The 2022 Winter Olympics are scheduled to begin in Beijing, China on February 4th. The Beijing Winter Olympics Organizing Committee has partnered with Alibaba Cloud to implement what they are advertising as the first “Olympics on the cloud”. Let’s take a look at some of the ways cloud technology will influence how the games are held and consumed by the global audience. 

An Alternative to a Temporary IT Environment 

In previous iterations of the Olympics, the IT infrastructure and environment required for their support were constructed before the games by the Olympics Organizing Committee. After the games when it was no longer needed, this temporary IT environment was disassembled. The construction and dismantling of this impermanent entity wasted resources and increased the amount of time necessary to prepare for and wind down games. 

The organizers of the Beijing Winter Olympics have successfully migrated the core operating systems necessary to produce the games to the Alibaba Cloud. This includes a wide range of systems including those that are used for broadcasting events and tabulating results. Other critical operational elements now residing in the cloud track athlete arrival and departure, medical issues, transportation, and accommodations.  

Using cloud technology also fits nicely with China’s goal of holding a Green Olympics. The cloud computing resources employ natural air cooling rather than mechanical solutions, reducing thermal energy consumption by over 70%. Shutting down the Olympic IT infrastructure will simply be a matter of returning resources to Alibaba so they can be used for other projects resulting in a minimal environmental impact.  

How the OBS Cloud Will Affect Broadcasts  

The Olympic Broadcasting Service (OBS) is the entity responsible for presenting the games to the public. They provide coverage and services to Rights Holding Broadcasters (RHBs) who have acquired the exclusive rights to broadcast the Games in their country or territory. Working with Alibaba, OBS is launching the OBS Cloud which is designed to facilitate the more efficient and manageable distribution of the content they generate. 

The OBS cloud is a suite of cloud services tailored to the requirements of data-intensive broadcast workflows. Broadcasters can integrate their private cloud installations with Alibaba Cloud technology to virtualize broadcast systems and network platforms. The availability of front and back-end solutions will enable RHBs to reduce costs while providing a more informative and enjoyable fan experience. The OBS cloud also makes over 9,000 content clips available for broadcast by RHBs. 

What About the Fans? 

The reliance on cloud technology will provide benefits for viewers of the Beijing Olympics. OBS produces sports coverage in Ultra High Definition (UHD) High Dynamic Range (HDR), providing enhanced detail and a more immersive fan experience. Audiences are able to enjoy new camera angles and 360-degree replays as well as other cutting-edge technologies made possible through the use of cloud platforms.  

An example is 3D Athlete Tracking (3DAT) technology first used in the 2020 Tokyo Olympics. The 3DAT systems provide viewers with overlay visualizations and next-gen graphics by processing standard video with artificial intelligence (AI) solutions. Real-time event data is used to display advanced statistics and furnish fans with interesting information. 

The cloud will impact every aspect of the 2022 Beijing Olympics. The cooperative characteristics of the OBS cloud provide a roadmap for future collaborative ventures based on the versatility of the cloud.

The Log4j security vulnerability was discovered on December 9, 2021, by Chen Zhaojun of the Alibaba Cloud Security Team. The formal designation of the vulnerability is CVE-2021-44228 or Log4Shell. It is a publicly available and high-severity security flaw that impacts the core functionality of the widely used Apache Log4j logging library. This includes many cloud environments across the public vendor spectrum.

What is the Danger of Log4j?

Log4j is used extensively in Java server and client applications developed in the last 10 years. The logging library allows messages containing format strings to reference outside information using the Java Naming and Directory Interface (JNDI). Using various protocols like LDAP, the information can be retrieved remotely. Attackers can insert JNDI references to redirect traffic to LDAP servers under their control and run malicious code at will. 

Taking advantage of CVE-2021-44228 provides hackers with multiple methods of attacking a vulnerable system. They can perform remote code execution, giving them access to all data resources on the target machine. This power enables malicious actors to delete important files or encrypt them and hold the resources for ransom. Any system employing a vulnerable version of Log4j can be attacked. 

