Fair Play: Gefängnisinseln sind auch keine Lösung
Natasha Miller beschäftigt sich bei Blizzard mit toxischen Spielern – und erklärt, wie der Umgang in der Community verbessert werden kann. (GDC 22, Blizzard)
Quelle: Golem
Internationale Raumstation: Matthias Maurers erster Weltraumspaziergang
Der deutsche Esa-Astronaut Matthias Maurer verlässt die ISS für seinen ersten Spacewalk. Am Mittag des 23. März steigt er hinaus ins Weltall. (ISS, ESA)
Quelle: Golem
Anzeige: Wie IoT-Lösungen Elektromobilität nachhaltiger machen können
Ein Helfer für alle Szenarien: Das aCar des Münchner Unternehmens EVUM Motors überzeugt durch Emissionsfreiheit und Flexibilität. Warum die Vernetzung der Flotte über das IoT von Vodafone Business dabei ein wichtiges Puzzleteil ist, erfährst du hier. (Vodafone)
Quelle: Golem
Streaming: Dazn sperrt Konten und begrenzt auf vier Geräte
Dazn geht derzeit gegen Kunden vor, die ihre Kontodaten mit anderen Personen geteilt haben sollen. (Dazn, Streaming)
Quelle: Golem
Introducing our new cohort of startups for the 2022 Google Cloud Accelerator Canada
In January, we put a call-out to startups across the country to participate in our second Google Cloud Accelerator Canada cohort. Looking at the incredible response to our inaugural program last year, it’s clear that Canadian organizations across every sector, from healthcare and education, to retail, manufacturing and public services, are leaning in on cloud technology to drive growth and innovation. Today, we’re pleased to announce a new class of groundbreaking startups for the Google Cloud Accelerator Canada. This 10-week virtual accelerator brings the best of Google’s programs, products, people and technology to startups doing interesting work in the cloud. We’re excited to offer these startups cloud mentorship and technical project support, along with deep dives and workshops on product design, customer acquisition and leadership development for cloud startup founders and leaders. We received so many great applications for this program and want to welcome the eleven startups that make up the 2022 Google Cloud Accelerator Canada class: Ad Auris (Vancouver, BC): An end-to-end audio creation platform. Used by digital publications to convert their written work into great-sounding audio, instantly.Booxi (Montreal, QC): Booxi is an appointment scheduling software designed for retailers. Their mission is to Make Commerce More Human and help retailers offer a personalized experience to every customer.Cadence (Saskatoon, SK): Cadence is a digital executor assistant, supported by Certified Executor Advisors. Their web app automates Estate Settlement tasks.f8th (Toronto, ON): f8th’s continuous authentication transparently and passively authenticates users and detects fraudsters in real-time without impacting the user experience.IRIS (Burlington, ON): IRIS is a smart cities infrastructure technology company. They help urban and rural communities extend the life of their public infrastructure.Origami XR (Toronto, ON): Origami is a spatial computing company that makes it easy to scan a physical environment using the LiDAR in your phone, and create a 3D digital twin that rivals output from professional scanning equipment.Pharmaguide (Richmond Hill, ON): PharmaGuide specializes in equipping healthcare providers with solutions to increase efficiency and improve patient outcomes. Through direct integrations with multiple health platforms, they can intelligently analyze data and flag patients that could benefit from treatment modifications.Schoolio (Toronto, ON): Schoolio OS aims to bridge teachers, parents and tutors into a single ecosystem, focusing on education transparency, inclusive curriculum and a holistic approach to success measurement.Shaddari Inc. (Montreal, QC): Shaddari Inc. is a precision medicine company that has developed an A.I. that can tell instantly whether a vaccine will be efficient against a new variant of a virus.SmartONE Solutions (Markham, ON): SmartONE creates smart communities, by connecting the smart homes in multi-family residential developments over a common network to transform community living.Tiggy (Vancouver, BC): Tiggy is a 15-minute grocery delivery service on a mission to forever change the way we buy everyday essentials.We heard from a few of the startups from our cohort about their aspirations for the program.”The Accelerator will help build all aspects of our company with growth and efficiency in mind,” said Krystian, CTO and Co-Founder of Cadence. “It’s an amazing opportunity to learn from Google’s leaders, with access to all of the Cloud Platform services that will allow us to build our product in a cost efficient, scalable and secure way.””We’re excited to access the best of Google’s programs, products, people and technology as we continue to scale globally,” said Emil Sylvester Ramos, co-Founder of IRIS. “In addition to