Devices and zero trust

In a zero trust environment, every device has to earn trust in order to be granted access. When determining whether access should be granted, the security system relies on device metadata, such as what software is running or when the OS was last updated, and checks to see if the device meets that organization’s minimum bar for health. Think of it like your temperature: under 100 degrees and you are safe, but go over and you are now medically in fever territory, and you may not be allowed into certain venues.Zero Trust relies on WHO you are and WHAT you are using to determine accessIn this issue of GCP Comics we  focus on devices, and how they play into a Zero Trust environment.Device data can take many forms, and can come from many sources. We recommend collecting multiple types of data from multiple systems and using it to make well-informed decisions on which devices get access to your important systems.What are some of those data types?Operating system version: to help you limit access for older, unsupported releasesPatch date: to find out if there are unpatched vulnerabilities presentLast check-in date: to understand how long this machine has been ‘offline’Binaries installed: to see if there’s any known malware or dangerous executablesExecutables run recently: to see if anything fishy is still runningDisk encryption: to see if the device complies with data protection policiesLocation data: to restrict access to some tools to only specific cities, states, or countriesUser(s) logged in recently: to see if other people might be sharing this deviceAnd where can you gather the data? There are many sources, including:DNS serversDHCP serversLocal agentsMobile device management solutionsOS-specific management toolsFor more on this topic, check out the following resources:OSQuery – Open source endpoint visibilityEndpoint Verification – Google Cloud inventory managementBeyondCorp: Building a Healthy FleetBeyondCorp: Design to Deployment at GoogleWant more GCP Comics? Visit gcpcomics.com and be sure to follow us on Twitter at @pvergadia and @maxsaltonstall so you don’t miss the next issue!Related ArticleWhat is zero trust identity security?A zero trust network is one in which no person, device, or network enjoys inherent trust. All trust, which allows access to information, …Read Article
Quelle: Google Cloud Platform

