da Agency

Data Governance in the Cloud – part 2 – Tools

This is part 2 of the Data Governance blog series published in January. This blog focuses on technology to implement data governance in the cloud.Along with a corporate governance policy and a dedicated team of people, implementing a successful data governance program requires tooling. From securing data, retaining and reporting audits, enabling data discovery, tracking lineage, to automating monitoring and alerts, multiple technologies are integrated to manage data life cycle.Google cloud offers a comprehensive set of tools that enable organizations to manage their data securely, ensure governance, and drive data democratization. These tools fall into the following categories: Data SecurityData security encompasses securing data from the point data is generated, acquired, transmitted, stored in permanent storage, and retired at the end of its life. Multiple strategies supported by various tools are used to ensure data security, identify and fix vulnerabilities as data moves in the data pipeline.Google Cloud’s Security Command Center is a centralized vulnerability and threat reporting service. Security Command Center is a built-in security management tool for Google Cloud platform that helps organizations prevent, detect, and remediate vulnerabilities and threats. Security Command Center can identify security and compliance misconfigurations in your Google Cloud assets and provides actionable recommendations to resolve the issues.Data Encryption All data in Google cloud is encrypted by default, both in transit and rest. All VM to VM traffic, client connections to BigQuery, serverless Spark, Cloud Functions, and communication to all other services in Google cloud within a VPC as well as between peered VPCs is encrypted by default. In addition to default encryption which is provided out of the box, customers can also manage their own encryption keys in Cloud KMS. Client side encryption where customers keep full control of the encryption keys at all times is also available.Data Masking and TokenizationWhile data encryption ensures that data is stored and travels in an encrypted form, end users are still able to see the sensitive data when they query the database or read file. Several compliance regulations require de-identifying or tokenizing sensitive data. For example, GDPR recommends data pseudonymization to “reduce the risk on data subjects”. De-identified data reduces the organization’s obligations on data processing and usage. Tokenization, another data obfuscation method, provides the ability to do data processing tasks such as verifying credit card transactions, without knowing the real credit card number. Tokenization replaces the original value of the data with a unique token. The difference between tokenization and encryption is that data encrypted using keys can be deciphered using the same keys while tokens are mapped to original data in the tokenization server. Without access to the token server, data tokens prevent deciphering of the original value even if a bad actor gets access to the token.Google’s Cloud Data Loss Prevention (DLP) automatically detects, obfuscates and de-identifies sensitive information in your data using methods like data masking and tokenization. When building data pipelines or migrating data into the cloud, integrate Cloud DLP to automatically detect and de-identify or tokenize sensitive data and allow data scientists and users to build models and reports while minimizing risk of compliance violations.Fine Grained Access ControlBigQuery supports fine grained access control for your data in Google Cloud. BigQuery access control policies can be created to limit access at column and row level controls in BigQuery. The combination of column and row level access control combined with DLP allows you to create datasets that have a safe (masked or encrypted) version of the data and a clear version of the data. This promotes data democratization where the CDO can trust the guardrails of Google cloud to allow access correctly according to the user identity, accompanied by audit logs to ensure a system of record. Data can be shared across the organization to run analysis and build machine learning models while ensuring that sensitive data remains inaccessible to unauthorized users.Data Discovery, Classification and Data Sharing Ability to find data easily is crucial to enable an effective data driven organization. Data governance programs leverage data catalogs to create an enterprise repository of all metadata. These catalogs allow data stewards and data users to add custom metadata, create business glossaries, and allow data analysts and scientists to search for data to analyze across the organization. Certain data catalogs also offer users to request access within the catalog to data which can be approved or denied based on policies created by data stewards.Google cloud offers a fully managed and scalable Data Catalog to centralize metadata and support data discovery. Google’s data catalog will adhere to the same access controls the user has on the data (so users will not be able to search for data they cannot access). Further, Google’s Data Catalog is natively integrated into the GCP data fabric, without the need to manually register new datasets in the catalog – the same “search” technology that scours the web auto-indexes newly created data. In addition, Google partners with major data governance platforms e.g. Collibra, Informatica to provide unified support for your on-prem and multi-cloud data ecosystem.Data LineageData lineage allows tracing back the sources of the data, allowing data scientists to ensure their models are trained on carefully sourced data, allowing data engineers to build better dashboards from known data sources, and allows inheriting policies from data sources to derivatives (so if a sensitive data source is used to create an ML model, that ML model can be labeled sensitive as well).The ability to trace data to the source and keep a log of all changes made as the data progresses in the data pipeline provides a clear picture of the data landscape to the data owners. It makes it easier