Apache Log4j is the only service impacted by this vulnerability. Applications that use the log4j-core JAR file can be attacked. Systems using the log4j-api JAR file without the log4j-core JAR file are not affected.  

The solution for systems exhibiting this security exposure is to patch the affected system. This can be challenging due to the sheer number of systems involved and the need to test operability after patching is complete. Apache recommends users Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later) and that the JDBC Appender is only configured for Java. More detailed information and the latest patches from Apache are available on this website. 

What Log4j Means for Cloud Instances 

The Log4j vulnerability is impacting the offerings of all major cloud vendors. Here are some examples of how some popular cloud platforms are addressing this widespread security problem. 

Google - The company recommends that Google Cloud Marketplace and Google Workspace customers review all third-party apps from a security standpoint. All customers should upgrade to the latest version of Log4j. Google also offers multiple tools that provide a layered defense from hackers including:

• Cloud Armor
• On-Demand Scanning
• Enforcing binary authorization deployment rules.

 Microsoft - Microsoft’s security team has identified the exploitation of this vulnerability by nation-state actors from China, North Korea, and other countries. The company suggests customers should employ Microsoft Defender for Cloud and Defender for Containers as well as other tools to determine their exposure. 

Amazon - Amazon Web Services also provides guidance for customers potentially affected by Log4j. The tools available to identify and mitigate the impact of the vulnerability include the Web Application Firewall (WAF), the Route 53 Resolver DNS Firewall, and the AWS Network Firewall. Amazon Inspector and GuardDuty help determine if the vulnerability affects your systems.  

The Log4j issue highlights the vulnerability inherent in using shared software components. Since it is impossible to eliminate their use, organizations need to operate with a heightened sense of vigilance in protecting the credentials that allow intruders to access sensitive information. Malicious actors will take advantage of any opening to compromise your systems.

One of the effects of the work at home movement spurred on by the COVID-19 pandemic is increased usage of Apple products in corporate settings. Many users are connecting to their office machines from home using MacBooks, iPhones, or iPads. The popularity of the iPhone also makes it a natural choice for employees operating in a BYOD (bring your own device) environment. 

The proliferation of Macs and iOS devices presents an attractive opportunity for developers of both internal and commercial solutions. These machines need compatible software that integrates with enterprise systems to allow remote employees to make use of their personal devices. There is also room for innovative new applications focused on the macOS and iOS platforms. 

Many IT environments lack a robust platform for developing and testing Apple apps. Fortunately, developers searching for a viable method of creating applications for these Apple operating systems can take advantage of a dedicated cloud solution.  

What is MacStadium? 

MacStadium is a cloud solution that enables developers to create, build, test, and manage macOS and iOS projects. Organizations utilizing MacStadium’s services can concentrate on building software and tools without worrying about the underlying hardware.  

Genuine Intel or M1 Apple hardware is deployed for running Xcode and Mac apps. Customers can use generic configurations or have an environment custom-built to their specifications. MacStadium offers Mac cloud solutions that address multiple business needs including: 

• Developing apps for the macOS and iOS operating systems;
• Creating Apple compatible workspaces;
• Supporting macOS and iOS continuous integration, continuous delivery, and continuous deployment CI/CD pipelines;
• Integrating a Mac cloud with non-Mac pipelines on-premises or in other public clouds;
• Enabling startups to enjoy an inexpensive and scalable Mac development environment. 

MacStadium provides three alternatives to cover business use cases.  

• macOS virtualization - Three different virtualization options fit any organization’s needs. Customers can choose from industry-standard VMware, a develop-focused Kubernetes platform named Orka, and a dedicated macOS virtual environment called Anka.  

• Mac remote desktops - Addressing the needs of businesses coping with a remote workforce, MacStadium provides solutions for remote and virtual Mac desktops. They offer secure access to Mac resources from anywhere to empower your remote employees. 

• Bare metal Macs - Running on dedicated hardware, bare metal Macs are available in multiple configurations. Customers only pay for what they use, and can easily scale and customize their solution as requirements evolve.  

Virtually any usage scenario involving Macs or iOS devices can be satisfied with the features available from MacStadium. Developers can now easily create Mac-based solutions without the capital investment in hardware resources.  

