Home > Resources > Articles > Multi-Cloud Management: Tools, Challenges, and Best Practices

Multi-Cloud Management: Tools, Challenges, and Best Practices

Multi-Cloud Management

Overview of Multi-Cloud Management


A Brief Understanding of What Multi-Cloud Management Is

As digitalization is taking over the world, companies are constantly looking for options through which they can leverage next-gen technologies, using which they can automate their business and simplify the whole process. This will help businesses sustain themselves in the constantly changing environment.

Multi-cloud management is the set of tools and procedures that help a business monitor and secure its apps and workloads across multiple cloud platforms. The cloud platforms could be public, private, or even a mix of both.

Why Should You Consider Multi-Cloud?

Enterprises should adopt multi-cloud as it is an ideal environment to allocate computing resources and reduce the risk of data loss and downtime. With the constant innovations in the cloud space, a multi-cloud environment allows companies the luxury of choosing the best available options for their cloud service requirements.

Is Multi-Cloud Infrastructure the Future?

The multi-cloud architecture allows the enterprise to distribute its workload across various cloud environments effectively. This helps the organization achieve widespread growth while minimizing risks associated with individual cloud environments.

Multi-cloud infrastructure is the future because:

  • It offers various cloud options to resolve rigorous needs across multiple computing and business functions.
  • Allows organizations to enable a cloud environment, which combines security and cost-savings at the same time.
  • Reduces latency and serves corporate data across geographically disparate locations while maintaining a unified end-user experience.
  • It empowers firms to mix and match platforms in a way that the workloads are not locked into a single cloud provider.


The cloud is about how you do computing, not where you do computing. 

Paul Maritz, former CEO of VMware and Pivotal


Most Efficient Multi-Cloud Management Tools

When you choose a multi-cloud management tool for your organization, it is critical to consider the user experience on offer, the number of customers, financial capabilities etc. Companies should also consider and compare the functionality of the tools they are looking into.

Some of the top multi-cloud management tools are as follows:

  • BMC Cloud Lifecycle Management – defines and manages the complete lifecycle of a resource on a cloud. It also accelerates innovation and continuous delivery of services.
  • Embotics Commander – offers automated provisioning for approvals and decommissioning, with custom actions to reduce sprawl and customizable multi-cloud service.
  • Flexera – helps orchestrate APIs along with built-in assistance for networking, storage and more.
  • HyperGrid – essentially used to monitor cloud service platforms. It also simplifies migration plans for companies using features like auto-discovery and right-sizing.
  • Morpheus – provides operations and automation along with on-premise hypervisors, various cloud services, and swapping technologies.
  • Scalr – enables role-based access control for different users, providing an open policy agent with a single toolset to eliminate any differences.

Top 7 Reasons to Adopt a Multi-Cloud Strategy

Adopting a multi-cloud strategy to ensure optimal distribution of assets across cloud hosting environments. Cloud computing has helped businesses achieve greater flexibility, accessibility, and resilience. With innovating at a rapid pace being the need of the hour, here are some of the top reasons for you to adopt a multi cloud strategy for your business.

  • Businesses have the option of associating with the best-in-class cloud hosting platforms for each task, according to the requirements.
  • Helps improve business agility with workload mobility.
  • Enterprise can scale storage based on the requirements of individual data segments.
  • •t helps build high-speed, low latency infrastructures and reduces costs.
  • Mitigate any risk by switching to another service provider.
  • Evaluate the benefits, terms, and pitfalls of multiple service providers to prevent vendor lock-in.
  • Enjoy competitive pricing and offers such as adjustable contracts, flexible payments, etc.

Top 5 Challenges of Multi-Cloud Management

While multi-cloud is considered to be the wave of the future, there are still some challenges that one might come across. Each cloud service provider has their own set of practices and guidelines, which can sometimes pose as a challenge. Some of the most common challenges are:

Management Complexity – The larger the number of cloud environments an organization uses, the greater the complexities that come along with it. With no standardization across cloud vendors and each cloud vendor having its own portal, APIs, and processes for managing its environment, adding vendors would mean an increasing management burden.

Skill Scarcity – The high demand for skilled professionals with the knowledge of managing multiple cloud platforms makes it difficult for organizations to find ideal talent. The prevalence of a tight labor market and rapidly changing technologies only add to the constraints.