to identify data not tracked in data lineage and take corrective action to bring it under established governance and controls. When data is scattered across on-prem, cloud or multi cloud environments, a centralized lineage tracking platform gives a single view on where data originated and how data is moving across the organization. Tracking lineage is imperative to control costs, ensure compliance, reduce data duplication, and improve data quality.Google Cloud’s Data Fusion provides end to end data lineage to help governance and ensure compliance. A data lineage system for BigQuery can also be built using Cloud Audit logs, data catalog, PubSub, and Dataflow. The architecture of building such a lineage system is described here. Additionally, Google’s rich partner ecosystem includes market leaders providing data lineage capabilities for on-prem and hybrid clouds, e.g. Collibra. Open source systems, e.g. Apache Atlas can also be implemented to collect metadata and track lineage in Google Cloud.AuditingIt is important to keep all data access records for auditing purposes. Audits can be internal and external. Internal audits ensure that the organization is meeting all compliance criteria and take corrective action if needed. If an organization is operating in a regulated industry or keeping personal information, then keeping audit records is a compliance requirement.Google Cloud Audit Logs can be turned on to ensure compliance with audits in Google Cloud and answer “who did what, where, and when across Google Cloud services?”. Cloud Logging (formerly Stackdriver) aggregates all the log data from your infrastructure and applications in one place. Cloud logging automatically collects data from Google Cloud services and you can feed application logs using Cloud Logging agent, FluentD, or the Cloud logging API. Logs in Cloud logging can be forwarded to GCS for archival, to bigquery for analyses, and also streamed to Pub/Sub to share logs with external third party systems.Finally, Cloud Log Explorer allows you to easily retrieve, parse, and analyze logs and build dashboards to monitor logging data in real time.Data QualityBefore data can be embedded in the decision making process, organizations need to ensure data meets the established quality standards. These standards are created by data stewards for their data domains. Google Dataprep by Trifacta provides a friendly user interface to explore data and visualize data distribution. Business users can use Dataprep to quickly identify outliers, duplicates, and missing values before using data for analysis.GCP’s Dataplex enables Data Quality assessment through declarative rules that can be executed on Dataplex serverless infrastructure. Data owners can create rules to find duplicate records, ensure completeness, accuracy, and validity (e.g transaction date cannot be in future.) Data owners can schedule these checks using Dataplex’s scheduler or include them in a pipeline by using the APIs. Data quality metrics are stored in a BigQuery table and/or are made available in Cloud logging for further dashboarding and automation.Additionally, Google’s rich partner ecosystem includes leading data quality software providers, e.g. Informatica, and Collibra. Data quality tools are used to monitor on-prem, cloud, and multi cloud data pipelines to identify quality issues and quarantine or fix poor quality data.Analytics ExchangeOrganizations looking to democratize data, need a platform to easily share and exchange data analytics assets. The dashboard, report or a model that one team has built is often useful to other teams. In large organizations in the absence of an easy way to discover and share these assets, work is replicated leading to higher cost and lost time. Exchanging analytics assets enables teams to discover data issues improving reliability and data quality. Increasingly, organizations are also looking to exchange analytics assets with external partners. These can be used to negotiate better costs with vendors and even create a cash stream depending on the use cases.Analytics Hub enables organizations to securely share their analytics assets to share and subscribe their analytics assets. Analytics Hub is a critical tool for organizations looking to democratize data and embed data in all decision making across the organization. Compliance CertificationsBefore organizations can migrate data to the cloud, they need to ensure all compliance requirements have been met. An organization may be required to comply with these regulations because of the region they are operating in, e.g. need to comply with CCPA in California, GDPR in Europe, and LGPD in Brazil. Organizations are also subjected to regulations because of their specific industry, e.g. PCI DSS in banking, HIPAA in healthcare, or FedRAMP when working with the US federal government.Google cloud has over 100 plus compliance certifications that are specific to regions and industries. Google continues to add regulatory and compliance certifications to its portfolio. Dedicated compliance teams help customers ensure compliance as they migrate their data and onboard to Google cloud.ConclusionStart your data governance journey by exploring Dataplex: Google’s solution for centrally managing and governing data across your organization. As you look towards implementing data democratization, consider Analytics Hub to build a data analytics exchange to share your analytics assets easily. Security is built into every Google product and compliance certifications across the globe and industries ease data migrations to the cloud. If you have already started your cloud journey, ensure high quality data, secure access to sensitive data attributes by using native Google Cloud and partner products in GCP.Where to learn more: Google Data Governance leaders have captured best practices and Data Governance learnings in an O’Reilly publication: Data Governance, The Definitive GuideRelated ArticleData governance in the cloud – part 1 – People and processesThe role of data governance, why it’s important, and processes that need to be implemented to run an effective data governance programRead Article
Quelle: Google Cloud Platform