MacStadium is an example of a cloud vendor that is not attempting to increase its customer base by providing less expensive or innovative offerings that appeal to the general computing community. The company is counting on the continued adoption of macOS and iOS devices in the workplace and the need to integrate them with other enterprise software and hardware solutions. As cloud services keep maturing, we are bound to see more vendors concentrate on providing targeted services that cover every niche of the computing universe.

As the Internet of Things (IoT) continues gaining momentum, companies worldwide are fast implementing cloud computing solutions as an alternative to on-premise systems. Cloud storage has made it easier for businesses to deal with massive customer data from different sources while making it easy to access, analyze and get insights from such data. The cloud helps free businesses from challenges associated with the expensive installation of on-premise data centers and hiring personnel to work on these data centers. Therefore, the cloud cuts down the money that could have been spent on memory capacity, expansion of computing power, and hiring personnel.

Despite the advantages that the cloud brings to businesses, like the reduced downtimes and lowering of costs, it has its challenges which have led to the emergence of new alternatives. Some of the solutions known to be the alternatives of the cloud are fog computing and edge computing—these two promise to solve the problems associated with the traditional cloud. With the availability of these three, you would ask which of them is the better alternative that can solve your problems? This article helps you find out the difference between the three then you can answer that question by yourself.

Why do you need these alternatives?

The cloud is a crucial component of modern business that helps reduce the cost of tiring data. However, that does not mean it costs nothing. The cost of using the cloud increases as the storage needs rise. That is why you do not have to store everything on the cloud. The edge computing or edge network can be used to store data that is less useful. This could lead to significant savings in terms of space usage in the cloud and the cost.

Unlike cloud computing, where the data is stored in a server far from the source, fog and edge solutions store data near the source. Another striking difference between the three is the processing power. Unlike fog and edge solutions, cloud computing offers advanced processing power and allows the storage of massive amounts of data away from the source. However, edge and fog store smaller amounts of data and allow processing on the device or sensor.

The two alternatives to the cloud have various advantages. For instance, they are more useful in instances where there is no complete internet connection. They can work without seamless connectivity to the internet. Secondly, since all data is stored in the user’s machines, fog and edge computing offer better security options managed by the user. Furthermore, the alternatives to the cloud are more effective than the cloud because it only takes a few seconds or milliseconds for bi-directional communication between IoT devices to be completed. These alternatives allow companies to cut costs and separate information.

Uses of edge and fog computing

Edge and fog computing can be used in different industries as a new data processing and storage option. However, manufacturing, retail, and healthcare can benefit more from these technologies. In manufacturing, both edge and cloud computing solutions are used today to avoid downtime, improve productivity and increase profitability by cutting down the cost of operations. The adoption of fog and cloud in this industry is expected to grow in the future. Retail also uses edge and fog computing to improve customer experience, allowing retailers to process, analyze and take action on data faster closer to the customer. On the other hand, healthcare providers use fog and cloud computing to track drugs, improve energy management and increase the speed of delivery of services through fast processing.

Cloud computing is one of the most significant inventions since the advent of the internet. It has become the single most sought-after investment by organizations, both large and small, to improve service provision. The experts bill it as a technology that brings several benefits, including cost-cutting, enhancing business operations and tackling business problems. The importance of the cloud to organizations can be seen through the rise of large cloud service providers like Amazon Web Services, Google Cloud and Salesforce, among others. Although there are many risks, there are many key benefits for businesses. If you look forward to changing your business, the cloud is one of the things you need to consider. Here are some ways that the cloud can change your business.

1. Rapid communication

Cloud computing enables businesses to improve communications, which is expensive when using traditional methods. Faster and cheaper communication options simplify businesses, which is one of the key reasons for the rise in popularity of the cloud. The cloud offers cost-effective and dependable IP-based connections that allow employees to communicate with clients or customers easily across the globe. It offers an increased speed that allows employees to work from anywhere and conduct meetings through video conferencing.  Video communication has become a crucial part of any business, regardless of size.