Cloud mentorship and technical project support, we look forward to working with Google’s IoT and AI/ ML for the further development of our technology and to work with Google’s Smart Cities teams to help create safer, smarter and more resilient communities and infrastructure.””We are looking forward to building connections with many of Canada’s top startups to share ideas and continue to grow our own technical knowledge,” said Eugene Bisovka, Co-Founder, Tiggy Delivery Corp. “We’re also excited to try Google technologies that we haven’t used yet for improving our own order batching algorithm.”It’s an exciting opportunity to work with these founders and startup teams to help grow and scale their business. Programming for the Google Cloud Accelerator Canada begins April 11 and we can’t wait to get started.Related ArticleApplications are now open for the second Google Cloud Accelerator Canada CohortWe’re inviting Canadian cloud-native technology startups to apply for the second Google Cloud Accelerator Canada cohort.Read Article
Quelle: Google Cloud Platform
Federated workload identity at scale made easy with CA Service
At the end of 2021, we announced the ability for Google Cloud Certificate Authority (CA) Service to issue certificates for workloads reflecting their federated identities, even if the workloads are hosted on-premises or in other clouds. We are excited to announce this capability is now generally available, advancing our work to support customers’ implementation of zero trust strategies across all their IT environments. At the core of a zero trust approach to security is the idea that trust needs to be established via multiple mechanisms and continuously verified. A zero trust approach to end user access (such as Google’s BeyondCorp model or using our BeyondCorp Enterprise product offering) establishes trust in end-users by considering identities and context. A zero trust approach to protecting workloads on cloud-native infrastructure (such as Google’s BeyondProd model) creates trust between workloads by defining and enforcing access policies based on service identities, rather than the IP addresses of the host infrastructure.Users can create credentials for service identities using Certificate Authority Service, a highly available and scalable private certificate authority that can be used to issue workload credentials (in the form of certificates) reflecting the workload’s identity. The certificates issued by the service conform to standards (RFC 5280) so you can specify name constraints limiting which domain names the CA can issue certificates to (a capability currently in preview) or you can request custom extensions in the certificate (e.g., for your unique application semantics). The new federated identity feature means that even if you manage your workload identities in other clouds or in on-premises environments with Active Directory, you can now issue a certificate from CA Service reflecting their federated identity. As a result, by using these certificates, you can avoid manually configuring access policies using IP addresses. Further, using CA Service allows you to issue certificates at scale (with the principle of least privilege) saving significant time and resources while increasing security. Based on early feedback from customers, these savings are proving to be hugely valuable.Jonathan Perry, Managing Director, Consolidated Trade Ledger, at Goldman Sachs, recently spoke about his experience with this new capability and how Google Cloud continues to democratize security for users, saying: “At Goldman Sachs, the key principle for our zero trust strategy is homogeneity and CA Service is a super important piece of this strategy. The fact that we can use the same technology to talk to on-premises workloads and get point-to-point connectivity to Google Cloud services with zero trust principles is fantastic. Building CA Service on our own would have been difficult and would not have provided the same integration with all other cloud services, like GKE or Traffic Director, that we benefit from today.”At-scale certificate issuance for federated workload identities is extremely difficult to build and manage without a capability like CA Service, and shows the value that a managed cloud service provides when moving to a zero trust approach. Jonathan discusses this in more detail during a Google Cloud Security Talks presentation, which is available on-demand if you’d like to learn more about how Goldman Sachs is applying a zero trust approach to its identities and workloads on-premises.In addition to CA Service, another Google Cloud product that’s useful in implementing the BeyondProd approach is VPC Service Controls (VPC-SC). VPC-SC enables users to define and enforce a security perimeter around multi-tenant Google Cloud services such as BigQuery. With VPC-SC, you can define a service perimeter