da Agency

Scaling cloud solutions to new heights with Microsoft’s partner ecosystem

Companies building cloud solutions (such as independent software vendors (ISVs), SaaS providers, app builders, and more)—have never been more important to the world today.

With the continued acceleration of digital transformation, every organization, small or large, in every industry across the globe, will require cloud infrastructure and services to power their business. As customers’ needs for cloud solutions exponentially increase, so do the opportunities for ISVs to connect with partners and customers across the Microsoft Cloud and the commercial marketplace. To help our ecosystem harness these opportunities, we are announcing:

Private offers with margin sharing to motivate 90,000-plus cloud partners: Now generally available, ISVs can use the private offer capability in the commercial marketplace to create and share margins to partners in the Cloud Solution Provider program—creating new sales channels instantly.
Increased agility with private offers for customers: With enhancements to private offers in the commercial marketplace, ISVs can now create a unique private offer per customer in less than 15 minutes. This helps ISVs unlock enterprise customers for seven-digit deals and sell directly to customers with a cloud consumption commitment (if the ISV solution is eligible for Azure IP co-sell).

For Microsoft, the commercial marketplace is the connector between ISVs and customers—it’s an engine dedicated to accelerating growth. By selling through the commercial marketplace, ISVs get instant access to global reach: 1 billion people that use Microsoft technology, 95 percent of Fortune 500 companies who use Microsoft Azure, and 270M monthly active users on Microsoft Teams. 

Shifts in business-to-business (B2B) buying

Before COVID-19, customers in both B2C and B2B environments already expressed a preference for digital commerce experiences, COVID-19 only accelerated digital adoption—digital-first selling is here to stay.

Harvard Business Review1 recently surveyed 1,000 B2B buyers. 43 percent of those surveyed would prefer a purely digital experience for all sales. When the data was cut by generation, 29 percent of Baby Boomers preferred digital experiences in B2B buying and 54 percent of millennials had the same sentiment. Considering ten years from now, the channels we use for B2B buying today will be obsolete or a least forever transformed. Commercial marketplaces deliver on digital-first. Through B2B marketplaces, customers get a trusted buying experience that simplifies the purchase and deployment while helping customers optimize costs with pre-committed cloud spend.

Private offers to scale and motivate 90K-plus cloud partners

The ISV margin sharing to partners in the Cloud Solution Provider program (CSPs) became generally available on February 14, 2022. With margin-sharing, ISVs can directly incentivize CSPs to sell their solutions, this delivers on the promise of partner-to-partner marketing.  

Collaborating with CSPs, ISVs can lower customer acquisition costs and scale business to new customers globally. We are seeing pairings of ISV and CSP partners having tremendous success. Just two months into partnering with Pax8 (the CSP) and LawToolBox (the ISV) has seen a 105% increase in licenses transacted through marketplace.  

Another partner pairing, Sherweb (the CSP) and Nimble (the ISV), were able to work together and scale without adding any overhead. 

“The outcome of becoming a P2P co-seller with Microsoft has enabled Nimble to scale our simple serum for Microsoft 365 to over 22 countries around the world without hiring one person. That's amazing.”

Jon Ferrara, CEO Nimble

ISVs can offer margin to 400 eligible partners at once to open new sales channels, mobilizing a global ecosystem of partners. This also helps ISVs lower acquisition costs and simplify the sales process while increasing customer retention. And finally, when CSPs sell an ISV solution, they can bundle it with Microsoft Cloud solutions and their own value-add services to drive scale and recurring revenue.

