some workers who did not take part in the protests through a dragnet of in-office surveillance and denied damaging property or threatening colleagues.

This flagrant act of retaliation is a clear indication that Google values its $1.2 billion contract with the genocidal Israeli government and military more than its own workers, the statement said. In the three years that we have been organizing against Project Nimbus, we have yet to hear from a single executive about our concerns. Google workers have the right to peacefully protest about terms and conditions of our labor. These firings were clearly retaliatory.

These mass, illegal firings will not stop us, the statement continued. On the contrary, they only serve as further fuel for the growth of this movement. Make no mistake, we will continue organizing until the company drops Project Nimbus and stops powering this genocide.

See the original post here:
Google Fires 28 Staffers Involved in Office Protests Over Israel Contract - TheWrap

Exploring Cloud Native Application Protection Platforms: Enhancing Security – Appinventiv

April 21, 2024 | Author: admin

Cloud computing, at the back of its wide-ranged benefits spanning across scalability, high mobility, easy data recovery, high performance, and quick deployment, has come at a stage where the market is set to reach $676 billion in 2024.

While on one side, the idea of having on-cloud presence is becoming mainstream, the other side one which needs clear assurances is directing questions around business data safety towards cloud providers. And for fair reasons.

Even with the promise of strict security measures being diligently embedded in their systems, there have been instances where 80% of companies have experienced one serious cloud security incident in the past few years. Additionally, 24% of the companies reported experiencing a security incident related to public cloud usage. The most common types of incidents were misconfigurations, account compromises, and exploited vulnerabilities.

Reports also mention that more than 45% of data breaches are cloud-based. In addition to this, more than 96% of organizations face significant challenges while implementing their cloud strategies. Among the challenges, 35% of IT decision-makers struggle with data privacy and security issues while 34% face a lack of cloud security skills and expertise.

The transition to cloud has introduced a range of new security gaps. For example, the growth in ephemeral and dynamic environments operating inside the cloud ecosystem have increased operational complexities and birthed unique unpredictable interactions.

Also earlier, most of the cloud security tooling was focused on enabling teams to understand their infrastructure security. However, its not enough anymore. Security toolset should now ask, Is my cloud application secure?

As an industry response, cloud-native applications security has come into picture through CNAPP.

A cloud-native application protection platform is a cloud security model which follows a highly integrated lifecycle approach that protects both workloads and hosts in the cloud-native application development environments. Environments that come with their own unique demands and issues.

These cloud-native security solutions offer powerful automation abilities, which when calibrated rightly improves cloud admins efficiency. As a result, all the siloed solutions of application security gets unified and raises the expectations that businesses have with next-gen application security solutions.

The true essence of cloud application protection platform, however, can be best understood by looking into the extent of cloud security challenges it solves.

The absence of CNAP security opens several security loopholes in application development and deployment, leaving software prone to hacks and breach vulnerabilities. But that is not all. Here are some other reasons that make cloud-native network security exploration a must-have.

Getting visibility in agile-run development projects can be challenging. The teams tend to be extremely self-organizing, which leads to a situation where they use multiple methods to organize and track themselves across sprints and teams. This, while helps things move swiftly, makes the development efforts opaque to stakeholders.

CNAP cybersecurity platform increases visibility across multiple stages and components in the software lifecycle. It gives a microscopic context to all the information present in the system along with actionable data, which, in turn, makes it easy for the developers to mitigate security issues like misconfigurations with their existing toolsets. This increased visibility also becomes beneficial when it comes to creating and prioritizing alerts on the basis of the risk levels.

Increased collaboration tends to be the biggest benefit of cloud-native applications; several teams are able to work on different parts of the project without ever interfering with each others tasks. While it definitely expedites the go-to-market time, expansion of sources can create a wider surface area for vulnerabilities to emerge.