2. Easy access

With the cloud, businesses and employees can easily access their projects from any location across the globe. The projects and communications can also be shared easily with overseas clients. As such, business people no longer need to save and carry their business documents around in thumb drives, laptops or tablets. With the cloud, you can access the documents even if your system gets damaged due to any reason. This means that you can continue your work on another device because the data is safely stored in the cloud.

3. Secure collaboration

Collaboration is one of the big parts of any business in the modern era. This is where cloud computing comes in handy. It allows businesses to quickly and securely collaborate with team members whenever they are in the world. All files in the cloud could be accessed at any time by teams or individuals, place or update the files.  

4. Increases space for innovation

In a highly competitive business environment, innovation has become the leading aspect that keeps businesses surviving. Customers now want revolutionary products faster than ever. Cloud computing allows businesses to deploy innovative changes faster and in a less expensive way. Although you can encounter various struggles in adopting change in the past, the new possibilities brought about by the cloud have allowed businesses to transform their operations. Entrepreneurs are now using cloud computing to create new solutions without investing millions of dollars.

5. Adoption of the cloud could ease competition

While you can still compete with other organizations without the cloud, adopting it will make things easier and faster. With the recent advancements in technology, it will become difficult to compete with modern businesses with traditional techniques. The cloud, for instance, will reduce the cost of operations, which could have been higher if you use in-house data centers and enhance collaboration and accessibility. Therefore, those who are slow in adopting change will be left behind and may likely face the consequences.

6.      It promotes self-service

One key advantage of the cloud is that it requires less supervision, which means less staff and reduced cost. With this technology, people can access the services anywhere without consulting or requesting permission. Organizations will therefore require few IT personnel, while employees can work efficiently.

Cloud migration is an important activity, which entails moving things from the on-premises to the cloud. It may also refer to moving from one cloud to the other and can involve moving all or just a few assets. Although these are the main activities in cloud migration, it sometimes consists of many other things. Regardless of the things involved in cloud migration, it requires an in-depth understanding and strategy to be done successfully. Here are some strategies that you may use in your cloud migration.

1. Re-hosting

As implied by the name, re-hosting entails lifting the stack and moving it from the on-premises hosting to the cloud. Also called lift and shift, this approach is cheap and requires minor refactoring compared to other approaches. It involves transporting the exact copy of the current hosting environment without making changes for a fast return on investment. This strategy is suitable for companies that have conservative culture or those that have no long-term strategy to harness the advanced cloud capabilities. This approach, however, has some downsides. One of these disadvantages is that you can miss out on the benefits because lifting and shifting require bare minimum changes.

2. Replatforming

Unlike re-hosting, re-platforming involves making some adjustments that optimize the cloud. The core architecture in this strategy, however, remains the same. This is a good strategy for conservative organizations that require building trust in the cloud while at the same time achieving benefits such as increased performance. It is also called move-and-improve because it involves moving the stack and making some updates to the application. An example is introducing scaling or automation without overhauling the whole thing. This strategy is a superior option to re-hosting.

3. Repurchasing

This strategy involves moving applications to a new cloud-native product. In most cases, it entails moving applications to a SaaS platform, such as moving a CRM to Salesforce. The challenge that this approach has is losing the familiarity of the existing code and the need to train the team on the new platform. Even though it entails the movement of applications to a new cloud, it can be cost-effective in the end if you are moving from a highly customized legacy system.

4. Refactoring

Also called rearchitecting, this strategy means rebuilding applications from scratch. This strategy is often used when there is a need for a business to leverage cloud capabilities that are not available in the current environment. It is an expensive option but is also compatible with future versions. This approach requires an investment in skills development and time, but its benefits after proper application are unique.

5. Retiring

Retiring involves turning applications off after they are no longer needed. This is done after assessing the portfolio of applications for cloud readiness, after which the applications that are no longer needed are turned off. This is often done to cut costs and boost the case for the need to migrate applications.

6. Retaining

For some organizations, adopting the cloud makes no sense. This is mostly due to compliance challenges that force them to keep data on-premises. Another reason can be a lack of preparedness to prioritize an app that was recently upgraded. In such instances, the existing storage can be retained and cloud computing revisited at a later date. Migration is only good if it makes sense to your organization.