Guidance on how to create a private offer and extend a margin to partners in the Cloud Solution Provider program.

Increased agility with private offers—accelerating seven-digit sales

To meet the needs of customers with agility, ISVs often use private offers. Private offers are the key to enterprise deal-making in the marketplace delivering flexibility like negotiated pricing, private terms and conditions, and specialized configurations. Microsoft has recently made substantial improvements to this functionality—ISVs can now create unique private offers per customer in less than 15 minutes.

Additional improvements include:

Create an unlimited number of private offers.
Ability to time-bound the private offer.
Offer custom terms and conditions.
Bundle multiple products in the same private offer.

One of the main motivators for customers to buy through B2B marketplaces is to decrement pre-committed cloud spend. Microsoft offers 100 percent of sales through the Azure Marketplace for Azure IP co-sell eligible solutions to count towards a customer’s Microsoft Azure Consumption Commitment (MACC). These deals are often in the millions and commonly transacted via private offers—the large deal sizes often need customized terms and conditions, special pricing considerations, and so on.

The recent improvements in private offers help ISVs connect with MACC-eligible customers. According to tackle.io’s annual State of Cloud Marketplaces report2, 82 percent of ISVs listed unlocking pre-committed cloud spend as their number one reason to sell through commercial marketplaces, and 43 percent of customers listed spending pre-committed cloud spend as their number one reason to buy through commercial marketplaces. Microsoft has a rich set of enterprise customers that require private offers, and we are seeing the acceleration. Year-over-year we have seen a 300 percent increase in customers buying Azure IP co-sell solutions through the commercial marketplace and we expect those numbers to continue to grow.

For agility and speed, ISVs can leverage APIs to create private offers and can view all private offers in a centralized dashboard with the flexibility to copy, withdraw, and upgrade offers as appropriate. As customers accept private offers, or when private offers are set to expire, the ISV will be notified in Partner Center. For the customer, they will see all the private offers associated with their account and when they purchase, they simply accept the offer with a click. No need to re-deploy their virtual machines—the solution deploys right from the Azure portal and is configured to work in the customer’s tenant.

Embracing the marketplace as a sales channel

With the proliferation of cloud solutions, commercial marketplaces simplify selling and offer customers convenience and a trusted environment to buy and deploy solutions to run their business. ISVs can accelerate their growth by embracing a third-party marketplace as a major sales channel. The improvements to private offers give ISVs the agility they need whether selling to customers with cloud consumption commitments or scaling through our 90,000-plus partners in the CSP program.

As the most trusted and comprehensive cloud—the commercial marketplace is how we are helping deliver tech intensity at scale—connecting over 30,000 solutions from partners to the 1 billion customers who use Microsoft products. Activate this channel by becoming a Microsoft partner and by publishing a transactable offer to the commercial marketplace.

Resources

Join ISV Success Program (private preview)
Learn how to sell through commercial marketplace
Create a channel strategy to activate partners

1 Harvard Business Review
2 tackle.io State of Cloud Marketplaces report
Quelle: Azure

da Agency

Docker Business now available for purchase on the Amazon Web Services Marketplace

Today, Docker and Amazon are happy to announce the availability of Docker Business on the Amazon Web Services (AWS) Marketplace. This is a huge step in providing more choice and flexibility to Docker and AWS customers, so you can procure the Docker Application Development Platform – including leading tools, services, integrations, and content – through your preferred channel.

Docker Business was launched in August 2021, as part of Docker’s new product subscription tiers. It addresses challenges faced by organizations that require developer management and software security at scale without impacting developer productivity and collaboration.

Now that Docker Business is on AWS Marketplace, customers will benefit from an accelerated purchase and procurement process, better visibility and control over your tech stack, and even the ability for AWS Enterprise Discount Plan (EDP) members to utilize incentives related to their committed yearly spend on a platform that millions of developers already know and love.

This announcement is just another step towards our growing ecosystem partnership with AWS, which already includes the ability to build and deploy applications with Docker Desktop and Amazon ECS on AWS Fargate, the availability of Docker Official Images on AWS ECR, and Docker’s Graviton ready designation.

What do I get with Docker Business?