A cloud-native security software addresses this by shifting the security element closer to the development stage. The system creates a model where components are scanned for security vulnerabilities before they are processed, ensuring at-risk components, misconfigurations in files such as infrastructure-as-code templates get identified before deployment. In the highly collaborative work environment, avoidance of misconfigured file sharing tends to save a lot of development resources time.

Another challenge that cloud adoption presents is the utilization of different independent security tools at multiple developmental stages. Managing the configuration of these tasks can be difficult, leading to businesses forgoing security across the end-to-end software spectrum. Some businesses even tend to deploy monitoring tools which end up duplicating tasks, adding to the security woes.

CNAP cybersecurity resolves these challenges by allowing businesses to safeguard the development production processes and infrastructure across the full software spectrum. This gives them a holistic security view right from when development components are received to when the software gets into production. Having a comprehensive view of the ongoing processes ultimately helps with real-time monitoring of infrastructure and applications, while powering speedy issues resolution.

CI/CD is the base of modern software development. The popular agile method depends heavily on the full-cycle automation of delivery processes. This comprises building process automation, testing, and releasing it. Even though the process makes software development easy and fast, if a misconfiguration or issue isnt picked up early, it can show up in the released version.

CNAPP solutions can be seamlessly embedded in the CI/CD and modern development tools. This helps businesses monitor build phase scanning and keep integrity in check.

One of the prominent issues of SecOps is the time manual scans take to verify vulnerabilities. Managing a toolset tends to become its own workstream, taking up resources. This especially happens because in a cloud environment components dont share information with each other.

A cloud-native network security service solves this through a unified monitoring system. Businesses can conduct tests on the components from the platform, which can help plan out the overall security approach for the remaining part of the project. This saves developers a lot of time, ensuring they can focus on other tasks that add value to the software.

Also Read: Why DevSecOps is crucial for tackling cloud security challenges

Now that we have looked into the benefits of CNAPP through the point of view of an unsafe cloud environment, let us look into the elements that make this possible.

Several components merge to form a high security-focused cloud native application protection platform.

CSPM solution identifies and resolves threats in the cloud environment. With functions comprising incident response, security risk assessment, and DevOps integration, the component utilizes automation for handling security risks swiftly, while working in sync with the IT security and development teams.

Now although CSPM parts of cloud-native network security service are compatible with both containerized and hybrid environments, they tend to be most efficient in multi-cloud environments as they can offer complete visibility into the cloud assets.

A CWPP solution comes with the capability to handle heavy workloads deployed on a companys cloud platform. Another great thing about the component is that development units can easily integrate it in the automated processes of their CI/CD flow, which is usually as a part of the build journey.

Additionally, CWPP doesnt just integrate with parts of the enterprise SecOps infrastructure seamlessly, it also powers up the offerings of the security operations center (SOC), helping it find and analyze complex-level cloud-based cyber attacks efficiently.

A CIEM solution focuses on cloud access risk management. It uses admin-time controls for handling data governance in the multi-cloud IaaS architectures. In the cloud-native application protection platform setup, it helps with handling identity governance for dynamic cloud environments, usually on a model where the entities and users access only what they need.

Container security is a practice followed for the implementation of processes and mechanics to safeguard containerized workloads and applications. In the current time, it has become crucial to have complete visibility of elements such as container-host location, identification of operating or stopped containers, identifying non CIS compliant container hosts, and having regular vulnerability checks.

Keeping this into consideration, it is advised to implement container security at an early stage of the CI/CD pipeline, since it would expose application risks and eliminate friction in the development process.

Infrastructure as code (IaC) is where codes are leveraged for the provisioning of the infrastructure resources that the cloud-driven software needs. Developers can easily utilize this reproducible approach for writing, testing, and releasing code which would build the infrastructure on which the application will run. However, it is important to note that securing the process is necessary at a very early phase, since if done later, there can be instances of vulnerabilities or misconfigurations, which can then be exploited by hackers.

Now that we have looked into the different components of a cloud native application protection platform, you must be wondering how they translate into the actual working.