At a basic level, migrating to the cloud has various advantages. Some of the key reasons you might benefit from include decreased hosting costs, agility, improved disaster recovery, and decreased footprint. Regardless of the benefits, you are looking to attain, implement the right cloud adoption strategy that suits you.

COVID-19 has changed how we do business and the way consumers approach the market. The burden is increasingly on business leaders to adjust to the demands of the market and consumer behavior. How? Besides embracing cloud computing, it’s important to question whether things are actually working - if your tools and processes align with delivering for the customer.

Be an Iconoclast

Technology is only one component of business growth. Attitude is everything. We need to keep leveling up our value to the customer by enhancing how we deliver brand values. We do this by continually seeking to improve the organization. This involves assessing what’s actually working, what tech is effective, or at least what can improve key processes.

COVID-19, more than any other event, forced us to question how we work. It’s made us re-evaluate the framework for success, and how we accomplish our goals. Success during the pandemic required leaders to adopt an iconoclast mindset to adapt and succeed. Despite COVID-19 causing standstills and even drops in sales or activity in some industries, business kept moving.

Organizations pivoted their strategies and harnessed the could to remain active and even prosper during the pandemic. They were iconoclasts because they had to break traditions and even alter the way they functioned or were supposed to run their business. An iconoclast is an individual who challenges the prescribed way of doing things, designs a better way, and executes a plan for change. When it comes to harnessing the best technology to speedtrack your growth past COVID-19, these are critical steps.

Question Your Tech

Are your current tools really doing what you need them to do? Or are you struggling to manage too many apps?  Is your automation sufficient or is your team struggling to make deadlines and must reconcile data more than interact with customers? These are all essential questions to ask about your IT tools. Assess what’s working, what isn’t, and what you need. This is how you can begin to fill the technology gap. This is done by using reliable technology and a tailored approach to fulfill business objectives. You can’t just look for an immediate fix, but an investment for your future. Adaptability is the way of the future, so this must be a core staple in your IT.

Define Your Digital Workplace

The idea of ‘an app for that’ just doesn’t cut it anymore - despite it being a long-standing accepted idea. There are too many! Lack of flexibility and customization features will inhibit your ability to adapt to changes and new business goals. Consider how technology will scale and enable you to build on top of it as you pivot and grow.

This is why IT platforms are a stronger investment than one-off applications. IT platforms provide high-level flexibility and a host of other interconnected solutions equipped to work together to consolidate data and increase efficiency. This also eliminates the problems and costs of IT integration. Quality over quantity, remains a strong virtue in the iconoclast mindset.

Define and Execute Your Solution

Cloud computing technology on its own is not the answer. Business leaders must take ownership of said technology and use it to create their own solutions. Being an iconoclast doesn’t just mean questioning how things are working or whether they’re working. You must engineer your own means of success. When it comes to business tools, prioritize flexibility, consolidation, and scalability. If the tech is sufficient with these, you can pivot and adjust however you need.

Tony Zorc is an Iconoclast, Founder and CEO of Accounting Seed, technology entrepreneur, ForbesBooks author, and CPA for 20+ years. He embodies iconoclasm, the idea of challenging the prescribed way of doing things and coming up with a better, more innovative solution. Accounting Seed – the world’s first accounting platform – is disrupting the cloud accounting industry and has over one thousand customers and fourteen thousand users, and has sustained double digit growth for over ten consecutive years. A father, leader, person of faith, and avid CrossFitter, Tony brings a rare mix of personal and professional experience to the table and seeks to inspire other leaders to create innovation in places where innovation is scarce. Tony has a degree in accounting from Hope College. His new book, Iconoclasm: A Survival Guide in the Post-Pandemic Economy, is available on Amazon, and through all major booksellers.

You can connect with Tony via TonyZorc.com, or on Instagram, Facebook, LinkedIn and Twitter.

