Cloud Hosting

Network security has changed drastically in the last 10 years. Gone is the old perimeter-based defense model. The rapid expansion of cloud computing and the explosion of remote work that accompanied the COVID-19 pandemic have led to the adoption of two complementary but different models of network security: zero trust and secure access service edge (SASE).

Once upon a time, an organization's networks had a physical limit. When you got to the office and booted your PC, you were on the network. If you left the office, you could no longer reach the network.

Network security was correspondingly simple.

"All you needed was the edge perimeter firewall, and that was your network security because everything was just a flat network," says Julian Mihai, CISO at Penn Medicine in Philadelphia.

That started changing around 2000 with the deployment of enterprise VPNs and home broadband internet access. But even then, when a worker logged in from home using a VPN, the organizational network still had an "inside" and an "outside," and the VPN provided access to the "inside." Once "inside," a worker often had unrestricted access to most of the network.

That's not the case today. In the zero-trust and SASE models, the network is everywhere, almost every organization has assets in the cloud, and anyone or anything can join the network with the right credentials.

"You need to think of security holistically," says Aviv Abramovich, head of security services product management at Check Point. "Your network actually extends to the employee that sits at home in their slippers, reading their email on their bring-your-own-computer connected to their personal Wi-Fi router at home."

Two other factors affecting modern network security have been the proliferation of powerful, modern smartphones and the parallel development of "smart" TV sets, voice assistants and other appliances.

The ubiquity of smartphones means that tens of millions of pocket-sized, privately owned and managed personal computers join enterprise networks every workday. Network-security staffers must secure and sanitize inputs from these devices, a task made easier by zero-trust models that assume every device is potentially hostile.

The addition of a smart TV, smart refrigerator, or rogue embedded device to the workplace network (or even connecting remotely) creates another avenue of attack which can likewise be mitigated by zero trust.

The zero-trust model uses identity rather than location relative to the perimeter to grant access. More importantly, the zero-trust model does not give users free range through the network.

Instead, users must authenticate themselves when accessing new areas and resources, even if they have already logged in. The zero-trust model also works well for legacy, on-premises networks.

"The fact that I trusted you two minutes ago doesn't mean I trust you now," Abramovich says. "Maybe you, in those two minutes, managed to get malware on your laptop, or wherever you're accessing, and now I have to take that trust away."

Zero trust began to gain ground after 2010. Thats when Google implemented, then evangelized, its BeyondCorp zero-trust model and Forrester Research published a now-famous paper called "No More Chewy Centers: Introducing the Zero Trust Model of Information Security."

But zero trust in practice really took off in early 2020 when the COVID-19 pandemic suddenly created hundreds of millions of remote workers around the globe.

"[COVID] definitely accelerated something that already started before: the need to work from my phone, work from my computer, work from home, work from a cafe, work when I travel, and so on," says Abramovich.

A corollary to zero trust is the principle of least privilege, which states that no user should be granted more system permissions or privileges than necessary to carry out an assigned role.

"The reality is you're going to have a threat actor on a trusted asset on your network," says Mihai. "Without having the zero-trust approach, on the network, on the applications, you're not going to be able to contain that threat effectively."

Zero trust also resolves some of the issues associated with cloud computing, which removed assets and workloads from the safe cocoon of perimeter defenses. Because the zero-trust model is centered around identity rather than geography, it makes it easier to protect cloud assets that could physically be anywhere.

Secure access service edge (SASE) and its sibling, security service edge (SSE), are more specialized in their use cases than zero trust.

The best use case for SASE is a large organization with many offices spread across a wide area. Instead of trying to replicate a perimeter-based network with hard-wired or VPN connections between branch offices and the central headquarters, SASE creates a software-defined wide area network (SD-WAN) that can be governed from the cloud.

SASE extends network protections to regionally dispersed points of presence (POPs), to which users can connect locally instead of to a far-off data center. Because the network is cloud- and software-based, it doesnt need to "be" anywhere, which means it can also reach employees working at home.

To protect this virtual network, SASE employs a cloud-based firewall, aka a firewall-as-a-service (FWaaS) to enforce company network policies; a secure web gateway (SWG) to monitor user web traffic and block malware; and zero-trust network access (ZTNA), which applies zero-trust principles to all access requests.

Most SASE implementations include a cloud-access security broker (CASB) to monitor and control traffic to cloud applications and instances.

"There are customers that secured [their] cloud and they are not using SASE," says Abramovich. "SASE is more of an architecture where you have SD-WAN on the branch and firewall as a service in the cloud."

