InfoWorld

What is unified policy as code, and why do you need it?

InfoWorld - Thu, 04/08/2021 - 6:00am

Uptime.
Reliability.
Efficiency.

These used to be perks, elements of forward-thinking and premium-level enterprises. Now they’re a baseline expectation.

Today, consumers expect information, resources, and services to be available on-demand, updated in real time, and accessible without fuss. Imagine trying to Google something or place an order from Amazon only to be told, “Please try again in 48 hours. Sorry for the inconvenience.”

[ Also on InfoWorld: OPA: A general-purpose policy engine for cloud-native | Using OPA to safeguard Kubernetes | Using OPA for cloud-native app authorization | Using OPA for multicloud policy and process portability ]

These drivers have pushed enterprises to adopt the cloud and cloud-native architectures because the cloud facilitates uptime, reliability, and efficiency. In the containerized world, discrete components can be created, changed, and updated independently without affecting components. Now, if one part of the code crashes, it doesn’t bring down the rest of the code.

To read this article in full, please click here

Categories: InfoWorld

The cloud attack you didn’t see coming

InfoWorld - Tue, 03/30/2021 - 6:00am

You have to respect that ransomware attacks at least let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches.

However, a rising tide of cyberattacks is much more sneaky about things.

Called “stealth hacking,” these subtle attacks try to see your data and processes without alerting anyone that this is occurring. In the world of consumer computing, this may manifest as keystroke-monitoring malware that installs from a malicious download. The hacker hopes to remain undiscovered and gather as much data as possible until the jig is up, or perhaps never be discovered at all. 

[ Keep up with the latest developments in cloud computing. Subscribe to the InfoWorld All Things Cloud newsletter ]

The enterprise world is a bit scarier. The damage that a non-stealth hack can do is easy to define as to risk and cost. According to RiskIQ, in 2019, “Every minute, $2,900,000 is lost to cybercrime, and top companies pay $25 per minute due to cybersecurity breaches.” However, if you don’t know that you’re being monitored, the damages could be 10 times that of an instantaneous attack.

To read this article in full, please click here

Categories: InfoWorld

You could be hacked and not know it

InfoWorld - Tue, 03/30/2021 - 6:00am

You have to respect that ransomware attacks let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches.

However, a rising tide of cyberattacks is much more sneaky about things.

[ Get the latest news and insights on cloud computing. Subscribe to the InfoWorld All Things Cloud newsletter ]

Called “stealth hacking,” these subtle attacks try to see your data and processes without alerting anyone that this is occurring. In the world of consumer computing, this may manifest as keystroke-monitoring malware that installs from a malicious download. The hacker hopes to remain undiscovered and gather as much data as possible until the jig is up, or perhaps never be discovered at all. 

To read this article in full, please click here

Categories: InfoWorld

The pandemic-driven rush to cloud is compromising security

InfoWorld - Tue, 03/23/2021 - 6:00am

Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if they were still using traditional data centers. Seeing a hockey stick in revenue and enjoying the urgency to drive processes remotely and securely, cloud service providers had an unexpectedly successful year.

Core to this was a rush on public clouds and those who knew how to migrate and build cloud applications. Despite the fact that everyone was working out of their bedrooms, enterprise IT, consulting firms, and the cloud providers themselves were able to keep up with demand and accelerate the movement to the cloud, for the most part.

To read this article in full, please click here

Categories: InfoWorld

Authorization is the next big technical challenge

InfoWorld - Mon, 03/22/2021 - 6:00am

Want to deliver messaging or voice calls for customers? You’ve got Twilio. Need to process credit card payments? Stripe has you covered. Need to run machine learning models or spin up compute resources or transcribe a podcast or hundreds of other services? They’re just an API away through a cloud provider.

But want to grant or deny rights to users in your application? Good luck.

[ Also on InfoWorld: Programming jobs for losers and how to avoid them ]

Authorization (along with authentication) is one of the most foundational needs of developers when building their apps, but it’s still a colossal pain to deliver. As Randall Degges wrote in 2017, “[A]lmost every time I sit down to build the authentication and authorization piece of my websites, mobile apps, and API services, I get overwhelmed.” This is just as true in 2021, and not just for Degges.

To read this article in full, please click here

Categories: InfoWorld