around a set of Google Cloud services (grouped together using projects) and define zero trust access policies (for instance, based on the identity of the caller) for all the services in a project. In the example below, there are three services (BigQuery, Cloud Storage, and Compute Engine) within the service perimeter. The perimeter provides an additional layer of protection on top of Google Cloud Identity & Access Management (IAM), which can be used to manage the identity of the workload. Access to resources outside the perimeter will be blocked, even if an attacker is using valid credentials. Moreover, the VPC-SC perimeter blocks any data flow from within the boundary to outside of the boundary, providing strong data exfiltration protection.CA Service can also be configured to run inside a VPC-SC service perimeter, further supporting zero trust principles by limiting certificate issuance to a set of service accounts coming from authenticated devices with certain attributes or limiting CA configuration to authorized networks and sets of managed devices.In a recent presentation called “Bringing BeyondProd to Life with Google Cloud,” Christian Gorke, Head of Cyber Center of Excellence, Big Data and Advanced Analytics, at Commerzbank AG, discussed how CA Service and VPC-SC are foundational capabilities for his organization to build their compliance as code framework, where every resource and access model is programmed and automated. He said: “As a financial institute in Europe, we are part of a strictly regulated environment. At the same time, we process confidential and personal data, for which we need to reduce the data exfiltration risk. Our goal is to minimize data movements outside of Commerzbank AG and between development, testing, and production environments, but even further, between organizations within Commerzbank AG itself. It is where VPC Service Controls come into play and provides us with a tool to control data flow even in the presence of insider threats – based on zero trust principles. Without a solution, we would need to invest a great deal of time and resources and still run into scalability issues. In addition, with Certificate Authority Service, we finally can minimize our certificate issuance tooling and leverage scalable security backed by HSM across all Google Cloud.”As customers look to build identity-based zero trust policies, VPC-SC and CA Service are two Google Cloud services that can help make implementing the BeyondProd principles a reality. Getting started with CA Service is easy; the product overview documentation is a great place to begin. If you’re interested in exploring the new feature to federate a third-party identity and obtain certificates, give it a try today and see for yourself how easily you can integrate certificates within your cloud-native applications.To learn more about Google’s BeyondProd approach, we encourage you to watch the “Applying Zero Trust Principles Beyond Access with BeyondProd” session on-demand. Be sure to also check out all of the other great sessions from the zero trust Security Talks event in December, as well as the threat detection and response sessions from our Security Talks event earlier this month!Related ArticleAnnouncing general availability of Google Cloud CA ServiceGoogle Cloud CAS provides a highly scalable and available private CA to address the unprecedented growth in certificates in the digital w…Read Article
Quelle: Google Cloud Platform
Azure confidential computing with NVIDIA GPUs for trustworthy AI
Many industries such as healthcare, finance, transport, and retail are going through a major AI-led disruption. The exponential growth of datasets has resulted in growing scrutiny of how data is exposed—both from a consumer data privacy and compliance perspective. For example, the use of AI in healthcare has grown rapidly, with hospitals and pharmaceutical companies using AI to improve diagnostics and improve drug discovery and development. In transport, the interaction between humans and vehicles is being re-imagined thanks to AI-powered autonomous driving. However, broader democratization of AI is limited by concerns regarding sharing and use of personal data.1 For example, banks are often unable to collaborate on tasks such as fraud and money laundering detection due to concerns regarding security and privacy of transaction data.
Professor Bryan Williams, Director of Research at University College of London Hospitals acknowledges this challenge; “UCLH and the NHS want to be at the forefront of using AI to transform healthcare. A major obstacle to testing AI algorithms with various partners has been concerned about ensuring the privacy of patient data. Technological solutions that enable the secure sharing of data while protecting patient privacy are a potential game-changer to accelerate the evaluation and adoption of AI in health care.”