As the internet of things (IoT) and smart home devices become increasingly popular, the number of security issues and attacks on IoT devices are also on the rise. Over the recent years, there are many incidences involving consumer IoT devices that have seen malicious actors gaining access to home networks by taking advantage of vulnerabilities in devices. According to analysts, IoT devices will be over 20 billion by 2025. That is an awful lot of devices. This means that these devices will be everywhere around us. With this large number of devices, the security incidences will be high. Here are a few tips that will help you keep your IoT connections safe.

• Be careful of on devices you buy

Although smart devices are helpful, they collect large amounts of personal data. Before purchasing any smart device, learn many things about the device, including what type of data it collects, how the data is stored and protected, and who it is shared with. Also, understand what it will be used for and if it is shared with a third party or parties. In short, do thorough research before buying devices to see the protections you have and possible data breaches.

• Understand your data and apply protection measures

According to Zscaler, 91.5% of transactional data from IoT devices is plaintext. This means it is easy for hackers to intercept, read and manipulate data and send it back without you even noticing it. As such, you must protect the physical devices that collect, store, and process data and protect data at rest, in transit, or in use across the IoT ecosystem. The parties involved in the value chain must ensure data is safe and cannot be manipulated to avoid the possibility of being hacked. The process involves understanding the data, encrypting it, and tracking and tracing data to protect networks and identify changes.

• Ensure you have the latest firmware

Firmware updates are an important aspect of the security of any system. For the IoT devices, make sure you have the latest security patches to reduce the chances of attackers breaching the systems successfully. Keep your firmware fully updated by making sure you are aware of new updates and updating it as soon as possible. Updates will fix vulnerabilities as they emerge. Therefore, IoT devices and your home routers need to be regularly updated. Wherever possible, automate updates or set a schedule such as every three months or so.

• Take a holistic security approach

To secure IoT solutions, companies must have a holistic approach to security which entails the technologies, people, and processes. Begin by considering some key approaches, including end-to-end ecosystem security and aligning the organization to IoT security. The security must be managed from device to end-user service (horizontally) or hardware to applications (vertically). Also, the IoT ecosystem, which is made up of manufacturers, app developers, network service providers, and end-users, must be adequately managed and involved in securing IoT devices.

• Avoid device defaults

Just like the routers and other devices, do not use a device with its default settings. Hackers know these defaults and easily access your devices if it is not reconfigured with strong security measures. The default settings in IoT devices and networks make you a soft target for malicious individuals. Therefore, change the defaults as soon as you purchase a smart device to reduce the risk.

To sum it up, if you are dealing with sensitive data, you might need to take more stringent measures. Have a look at the IoT devices you are considering, the security protocols they support, and the ease of securing them. One thing that you should keep in mind is that you should never assume that you are safe.

Using the cloud to analyze big data could slow down the process, reports Forbes.

In my last post I described a big problem related to data in the pandemic. According to an IBM global survey of information executives, the Covid pandemic, like previous business crises, put pressure on IT organizations to deliver business information quickly.

Read the article Forbes

As companies jump to the cloud it is putting a strain on existing cybersecurity teams, reports Dark Reading. 

Managing security for cloud-based software-as-a-service (SaaS) applications or for your own applications in the cloud is placing different, more complex demands on cybersecurity teams. 

Read the article Dark Reading

According to InfoSecurity, there are several best practices for keeping your cloud secure. 

Today, the cloud is no longer a choice for businesses but an essential way to reduce costs, ensuring availability and no downtime factors are all in one package. Cyber-criminals eye those data highways, whether it's cloud computing, APIs, mobile, you name it; hacks are happening left, right and center!

Read the article InfoSecurity

Blockchain may soon be coming to the cloud, reports Yahoo Finance. 

Cloud computing and blockchain industries may very well have one property in common; both are growing rapidly while having the potential to revolutionize their respective fields

Read the article Yahoo Finance

The big cloud providers all want your business and are constantly rolling out new offerings designed to attract and retain customers. In this article, we are going to look at some of the flagship products and services available from the largest public cloud vendors ranked by revenue in mid-2021 as determined by Statista. 

Microsoft Azure

Azure is the leading cloud vendor based on revenue and offers a wide variety of products and services addressing the needs of small, medium, and large businesses. The company has capitalized on the installed Windows operating system customer base and prioritizes integration with legacy systems.  