Governance and Compliance – Some companies must pass through multiple compliance requirements to be met, irrespective of where the data is stored. This makes data governance highly critical.

Cost Control – There is always a chance of the cost associated with each service quickly spinning out of control. Vendors using different billing systems and employing different pricing, fees, and infrastructure sizes is also a common issue. 

Interoperability – When organizations migrate their workload from their legacy systems to various cloud platforms, the lack of interoperability is a significant hindrance. This requires IT teams to deal with siloed vendor tools along with other interoperability challenges.


Best Practices for Multi-Cloud Management

Undertaking the right practice for your multi-cloud management is essential for you to attain optimum results from your strategy and achieve the goals that you have set. Some of the most effective practices that you can undertake are listed below:

  • Identify and map your multi-cloud architecture according to your business requirements.
  • Standardize consumption by charting each department’s usage and then increasing or decreasing resources accordingly.
  • Achieve a cohesive multi-sourced ecosystem by integrating six key areas; business, organization, information, governance, processes, and tools.
  • Ensure that an effective and reliable disaster recovery plan is in place.

The German stock exchange, Börse Stuttgart, wanted to improve the speed and agility of their IT operations and security. They also required greater visibility into costs, compute contention issues, and capacity. Using multi-cloud, Börse Stuttgart achieved better service monitoring and faster troubleshooting. They were also able to simplify IT management of their cloud proxy, enhance management reports and dashboards, and shift the usage of IT time from operations to innovation.


Conclusion

For an organization to effectively automate the task and optimize costs, they require a sturdy multi-cloud management platform. With the shift of focus from managing technology infrastructure to business transformation, a business can derive the maximum possible competitive advantage.

FAQ


Why Is a Multi-Cloud Strategy Important?

With an effective multi-cloud strategy in place, it provides the organization with the freedom to use the best possible cloud platform, depending upon the requirements.

What Is Multi-Cloud Management?

Multi-cloud management is a variety of tools and processes that aid a business in overseeing and securing applications and workloads across multiple cloud platforms.


What Is the Benefit of a Multi-Cloud Network?

Using a multi-cloud network, a multi-cloud platform can combine the best services that each cloud platform offers, allowing companies to customize their infrastructure as per their needs.

Spotlight

iNube Software

iNube is a Bangalore-based IT solutions provider founded in August 2010. Our key focus areas are Insurance, Cloud Computing and Mobility. We are an ideas-led company focused on providing portfolio offerings on a cloud infrastructure in the insurance space. The product offerings of iNube are on a Software as a Service (SaaS) model. iNube believes that offerings on a SaaS model will help early business enablement for various stakeholders in the insurance space, viz-a-viz, Insurance companies, TPAs, Intermediaries and Service providers. iNube's products are designed to optimize productivity, enhance the quality of service delivered to end customers and reduce entreprise IT costs for its enterprise customers through adoption of cloud computing and mobility. We also work closely on Services engagements bringing in our Domain and Technical expertise to drive futuristic solutions which add immense value to customers.

OTHER ARTICLES
Cloud App Development, Cloud Security, Cloud App Management

What Is Cloud-Native and Why Does it Matter for CI

Article | June 21, 2023

Continuous intelligence (CI) relies on the real-time analysis of streaming data to produce actionable insights in milliseconds to seconds. Such capabilities have applications throughout a business. In today’s dynamic marketplace, new CI applications that use data from various sources at any given time might be needed on very short notice.The challenge is how to have the flexibility to rapidly develop and deploy new CI applications to meet fast-changing business requirements. A common approach employed today is to use a dynamic architecture that delivers access to data, processing power, and analytics capabilities on demand. In the future, solutions also will likely incorporate artificial intelligence applications to complement the benefits of traditional analytics. Increasingly, cloud-native is the architecture of choice to build and deploy AI-embedded CI applications. A cloud-native approach offers benefits to both the business and developers. Cloud-native applications or services are loosely coupled with explicitly described dependencies.

Read More
Cloud App Development

Why Microsoft Should Spinoff Its Cloud Business

Article | June 9, 2022

Microsoft currently features old-school solutions that are growing relatively slowly (Office and Windows) and new cloud solutions that are growing tremendously (Dynamics 365 and Azure). If the company stays in its current form, Microsoft stock will keep steadily advancing. But because the company’s total top and bottom lines are never going to increase much more than 30% or 35% per year, the shares are never going to deliver truly huge returns. But that would change if the company was to spin off its rapidly growing cloud businesses. In such a scenario, the current owners of Microsoft stock would receive shares in a cutting edge cloud services company (let’s call it Azure), and shares in a company focused on providing old, mostly PC-based software to businesses and consumers.