Some SASE and SSE setups add data-loss-prevention (DLP) systems, domain-name-system-layer (DNS-layer) security or intrusion-prevention or intrusion-detection systems (IPS/IDS). Alternatively, the FWaaS or SWG may provide some or all those protections.

SASE was first defined in a Gartner white paper in 2019. Two years later, Gartner acknowledged that many organizations without branch offices, or without any offices at all, had no use for SD-WAN. It came up with SSE, which preserves the FWaaS, SWG, CASB and PoP components of SASE and lets ZTNA handle the secure network connection.

Network security in the cloud requires "cloud-native" security tools that can follow each asset, each set of data and each user and create protections around them individually. This software, and its associated techniques, may not be familiar to security practitioners accustomed to on-premises networks.

In addition to CASB and ZTNA, these tools include cloud security-posture management (CSPM), a cloud workload protection platform (CWPP) and the more encompassing cloud-native application protection platform (CNAPP).

Naturally, licensing and implementing these cloud-native tools, and training your staff to run them, is expensive. Some organizations may need to expand their security staff to keep up with the expansion of their cloud assets.

However, the old ways also still apply, and you shouldn't throw out those legacy network-security tools just yet.

In a recent survey of 202 IT and security managers and decision-makers conducted by CyberRisk Alliance, 96% of respondents said their organizations had at least some workloads in the cloud.

But only 16% of respondents said that more than three-quarters of their workloads were cloud-based, meaning that almost all respondents were running networks that were hybrids of cloud and legacy elements. "The vast majority [of organizations] have traditional networks [that] are being augmented by cloud and other types of new technologies," says Abramovich. "Perimeter defense is still very relevant for all of those organizations."

Read more from the original source:
From the perimeter to SASE: The evolution of network security - SC Media

Oracle pledged to spend more than $1 billion in Spain over the next ten years, as it looks to keep pace with increased demand for AI and cloud computing services.

The investment plan includes funding for a third cloud region in Madrid to aid customers moving mission-critical workloads from their data centres toOracle Cloud Infrastructure.

It will also help financial services and industry customers address regulations such as the European Unions Digital Operational Resilience Act and European Outsourcing Guidelines.

Oracle will partner with Telefonica Espana on the planned cloud region.

Albert Triola, country leader, Oracle Spain, stated his company is reaffirming our commitment to helping Spanish organisations of all sizes and industries to accelerate their adoption of cloud technologies to boost business performance and resilience.

In May, Amazon Web Services announced it would spend 15.7 billion to expand its data centre footprint in Spain.

Link:
Oracle to invest over $1B in Spain fo... - Mobile World Live

New Lineup Features First-of-Its-Kind Turnkey, Private-Cloud AI Solution Including Sustainable Accelerated Computing with Full Lifecycle Services to Streamline Time to Value with AI

HPE Discover 2024Hewlett Packard Enterprise (NYSE: HPE) and NVIDIA today announcedNVIDIA AI Computing by HPE, a portfolio of co-developed AI solutions and joint go-to-market integrations that enable enterprises to accelerate adoption of generative AI.

Among the portfolios key offerings isHPE Private Cloud AI, a first-of-its-kind solution that provides the deepest integration to date of NVIDIA AI computing, networking and software with HPEs AI storage, compute and the HPE GreenLake cloud. The offering enables enterprises of every size to gain an energy-efficient, fast and flexible path for sustainably developing and deploying generative AI applications. Powered by the new OpsRamp AI copilot that helps IT operations improve workload and IT efficiency, HPE Private Cloud AI includes a self-service cloud experience with full lifecycle management and is available in four right-sized configurations to support a broad range of AI workloads and use cases.

All NVIDIA AI Computing by HPE offerings and services will be available through a joint go-to-market strategy that spans sales teams and channel partners, training and a global network of system integrators including Deloitte, HCLTech, Infosys, TCS and Wipro that can help enterprises across a variety of industries run complex AI workloads.

Announced during the HPE Discover keynote by HPE President and CEO Antonio Neri, who was joined by NVIDIA founder and CEO Jensen Huang, NVIDIA AI Computing by HPE marks the expansion of a decades-long partnership and reflects the substantial commitment of time and resources from each company.

Generative AI holds immense potential for enterprise transformation, but the complexities of fragmented AI technology contain too many risks and barriers that hamper large-scale enterprise adoption and can jeopardize a companys most valuable asset its proprietary data, said Neri. To unleash the immense potential of generative AI in the enterprise, HPE and NVIDIA co-developed a turnkey private cloud for AI that will enable enterprises to focus their resources on developing new AI use cases that can boost productivity and unlock new revenue streams.