CNAPP security combines essential security functions and tools to ensure complete application protection from code to cloud. It merges security tools like CSPM, CIEM, and CWPP for identifying high-priority security risks.

Once identified, an automated remediation process is initiated for the mitigation of vulnerabilities and misconfigurations and while maintaining industry compliance. The cloud application protection platform also adds in certain guardrails which guarantees zero malicious attempts on the cloud ecosystem.

CNAP can work both through an agent or without one. Usually, the agent cloud-native security platform calls for a sensor to provide visibility into the system information. On the other hand, agentless CNAPP is built on APIs that cloud providers offer, on the basis of which businesses get a complete visibility into the operations.

Using these and a range of other use-case based components like identity and access management, encryption, network segmentation, and threat detection, our team has worked on some cloud-native applications security platforms.

Lets give you a high-level walkthrough of the projects we are working on for them as their cloud solution services and cloud-native security services provider.

We recently worked with two businesses, providing cloud-native security solutions for their products. The CNAPP feature sets that we helped them build or integrate into their application included

For both the projects, the end goals for the business and in turn us, had been the same building a CNAPP solution that brings all the cloud resources in one place, offers a full view of the cloud ecosystem and risks, brings multi-cloud infrastructure together, and ensures compliance-readiness.

While both the products are at a beta stage of their launch, we are continuously working with them to establish seamless integration with the DevOps and CI/CD cycles while keeping their systems running.

Although the demand for CNAPP security solutions is becoming evident every passing day, the platform, when not well-strategized, can pose some challenges as well. One of the most common ones (specially for new cloud-native application protection platform owners) is to scale the solution to seamlessly integrate with different cloud adoption use cases and their unique APIs, third party integrations. This, when added to the growing competition in the domain, can make it difficult for new players to enter the market.

The solution to avoid or ace these situations lies in a partnership a partnership between cloud native security platform owners and a cloud-focused development team. Appinventiv can be the people you need. Get in touch with our cloud experts today.

Q. What is CNAPP all about?

A. CNAPP stands for cloud native application protection platform. It is a comprehensive solution designed to secure cloud-native applications. The platform provides advanced security capabilities tailored specifically for cloud-native architectures, including microservices, containers, and serverless computing.

They also come with features such as vulnerability scanning, runtime protection, access control, encryption, and compliance monitoring to safeguard applications and data in cloud environments.

Q. What problems does CNAPP solve?

A. A Cloud Native Application Protection Platform (CNAPP) solves several key challenges related to securing cloud-native applications:

Q. How does cloud-native application protection platforms work?

A. A cloud-native application protection platform operates by seamlessly integrating various security capabilities that are tailored for cloud-native environments. It begins by offering visibility into the applications components, including microservices, containers, serverless functions, and their interdependencies.

The platform conducts comprehensive vulnerability assessments, scanning container images and application components for known vulnerabilities, outdated libraries, and configuration errors, which are then remediated.

Additionally, CNAPPs facilitate encryption of data at rest and in transit, manage encryption keys securely, and enable real-time monitoring, alerting, and incident response to ensure a robust security posture for cloud-native applications.

THE AUTHOR

Sudeep Srivastava

Originally posted here:
Exploring Cloud Native Application Protection Platforms: Enhancing Security - Appinventiv

Cloud Hosting

Will using the cloud stop us achieving our green targets? – Euronews

Google fires 28 workers after sit-in protest against Israel cloud contract – The Jewish News of Northern California

Fujitsu and Oracle Collaborate to Deliver Sovereign Cloud and AI Capabilities in Japan – PR Newswire

Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M – Ars Technica

Google Fires 28 Staffers Involved in Office Protests Over Israel Contract – TheWrap

Exploring Cloud Native Application Protection Platforms: Enhancing Security – Appinventiv

Recent Posts

Categories

Archives

Media Sites

Pages

Site admin