The combination of legacy support and cutting-edge tech logic make Azure a viable choice for enterprises migrating workloads to the cloud or operating hybrid environments. Cloud-managed instances of the popular SQL Server relational database provide just one example of the specific solutions available from Azure.

Amazon Web Services (AWS)

Amazon may lack the enterprise relationship onramp enjoyed by Azure but makes up for it with its constant innovation and quality of its products and services. Some of its distinctive offerings include its analytics and data lakes, machine learning, and extensive storage options for everything from disaster recovery to long-term archiving.  

Amazon offers free trials of many solutions such as Amazon Lightsail, used to launch and manage virtual private servers, Amazon EC2, providing virtual cloud servers, and SageMaker, to build and train machine learning models. AWS is also the only major cloud provider to offer macOS virtual server support. 

IBM Cloud

The offerings of the IBM cloud are tailored to meet the needs of the company’s large and medium-sized enterprise clients. IBM concentrates on PaaS and IaaS solutions. Acquiring Red Hat in 2019 demonstrates a commitment to an open and hybrid approach to cloud infrastructure. 

IBM’s cloud offers extensive analytics, artificial intelligence, and machine learning solutions that make use of the company’s Watson supercomputer.  As hybrid environments continue to propagate throughout the IT world, IBM’s migration and management tools provide customers with a viable path when moving from on-premises data centers to the cloud.   

Salesforce

Some readers may be surprised at Salesforce’s inclusion in the top cloud vendors, but the company’s array of SaaS solutions is impressive. From its beginnings as primarily a customer relationship management (CRM) solution, Salesforce has expanded its offerings to encompass many cloud-based enterprise software solutions.  

Its Slack-first Customer 360 combines sales, service, marketing, commerce, IT, and analytics solutions to provide small and large businesses with an innovative way to work while employing digital workflows. Salesforce concentrates on SaaS offerings and is not the right cloud vendor if you are looking for cloud storage or infrastructure solutions.  

Google Cloud Platform

Google’s cloud strategy strongly supports cloud-native solutions based on open source and open systems. This makes it attractive to companies looking to add specific capabilities to multi-cloud environments. Google offers machine learning support with vision, speech, and natural language APIs. Google’s advanced technical capabilities make it a viable choice for solutions in the field of data analytics, AI, and machine learning. 

This is just a sampling of the incredible diversity of cloud offerings available to customers in 2021. Virtually any organization can find a solution that helps them meet their business objectives. It’s just a matter of selecting the right cloud.

According to the Register, Microsoft testified to a House Committee that it receives numerous secrecy orders per day.

The US House Committee on the Judiciary met on Wednesday to hear testimony on the government's practice of secretly subpoenaing cloud service providers, and Microsoft was happy to oblige.

Read the article on The Register

Organizations that choose to take advantage of public cloud services often find themselves with their resources spread amongst multiple vendors. This situation can arise for several reasons including:

• The evolution of enterprise workloads and the search for the most cost-effective solutions;
• Sprawl resulting from the ease with which departments can migrate systems;
• New offerings not available from current vendors;
• Simply being dissatisfied with a service or vendor and riding out the length of the contract.

Regardless of the underlying factors that led to a multi-vendor cloud environment, its management presents decision-makers and technical support staff with additional layers of complexity. Adopting a set of best practices will help organizations successfully implement a hybrid and multi-vendor computing environment. 

The following best practices will assist in the successful management of a multi-cloud environment.

• Use hybrid cloud management tools - Make use of hybrid cloud management tools to address multi-cloud environments. These tools can provide features such as self-service functionality for end users, service aggregation, deployment orchestration, and cost management. 

• Optimize costs across vendors - Companies should regularly review the comparative costs of their various vendors and be willing to migrate if a move is dictated by the economics. Cloud service brokers may be able to evaluate resources and suggest ways to optimize spending. 

• Focus on disaster recovery and reliability - Recovering a diverse multi-cloud environment in a disaster scenario demands a well-planned and documented strategy. Leveraging cloud vendors may be possible by backing up resources from one to the other. 