In this context, confidential computing becomes an important tool to help organizations meet their privacy and security needs. Confidential computing technology encrypts data in memory and only processes it once the cloud environment is verified, helping protect data from cloud operators, malicious admins, and privileged software such as the hypervisor. It helps keep data protected throughout its lifecycle—in addition to existing solutions of protecting data at rest and in transit, data is now protected while in use.
Microsoft partners with NVIDIA to bring confidential GPUs on Azure
Today, we are excited to announce the next chapter in this journey through a strategic partnership between NVIDIA and Microsoft that brings confidential computing to state-of-the-art NVIDIA GPUs. This partnership is based on a shared vision to empower individuals and organizations to share and collaborate to derive new insights from data without sacrificing security, privacy, or performance. With confidential computing support in Ampere A100 GPUs combined with hardware-protected VMs, enterprises will be able to use sensitive datasets to train and deploy more accurate models without compromising security or performance.
With confidential GPUs, data is encrypted when it is transferred between the CPU and GPU over the PCIe bus with keys that are securely exchanged between NVIDIA’s device driver and the GPU. The only place where data is decrypted is within a hardware-protected, isolated environment within the GPU package where it can be processed to generate models or inference results. Much like other Azure confidential computing solutions, confidential GPUs support cryptographic attestation based on a unique GPU identity provisioned by NVIDIA during manufacturing. Using remote attestation, organizations can independently verify that their data is only processed within genuine and correctly configured confidential GPUs.
Private preview sign up for Azure confidential GPUs
Over the past year, we worked closely with NVIDIA to bring confidential GPUs into the Azure confidential computing ecosystem. Today we are excited to invite you to sign up for the private preview of Azure confidential GPU VMs. In the private preview, confidential GPUs will bring together the security of trusted launch with secure boot and vTPM coupled with up to four NVIDIA Ampere A100 GPUs. With confidential GPUs, you can set up a secure environment in the Azure cloud and run your machine learning workloads utilizing your favorite machine learning frameworks, and remotely verify that your VM boots with trusted code, the NVIDIA device driver for confidential GPUs, and that your data remains encrypted as it is transferred to and from the GPUs.
Confidential computing across industries
We are already partnering with several organizations to accelerate their journey towards confidentiality through confidential GPUs.
Bosch sees confidential computing as a key instrument to help protect data and meet compliance requirements. Dr. Sven Trieflinger, Senior Research Project Manager at Bosch, mentions, “With ever-decreasing cost and performance overheads, confidential computing techniques will be widely adopted in cloud workloads. The new level of security they offer will be instrumental in addressing challenges in the areas of legal compliance, IP protection, and customer trust”.
The impact of confidential computing extends to financial services too, where the Royal Bank of Canada (RBC) is already leveraging Azure confidential computing solutions to innovate. Eddy Ortiz, VP of Solution Acceleration and Innovation at RBC, says, “The confidential computing capabilities available in Azure have enabled us to unlock new business capabilities and materially advance existing product offerings by leveraging data in ways that only a few years ago was impossible. We’ve been able to craft novel applications which satisfy and exceed the Bank's most stringent cybersecurity demands. Through these technological advancements we are well-positioned to continue to offer unique and highly personalized experiences to our clients.”
At Microsoft, we remain committed to the vision of a confidential cloud, a cloud where organizations can share data and derive insights while reducing the need for trust across various aspects of the cloud infrastructure. Along with our hardware partners including NVIDIA, we will continue to innovate and advance AI trustworthiness through confidential computing.
Learn more
Sign up for the private preview of Azure confidential GPU VMs.
Learn more about Azure confidential computing.