Google and the National Science Foundation expand access to cloud resources

As part of our commitment to ensuring more equitable access to computing power and training resources, Google Cloud will contribute research credits and training to projects funded through a new initiative by the National Science Foundation (NSF) called the computer and information science and engineering Minority-Serving Institutions Research Expansion (CISE-MSI) program. This program seeks to support research capacity at MSIs by broadening funded research in a range of areas supported by the programs of NSF’s CISE directorate. The research areas include those covered by the following CISE programs:Algorithmic Foundations (AF) program (Program Webpage);Communications and Information Foundations (CIF) program (Program Webpage);Foundations of Emerging Technologies (FET) program (Program Webpage);Software and Hardware Foundations (SHF) program (Program Webpage);Computer and Network Systems Core (CNS Core) program (Program Webpage);Human-Centered Computing (HCC) program (Program Webpage);Information Integration and Informatics (III) program (Program Webpage);Robust Intelligence (RI) program (Program Webpage);OAC Core Research (OAC Core) program (Program Webpage);Cyber-Physical Systems (CPS) (Program Webpage);Secure and Trustworthy Cyberspace (SaTC) (Program Webpage);Smart and Connected Communities (S&CC) (Program Webpage); andSmart and Connected Health (SCH) (Program Webpage).For this program, CISE has started with a focus on MSIs, which include Historically Black Colleges and Universities, Hispanic-Serving Institutions, and Tribal Colleges and Universities. MSIs are central to inclusive excellence: they foster innovation, cultivate current and future undergraduate and graduate computer and information science and engineering talent, and bolster long-term U.S. competitiveness. This initial round of proposal applications are due by April 15.NSF funds research and education in most fields of science and engineering and accounts for about one-fourth of federal support to academic institutions for fundamental research. Since 2017, we’ve been proud to partner with the NSF to expand access to cloud resources and research opportunities. We provided $3 million in Google Cloud credits to the NSF’s BIGDATA grants program. We committed $5 million in funding to support the National AI Research Institute for Human-AI Interaction and Collaboration. We also have an ongoing commitment to facilitate cloud access for NSF-funded researchers as one of the cloud providers for the NSF’s CloudBank.Digging into the details: a Google/NSF Q&AFor more on this partnership, we spoke to Alice Kamens, strategic projects and program manager for higher education at Google, and Dr. Fay Cobb Payton, program director in the NSF’s CISE directorate, to explain why this new CISE-MSI funding initiative is so important.Can you explain what drove this new program?Payton: At NSF, we assessed our award portfolios and recognized that we could do better in terms of the number of minority-serving institutions engaged through the various research programs offered by the CISE directorate. In 2019 and 2020, we held a series of CISE-MSI workshops to talk to HBCU, HSI, and TCU faculty about how we could better support them. It was really community-driven rather than a top-down approach.Kamens: At the same time, we at Google were assessing our research funding initiatives and noticing the same under-representation of minority-serving institutions in our programs. We wanted to make sure our resources were reaching researchers and faculty at MSIs. That’s when we heard about the NSF’s forthcoming MSI-RE program and met with Fay to see how we could help expand the program’s capacity.Payton: On the basis of many conversations with my colleague, Deep Medhi, program director for the CloudBank project, and CISE leadership including Erwin Gianchandani, NSF’s deputy assistant director for CISE, as well as Gurdip Singh, division director for Computer and Network Systems, we decided to focus on building research capacity and research partnerships within and across MSIs. Building on existing CISE partnerships, we wanted to create pathways to expose and train future generations in core research.What are the main benefits for MSIs and researchers?Payton: We are offering about $7 million in funding to support researchers with a focus on specific CISE programs named above and in the CISE-MSI solicitation. This program encourages cross fertilization, either across institutional types and researchers, or across faculty who may not get a chance to engage because of their workloads at MSIs, particularly those with a heavy focus on teaching.Kamens: Google will provide Google Cloud credits for up to $100,000 per Principal Investigator (PI), as well as training worth $35,000 in live, instructor-led workshops. These matching credits expand the total award amount each PI can access, while the workshops cover the fundamentals of cloud technology, advanced skills, and curriculum and training to help faculty bring the cloud into their courses.What impact do you expect it will have now–and down the road?Payton: In the short term, a first cohort of about 10 to 15 proposals will be funded this year. In the longer term, we also want to foster increased engagement with researchers across their careers, beyond simply writing proposals and receiving grants. There’s a breadth of opportunities for science at NSF, such as CAREER awards, computing workshops, and review panel service. Establishing relationships with program directors really matter. Through a continued series of CISE “mini-labs,” we are working to better enable the relationship-building among MSI researchers and CISE program directors.Kamens:  At Google we often hear from researchers that the ability to use cloud computing to get an answer to a question in hours rather than days can fundamentally shift the way that they conduct research. Our goal is to accelerate time to discovery and cutting-edge research in academia. It’s critical to us that all researchers, regardless of institution type or size, have access to the resources they need, and can harness Google Cloud as they see fit to help accelerate their research. What’s around the next corner?Kamens: In the next few years I think the cloud will be a driver for so much that we do. From researchers and employees to teachers and students, we will all need to become fluent in the power of the cloud.Payton: This is just the beginning of our outreach. I’d like to think that this solicitation is version 1.0. We’ve already come up with ways to improve the next round!To learn more, visit the NSF’s Computer and Information Science and Engineering Minority-Serving Institutions Research Expansion program solicitation and apply by April 15th. Review NSF’s Dear Colleague Letter announcing this partnership. You can download aninformational webinar as well as proposal development workshops for applicants through the American Society for Engineering Education. To estimate cloud computing costs, consult the CloudBank resources page.Google Cloud has also expanded its global research credits program for qualifying projects in the following countries: Japan, Korea, Malaysia, Brazil, Mexico, Colombia, Chile, Argentina, and Singapore. To start or ramp up your own project, check out our application form.Disclaimer: The inclusion of NSF in this blog post is informative of a funding opportunity only. It is not intended to endorse the company, or its products or services.Related ArticleGoogle Cloud initiatives offer researchers critical support during the pandemicOur new initiatives offer crucial support to overburdened researchers in these difficult times.Read Article
Quelle: Google Cloud Platform

DockerCon LIVE 2021 Registration is Now Open

We’re excited to announce that registration for DockerCon LIVE 2021 is now officially open!

Taking place on Thursday, May 27th, the one day virtual event brings together all of the application development technology, skills, tools and people to help you build, share and run applications faster. And the best part? It’s FREE.  

Attendees will:

Learn about the latest Docker features and technology updatesSee live, on-demand technical demosTalk to a panel of experts and industry leaders who can help you build better apps Connect with peers and network with a thriving, vibrant community of developersShare experiences with other developers about creating leading edge cloud native applications for any cloud environmentAttend tutorials on how to get started with containers and how to use multiple languagesGet best practices tips and insights from innovative organizations that are building next generation applications with DockerHear about what’s new with tools and partner integrationParticipate in live sessions with Docker Captains

Be in on the Action

Our Call For Presentations is open until April 1st so there’s still time for you to submit a talk. If you have any questions about our CFP or the the conference in general, don’t hesitate to drop us a line in #dockercon2021 on our Community Slack.