Generative AI and accelerated computing are fueling a fundamental transformation as every industry races to join the industrial revolution, said Huang. Never before have NVIDIA and HPE integrated our technologies so deeply combining the entire NVIDIA AI computing stack along with HPEs private cloud technology to equip enterprise clients and AI professionals with the most advanced computing infrastructure and services to expand the frontier of AI.

HPE and NVIDIA co-developed Private Cloud AI portfolio

HPE Private Cloud AI delivers a unique, cloud-based experience to accelerate innovation and return on investment while managing enterprise risk from AI. The solution offers:

Support for inference, fine-tuning and RAG AI workloads that utilize proprietary data.

Enterprise control for data privacy, security, transparency and governance requirements.

Cloud experience with ITOps and AIOps capabilities to increase productivity.

Fast path to consume flexibly to meet future AI opportunities and growth.

Curated AI and data software stack in HPE Private Cloud AI

The foundation of the AI and data software stack starts with theNVIDIA AI Enterprise software platform, which includesNVIDIA NIM inference microservices.

NVIDIA AI Enterprise accelerates data science pipelines and streamlines development and deployment of production-grade copilots and other GenAI applications. Included with NVIDIA AI Enterprise, NVIDIA NIM delivers easy-to-use microservices for optimized AI model inferencing offering a smooth transition from prototype to secure deployment of AI models in a variety of use cases.

Complementing NVIDIA AI Enterprise and NVIDIA NIM, HPE AI Essentials software delivers a ready to run set of curated AI and data foundation tools with a unified control plane that provide adaptable solutions, ongoing enterprise support and trusted AI services, such as data and model compliance and extensible features that ensure AI pipelines are in compliance, explainable and reproducible throughout the AI lifecycle.

To deliver optimal performance for the AI and data software stack, HPE Private Cloud AI delivers a fully integrated AI infrastructure stack that includesNVIDIA Spectrum-X Ethernet networking, HPE GreenLake for File Storage and HPE ProLiant servers with support forNVIDIA L40S,NVIDIA H100 NVL Tensor Core GPUs and theNVIDIA GH200 NVL2 platform.

Cloud experience enabled by HPE GreenLake cloud

HPE Private Cloud AI offers a self-service cloud experience enabled by HPE GreenLake cloud. Through a single, platform-based control plane, HPE Greenlake cloud services provide manageability and observability to automate, orchestrate and manage endpoints, workloads and data across hybrid environments. This includes sustainability metrics for workloads and endpoints.

HPE GreenLake cloud and OpsRamp AI infrastructure observability and copilot assistant

OpsRamp's IT operations are integrated with HPE GreenLake cloud to deliver observability and AIOps to all HPE products and services. OpsRamp now provides observability for the end-to-end NVIDIA accelerated computing stack, including NVIDIA NIM and AI software, NVIDIA Tensor Core GPUs and AI clusters as well as NVIDIA Quantum InfiniBand and NVIDIA Spectrum Ethernet switches. IT administrators can gain insights to identify anomalies and monitor their AI infrastructure and workloads across hybrid, multi-cloud environments.

The new OpsRamp operations copilot utilizes NVIDIAs accelerated computing platform to analyze large datasets for insights with a conversational assistant, boosting productivity for operations management. OpsRamp will also integrate with CrowdStrike APIs so customers can see a unified service map view of endpoint security across their entire infrastructure and applications.

Accelerate time to value with AI expanded collaboration with global system integrators

To advance the time to value for enterprises to develop industry-focused AI solutions and use cases with clear business benefits,Deloitte, HCLTech, Infosys, TCS and Wipro announced their support of the NVIDIA AI Computing by HPE portfolio and HPE Private Cloud AI as part of their strategic AI solutions and services.

HPE adds support for NVIDIAs latest GPUs, CPUs and Superchips

High-density file storage certified for NVIDIA DGX BasePOD and NVIDIA OVX systems

HPE GreenLake for File Storage has achieved NVIDIA DGX BasePOD certification and NVIDIA OVX storage validation, providing customers with a proven enterprise file storage solution for accelerating AI, GenAI and GPU-intensive workloads at scale. HPE will be a time-to-market partner on upcoming NVIDIA reference architecture storage certification programs.

Availability

Read this article:
Hewlett Packard Enterprise and NVIDIA Announce 'NVIDIA AI Computing by HPE' to Accelerate Generative AI ... - NVIDIA Blog

Amid the hoopla surrounding next months Prime Day, its worth remembering the marginal impact of that event on Amazons overall financial performance. Measured by bottom-line profit, Amazon in 2024 is mostly a cloud computing company.