Docker Business helps organizations build modern, secure, and reliable applications without compromising on development speed, flexibility, or trust. It includes the Docker Application Development Platform with added enterprise-grade features like:

Centralized user management and visibility controlsRegistry and image access managementSingle sign-onAdvanced securityPrioritized support

Read more about Docker Business here.

How do I purchase on AWS Marketplace?

You can access the Docker Business listing on AWS Marketplace. After signing into your AWS account, “Configure your Software Contract” and follow the steps from there. 

Once your purchase is complete, activate your subscription and you’re good to go!

Resellers looking to purchase via AWS Marketplace will need to work through our distributor, Nuaware. For more information about purchasing with a Docker reseller, read this blog.

As mentioned, we will continue to work with Amazon to increase the collaboration between Docker and AWS. Check out what we have coming in our public roadmap.

DockerCon Live 2022  

Join us for DockerCon Live 2022 on Tuesday, May 10. DockerCon Live is a free, one day virtual event that is a unique experience for developers and development teams who are building the next generation of modern applications. If you want to learn about how to go from code to cloud fast and how to solve your development challenges, DockerCon Live 2022 offers engaging live content to help you build, share and run your applications. Register today at https://www.docker.com/dockercon/
The post Docker Business now available for purchase on the Amazon Web Services Marketplace appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Amazon RDS for SQL Server unterstützt jetzt M6i- und R6i-Instances

Amazon RDS for SQL Server unterstützt jetzt M6i- und R6i-Instances. M6i-Instances sind die 6. Generation von Amazon-EC2-x86-basierten Allzweck-Computing-Instances, die entwickelt wurden, um ein ausgewogenes Verhältnis von Rechen-, Arbeitsspeicher-, Speicher- und Netzwerkressourcen bereitzustellen. R6i-Instances sind die 6. Generation von speicheroptimierten Amazon-EC2-Instances, die für speicherintensive Workloads entwickelt wurden. M6i- und R6i-Instances basieren auf dem AWS-Nitro-System, einer Kombination aus dedizierter Hardware und schlankem Hypervisor, der praktisch alle Rechen- und Speicherressourcen der Host-Hardware für Ihre Instances bereitstellt.
Quelle: aws.amazon.com

da Agency

Amazon EC2 fügt eine neue AMI-Eigenschaft hinzu, um den Zeitstempel des letzten Starts einer Instance mit dem AMI anzuzeigen

Amazon EC2 fügt jetzt eine neue Eigenschaft namens ‘lastLaunchedTime’ für Besitzer von Amazon Machine Images (AMIs) hinzu. Mit dieser Eigenschaft können AMI-Besitzer den Zeitstempel des letzten Starts einer EC2-Instance mit dem AMI einsehen. Sie ermöglicht es AMI-Eigentümern, die Nutzung ihre AMIs, insbesondere der öffentlich-gemeinsamen AMI, zu verstehen und fundierte Entscheidungen über die Abschreibung oder Deregistrierung ihrer AMIs zu treffen.
Quelle: aws.amazon.com

da Agency

Amazon Comprehend führt entitätsbasierte Stimmungsanalyse ein

Amazon Comprehend ist ein NLP-Service (Natural-Language-Processing), der Machine Learning nutzt, um Erkenntnisse aus Textdaten zu gewinnen. Ab heute bietet Comprehend Targeted Sentiment an, eine neue API, die detailliertere Einblicke in die Stimmung bietet, indem sie die Stimmung (positiv, negativ, neutral oder gemischt) gegenüber Entitäten im Text identifiziert.
Quelle: aws.amazon.com

da Agency

Amazon MSK Connect unterstützt jetzt externe Geheimnisse und die Konfiguration mit Konfigurationsanbietern

Amazon Managed Streaming for Apache Kafka (Amazon MSK) ermöglicht jetzt benutzerdefinierte Konfigurationsanbieter für MSK Connect. Mit dieser Funktion können Sie Geheimnisse bei Anbietern wie Amazon Secrets Manager speichern und die Speicherung von Kennwörtern und anderen Anmeldeinformationen in den Konfigurationseigenschaften von Konnektoren und Arbeitern vermeiden. Sie können jeden mit Apache Kafka kompatiblen ConfigProvider als Teil eines MSK Connect-Plugins bereitstellen und diesen zum Abrufen der Konfiguration verwenden.
Quelle: aws.amazon.com