We look forward to welcoming you in May for what promises to be our best DockerCon yet!  Register today.
The post DockerCon LIVE 2021 Registration is Now Open appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

AWS Elemental MediaTailor unterstützt jetzt erweiterte Debug-Protokolle und andere Verbesserungen *

AWS Elemental MediaTailor unterstützt jetzt erweiterte Debug-Protokolle, die wertvolle Informationen zur Fehlersuche bei Problemen mit Wiedergabesitzungen liefern. Wenn der Debug-Protokollmodus aktiviert ist, zeichnet MediaTailor alle Manifestanfragen und Antwort-Payloads in den CloudWatch-Protokollen für erweiterte Diagnoseinformationen auf. Erfahren Sie mehr aus unserem Blog.
Quelle: aws.amazon.com

Erstellen Sie Prognosesysteme schneller mit automatisierten Workflows und Benachrichtigungen in Amazon Forecast

Wir freuen uns, Ihnen mitteilen zu können, dass Sie jetzt Benachrichtigungen für Workflow-Statusänderungen aktivieren können, während Sie Amazon Forecast verwenden. So können Sie nahtlos arbeiten, ohne dass Sie immer wieder prüfen müssen, ob ein bestimmter Workflow abgeschlossen ist. Zusätzlich können Sie jetzt Arbeitsabläufe über die Benachrichtigungen automatisieren, um die Arbeitseffizienz zu erhöhen. Amazon Forecast verwendet Machine Learning (ML), um genaue Bedarfsprognosen zu generieren, ohne dass vorherige ML-Erfahrung erforderlich ist. Amazon Forecast stellt Entwicklern dieselbe Technologie, die bei Amazon.com verwendet wird, als vollständig verwalteten Service zur Verfügung, so dass Sie keine Ressourcen verwalten oder Ihre Systeme neu aufbauen müssen.
Quelle: aws.amazon.com

NICE DCV veröffentlicht Web-Client-SDK zur Erstellung kundenspezifischer Webanwendungen

Wir freuen uns, die Veröffentlichung der Version 1.0.0 des NICE DCV Web Client Software Development Kit (SDK) bekannt zu geben. NICE DCV ist ein hochleistungsfähiges Remote-Display-Protokoll, das Anwendern einen sicheren Zugriff auf Remote-Desktop- oder Anwendungssitzungen ermöglicht, einschließlich 3D-Grafikanwendungen, die auf Servern mit Hochleistungs-GPUs gehostet werden. Dieses JavaScript-SDK ist eine optionale Komponente, die es Entwicklern und unabhängigen Softwareanbietern (ISVs) ermöglicht, einen angepassten NICE-DCV-Web-Client in ihre Webanwendungen zu integrieren. Kunden können benutzerdefinierte DCV-Web-Clients erstellen, indem sie benutzerdefinierte Komponenten für die Benutzeroberfläche und die DCV-Kernfunktionen für das Streaming verwenden, die von diesem SDK bereitgestellt werden, und so einzigartige Erfahrungen liefern, die auf ihre eigenen Anwendungsfälle zugeschnitten sind.
Quelle: aws.amazon.com

Aktualisierter Klassenzimmer-Kurs: Advanced Architecting on AWS

Wir freuen uns, den Start des aktualisierten KursesAdvanced Architecting on AWS ankündigen zu können. Dieser von einem Trainer geleitete Kurs richtet sich an Cloud-Architekten, die ihr Basiswissen über AWS-Services erweitern möchten. Ein AWS-Experte vermittelt Ihnen fortgeschrittene Architekturthemen wie hybride Konnektivität und hybride AWS-Geräte, Netzwerke mit Schwerpunkt auf AWS Transit Gateway-Konnektivität, AWS Container-Services, Automatisierungstools für CI/CD, Sicherheitsoptionen und vieles mehr.
Quelle: aws.amazon.com

Jetzt können Sie AWS CloudTrail zum Protokollieren von API-Aktivitäten auf der Datenebene verwenden, um Aktivitäten auf Elementebene in Ihren Amazon DynamoDB-Tabellen zu überwachen, zu alarmieren und zu archivieren

Jetzt können Sie AWS CloudTrail zum Protokollieren von API-Aktivitäten auf der Datenebene verwenden, um Aktivitäten auf Elementebene in Ihren Amazon Amazon DynamoDBTabelle zu überwachen, zu alarmieren und zu archivieren. Sie können diese Informationen über Aktivitäten auf Elementebene als Teil eines Audits verwenden, um Compliance-Anforderungen zu erfüllen und zu überwachen, welche AWS-Identity-and-Access-Management-Benutzer (IAM), -Rollen und -Berechtigungen für den Zugriff auf Ihre Tabellendaten verwendet werden. 
Quelle: aws.amazon.com