• Prioritize security and compliance - Ensuring data security and compliance is more challenging in multi-cloud implementations. Identity and access management (IAM) tools are necessary to ensure only authorized users can get to data resources. Customer and vendor roles regarding maintaining regulatory requirements need to be fully understood to avoid gaps and failed audits.  

Concentrating on these four areas will help organizations manage their multi-cloud environments.  

Using the Right Tools Matters

Commercial and open source software tools are available to assist in the management of multi-cloud environments. These applications focus on big picture items that affect the entire cloud infrastructure and help decision-makers identify the right solution from among the alternatives and keep the complex environment running smoothly. 

Morpheus is a commercial product providing integration and automation functionality across multiple clouds and on-premises environments. It is designed to facilitate compliance, cost optimization, and application modernization.  

OpenStack is an open source solution that offers a set of software components providing common services for cloud infrastructures. It enables large pools of cloud resources to be managed centrally through dashboards or APIs. 

On a more granular scale, dedicated tools can help minimize the strain on technical support teams when systems are spread across multiple on-premises and cloud platforms. A case in point is an application like Idera’s SQL Diagnostic Manager for SQL Server. It employs a unified interface from which to monitor SQL Server performance on physical and virtual machines located on-premises or housed with major cloud vendors. 

The potential benefits of multi-cloud environments can outweigh the challenges of dealing with their complexity. Following some basic best practices and deploying the right tools will enable organizations to take advantage of the offerings of multiple cloud vendors without incurring any undue risks. 

Taking advantage of the benefits of cloud computing is not restricted to organizations operating in the private sector. In the United States, local, state, and federal governments make extensive use of public cloud resources. As is customary for all types of government contracts, some assessments and approvals must be obtained before the offerings of a cloud service provider (CSP) can be used by specific agencies. Government contracts can be very lucrative and service providers who want a piece of the business need to demonstrate that their products meet all requirements surrounding security and functionality.

All CSPs that wish to do business with the U.S. federal government need to be assessed and approved by the Federal Risk and Authorization Management Program (FedRAMP). The program’s goal is to protect the data of U.S. citizens when it is in the cloud and is the most rigorous security framework in use by the government. 

FedRAMP was created to address the problem of different and potentially conflicting requirements for each agency working with cloud providers. FedRAMP provides standard security baselines and processes that simplify the process of obtaining cloud services for both providers and government agencies. Once a CSP achieves FedRAMP approval for an offering, it is listed in the FedRAMP Marketplace to gain visibility across the government.

Navigating the FedRAMP Authorization Process

CSPs that want authorization to provide services to federal agencies need to follow a process comprised of three complementary phases.

In the pre-authorization phase, CSPs should complete FedRAMP training which includes modules that define the baseline security plan. Education can be accessed via online courses, webinars, or in-person training events. A request from the CSP will result in a consultation with government subject matter experts set up by the FedRAMP Program Management Office (PMO). To successfully get through this phase of the authorization process, a CSP needs to: 

• Document agency interest in their offering and establish partnerships with agency customers.
• Establish a partnership with an approved third-party assessment organization. 
• Ensure that the service implements the required security controls.

During authorization, a CSP is responsible for developing a package that includes the completion of the System Security Plan. The plan is then assessed by the third-party assessment organization and findings are presented to the CSP for remediation. When all risks have been successfully addressed, the CSP attains authorization and status as a FedRAMP authorized vendor.

In the post-authorization phase of the process, the CSP is required to provide monthly monitoring deliverables to the agency using its service. Failure to provide these documents can result in the service losing its authorization.

The purpose of FedRAMP is to eliminate any confusion regarding the ability of individual agencies to use cloud services. By publishing authorized services on the FedRAMP Marketplace, the authorization process only needs to be done once for each offering. Once approved, it can be used with confidence by any federal agency that wants to use the service. 

This appears to be an example of government working efficiently by reducing the duplicate work that would ensue from individual agencies or departments authorizing CSPs. In a subsequent post, we will take a closer look at the FedRAMP Marketplace and the agencies that use its authorized services.