References
1How to make AI trustworthy
Quelle: Azure
Accelerate graphics-heavy workloads using NVads A10 v5 Azure
Back in 2019 when Azure launched the first GPU-partitioned (GPU-P) virtual machine (VM) offerings in the public cloud, our customers loved it and asked for a similar offering on NVIDIA GPUs. Our customers wanted the flexibility to choose the GPU that meets the workload requirements and get the benefits of GPU-P, which enables cost-effective configurations based on the requirements. While our existing NVsv3 VMs with NVIDIA M60 GPUs worked well to run graphics-heavy visualization workloads, our customers had few specific requirements to make the experience better.
Flexible GPU sizes with partitioning on NVIDIA GPU.
A high-frequency AMD CPU part to improve the performance of applications that are optimized for a single CPU thread.
VMs with very high RAM to load large data sets for three-dimensional geological modeling applications like Schlumberger Petrel.
Announcing new NVads A10 v5 VM series based on AMD EPYCTM 74F3(V) processors and virtualized NVIDIA A10 Tensor Core GPU
Continuing with our promise to offer innovative solutions for our customers, we are very excited to announce that our latest NVads A10 v5 series is now available for preview. Azure was the first and the only public cloud provider to offer unprecedented GPU resourcing flexibility with GPU-partitioning and we are happy to now bring the same technology on NVIDIA A10 Tensor Core GPUs. Customers can select from VMs with one-sixth of an A10 GPU and scale all the way up to 2*A10 configuration. This offers cost-effective entry-level and low-intensity GPU workloads on NVIDIA GPUs, while still giving customers the option to scale up to powerful full-GPU and multi-GPU processing power.
Size
vCPU
Memory (GiB)
GPU Memory (GiB)
Azure Network (GBps)
Standard_NV6ads_A10_v5
6
55
4
5
Standard_NV12ads_A10_v5
12
110
8
10
Standard_NV18ads_A10_v5
18
220
12
20
Standard_NV36ads_A10_v5
36
440
24
40
Standard_NV36adms_A10_v5
36
880
24
80
0Standard_NV72ads_A10_v5
72
880
2*24
80
With our hardware-based GPU virtualization solution built on top of NVIDIA virtual GPU, NVIDIA RTX Virtual Workstation, and industry-standard SR-IOV technology, customers can securely run workloads on virtual GPUs with dedicated GPU frame buffer. The third-generation AMD EPYC CPUs with a boost clock speed of 4 GHz and a base of 3.2 GHz can provide the power you need to run any application. While simultaneous multithreading (SMT) is enabled by default on NVads A10 v5 series, Azure provides the flexibility to turn SMT OFF for applications that cannot take advantage of multiple threads.
Learn more
Customers can learn more about the NVadsA10 v5-series now and sign up for NVads A10 v5 access today. NVads A10 v5 VMs are initially available in the South Central US and West Europe Azure regions. NVads A10 v5 will be available in additional regions soon thereafter.
Quelle: Azure
AWS Chatbot kündigt Unterstützung für die Verwaltung von AWS-Ressourcen von Slack an (allgemeine Verfügbarkeit)
Wir freuen uns, heute die allgemeine Verfügbarkeit (GA) einer Funktion bekannt zu geben, die es AWS-Chatbot-Kunden ermöglicht, AWS-Ressourcen zu verwalten und Probleme in AWS-Workloads über ihre Slack-Kanäle zu beheben. AWS Chatbot-Kunden können dies tun, indem sie AWS CLI-Befehle und AWS System Manager Automation Runbooks von Slack-Kanälen ausführen. Bisher konnten AWS-Kunden AWS-Ressourcen nur überwachen und Diagnoseinformationen mit AWS Chatbot abrufen.
Quelle: aws.amazon.com
AWS RoboMaker unterstützt jetzt AWS PrivateLink
AWS RoboMaker hat die AWS PrivateLink-Unterstützung für Anwendungsprogrammierschnittstellen (APIs) eingeführt, um AWS RoboMaker-Ressourcen wie Simulationsaufträge, Roboteranwendungen und Simulationsanwendungen zu verwalten.
Quelle: aws.amazon.com
