The benefits of developing software in the cloud include increased flexibility and reliability, greater efficiency, and reduced costs. But cloud-based development also presents a host of challenges. Knowing what to watch out for is the first step to protecting your applications and development efforts. Here, are 10 pitfalls to consider before developing, testing, or deploying applications in the cloud. 10 reasons to think twice before developing in the cloud Performance and latency issues Cybersecurity and data protection threats Vendor lock-in Runaway costs Regulatory compliance require ..read more

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the right direction. However, it’s rarely discussed as a path to enhanced security. The links to cloud security Effective cloud finops requires a strong understanding of cloud usage patterns. What occurs during normal operations? By identifying and tracking cloud usage, finops teams can detect anomalies. They can also see most misconfigurations of cloud security and, thu ..read more

Most security issues in the cloud can be traced back to someone doing something stupid. Sorry to be that blunt, but I don’t see ingenious hackers out there. I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided. I always teach how your first line of defense is not cool security tools but training. This is often ignored, considering that budgets are directed at new tools rather than teaching admins how not to do dumb things. It is frustrating considering the investment needed versus the value gained. Oh well. To read thi ..read more

One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a risk of data exposure. In a multitenant environment, you can’t be certain that memory is freed up safely, so that your data isn’t leaking across the boundaries between your systems and others. That’s why businesses keep close watch on their regulatory compliance, and often keep sensitive data on premises. That allows them to feel sure that they’re managing pe ..read more

One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a risk of data exposure. In a multitenant environment, you can’t be certain that memory is freed up safely, so that your data isn’t leaking across the boundaries between your systems and others. That’s why businesses keep close watch on their regulatory compliance, and often keep sensitive data on premises. That allows them to feel sure that they’re managing pe ..read more

It’s been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. The question is, how far has security come since then? Do DevSecOps teams have the culture, practices, and tooling they need to release technology into production faster but also reliably and securely? The recently published SANS DevSecOps Survey shows significant traction. More organizations are looking to shift-left security to ensure that security is prominent in their development practices. Over 50% of respondents claimed they resolved crit ..read more

Cloud computing has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers, the reality is that a substantial amount of money, even “cloud” money, isn’t being spent with the big hyperscalers. Instead, it’s being plowed into other companies pitching Kubernetes and associated infrastructure. “Open and approachable” may define the future of the $500 billion cloud infrastructure market. To read this article in full, pl ..read more

It’s budget time for many enterprises, and the question that I get most this time of year is: What should we work on in 2024 to improve our cloud computing deployments? I came up with my top three, with the understanding that these are general concepts and you need to consider your own state of cloud within your enterprise. Let’s get started. Security and compliance always need a refresh As the volume and sensitivity of data being stored and processed in the cloud increase, security and compliance remain critical concerns. In 2024, this means evaluating and enhancing cloud security in both obv ..read more

Oracle is open-sourcing Jipher, a Java Cryptography Architecture (JCA) provider built for security and performance that has been used by the company’s cloud platform, the company said on November 7. Jipher was developed for environments with FIPS (Federal Information Processing Standards) 140 requirements. Oracle Cloud Infrastructure (OCI) has seen dramatic performance improvements with Jipher, according to Oracle. The technology will be offered via open source through the OpenJDK to support Project Panama-based Java applications. Project Panama is intended to develop interconnections between ..read more

Cloud has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers, the reality is that a substantial amount of money, even “cloud” money, isn’t being spent with the big hyperscalers. Instead, it’s being plowed into other companies pitching Kubernetes and associated infrastructure. “Open and approachable” may define the future of the $500 billion cloud infrastructure market. If you want to see the future of enterpris ..read more