Yet millions of merchants and consumers rely on Amazons marketplace. What follows is our analysis of the companys overall financial performance and its plans for shoppers, sellers, logistics, and more.

Assessing Amazons financials requires a bit of scrutiny. The company, famously opaque for what it discloses (and doesnt disclose), operates three components.

The first is physical and digital goods that it carries as inventory and sells directly to consumers either online or through its outlets such as Whole Foods Markets. Amazon calls this component Product sales.

Next is what the company calls Service sales. It consists of commissions from its massive marketplace and related fulfillment, shipping, and advertising revenue. Grouped into Service sales are Prime membership fees and, notably, fees to Amazon Web Services, its monster cloud-computing division.

For purposes of this article, however, AWS is a separate component given its size and profitability.

All told, the three components generated $143.3 billion in Q1 2024 revenue, a 13% increase from the first quarter a year earlier.

Operating income for Q1 2024 reached $15.3 billion, much higher than the $4.8 billion a year earlier.

Big-picture takeaways are this.

According to Marketplace Pulse, Amazon pockets more than 50% of marketplace seller revenue, up from 40% five years ago. A typical Amazon seller, per Marketplace Pulse, pays a 15% transaction fee, 20-35% in Fulfillment by Amazon fees, and up to 15% for advertising and promotions on Amazon. The total fees vary depending on the category, product price, size, weight, and the sellers business model.

Amazon delivers to Prime members faster than ever, with more than 2 billion global packages arriving the same or next day in the first quarter. In March, across the top 60 largest U.S. metro areas, nearly 60% of Prime member orders arrived the same or the next day, and in London, Tokyo, and Toronto, three out of four items were delivered the same or the next day.

Whole Foods and Amazon Fresh now offer a grocery subscription service with unlimited delivery on orders over $35. The program is available to Prime members in more than 3,500 U.S. cities, as well as customers using an Electronic Benefits Transfer card, i.e., those using government benefits.

Amazon continued rolling out Rufus, its generative artificial intelligence shopping assistant, to millions of U.S. customers. The bot, still in beta, can answer shopping-related questions, compare and recommend products, and more. Amazon said it improved Rufuss accuracy and response speed and added features, including My Orders, which answers questions such as when did I last order coffee? and what dog treats did I last order?

The company continues adding generative AI features for marketplace sellers. One new tool allows sellers to sync product listings from their own websites by providing a URL. The program parses the information from the websites to create high-quality, engaging listings on Amazon.

Amazon reported net income (operating income less taxes and extraordinary items) of nearly $37.7 billion for the 12 months ending March 31, up 778% from $4.3 billion a year earlier. Yet the company sees further improvements ahead.

In the April earnings call, CEO Andrew Jassy stated he doesnt believe that were at the end of what we can do in terms of improving our cost structure on the Stores side [i.e., Products sales]. Yes, I think there are really unbelievable growth opportunities in front of us, and on the Stores profitability.

He added, Were looking for ways to, again, turn over every rock, look at every process and everything that we do on the logistics side, and see how we can get our cost structure down and get speed and selection up. So, its working on a lot of fronts there, but cost is certainly front and center as we meet and improve customer experience.

Profits grew immensely over the year, but the companys operating margin percentages have not, which may be a driver of the cost concerns. Amazon reported a global net sales operating margin of 8% for the 12 months through March 31, compared to 2.5% a year earlier. That figure for North America totaled 5.2% through March and -0.1% a year earlier. The figures for international net sales improved to -0.4% from -6.6%.

In September 2023, the company introduced Supply Chain by Amazon, offering third-party logistics worldwide.

It really kind of, in some ways, mirrors some of the other businesses weve gotten involved in, AWS being an example of it, Jassy said on the call.

The service helps sellers get items across borders and through customs. It also ships items from customs to various facilities, including allowing sellers to store items in warehouses that they can automatically replenish into Amazons fulfillment centers or move elsewhere.

It turns out to be pretty hard work to actually import items from overseas, get them through customs and the border, and then ship them from that point to various facilities, Jassy said. We built that capability for ourselves first, and then we opened up those services as individual services to our sellers.

Supply Chain by Amazon is growing very significantly. Its already what I would consider a reasonable-sized business, Jassy said, adding that its still early for the low-capital program.

Here is the original post:
Amazon Mid-2024: Earnings, Overview - Practical Ecommerce