Read More
Cloud App Development, Cloud Deployment Models, Cloud Security

Intelligence Giant Upgrading its Cloud Technology

Article | June 29, 2023

With the huge amounts of data in all fields, a future in the cloud is imperative to help deal with this explosion of data, especially in the field of intelligence technology. This is the reason why the US Central Intelligence Agency is updating its cloud technology. The agency has recently released a draft request for proposal for its Commercial Cloud Enterprise contract.The C2E tens of billions contract will be a multi-award commercial cloud computing contract with a five-year base period and two five-year options for a period of performance of up to 15 years, according to nextgov.com.In a March 2019 presentation by the Directorate of Digital Innovation, a division of the CIA, the department outlined its vision for C2E. It would be broad and include infrastructure, platform and software cloud services supporting a broad range of users, with a variety of security clearances and a worldwide presence, as reported by techcrunch.com. The principal C2E Program objective is to acquire cloud computing services directly from commercial cloud service providers with established records for innovation and operational excellence in cloud service delivery for a large customer base,the department stated in the presentation.Apparently, the agency prefers to avoid all the attention that the Pentagon’s JEDI cloud procurement process got, and quietly go about its business.

Read More

AWS tags US$235 million to expand its cloud infrastructure in Latin America

Article | February 10, 2020

Amazon Web Services (AWS) is raising its stake on cloud computing infrastructure in Latin America. Proof of this is that the IT company will use R$1 billion (around US$235 million) to expand its data center in Sao Paulo. These millions will be used for its Data Processing Center located in that part of Brazil. In addition, a portion of these US$235 million will also be used to increase the services it offers to both public and private parties.The move gives reason to suggest that AWS is upping the ante in the future of startups and tech in the region that rely on cloud services to develop their own products.It launched its cloud center in Brazil in 2011 but it’ll be getting some beefing up thanks to these funds. Moreover, AWS has two Edge networks in São Paulo and two in Rio de Janeiro. As well as one in each of the following cities: Bogotá (Colombia), Buenos Aires (Argentina), and Santiago (Chile).The objective of all of this is to be the region’s prime provider of cloud infrastructure and beat out its competition AKA, Google Cloud Platform and Microsoft’s Azure.

Read More
Cloud App Development, Cloud Security, Cloud App Management

15 Top Cloud Security Conferences to Attend in 2023

Article | June 21, 2023

Continuous intelligence (CI) relies on the real-time analysis of streaming data to produce actionable insights in milliseconds to seconds. Such capabilities have applications throughout a business. In today’s dynamic marketplace, new CI applications that use data from various sources at any given time might be needed on very short notice.The challenge is how to have the flexibility to rapidly develop and deploy new CI applications to meet fast-changing business requirements. A common approach employed today is to use a dynamic architecture that delivers access to data, processing power, and analytics capabilities on demand. In the future, solutions also will likely incorporate artificial intelligence applications to complement the benefits of traditional analytics. Increasingly, cloud-native is the architecture of choice to build and deploy AI-embedded CI applications. A cloud-native approach offers benefits to both the business and developers. Cloud-native applications or services are loosely coupled with explicitly described dependencies.

Read More
Cloud App Development

IBM's Cloudburst: A Credible Step Forward in the Cloud Computing Arena

Article | June 9, 2022

Microsoft currently features old-school solutions that are growing relatively slowly (Office and Windows) and new cloud solutions that are growing tremendously (Dynamics 365 and Azure). If the company stays in its current form, Microsoft stock will keep steadily advancing. But because the company’s total top and bottom lines are never going to increase much more than 30% or 35% per year, the shares are never going to deliver truly huge returns. But that would change if the company was to spin off its rapidly growing cloud businesses. In such a scenario, the current owners of Microsoft stock would receive shares in a cutting edge cloud services company (let’s call it Azure), and shares in a company focused on providing old, mostly PC-based software to businesses and consumers.

Read More
Cloud App Development, Cloud Deployment Models, Cloud Security

Monitoring and Logging for Privileged Access in Cloud Environments

Article | June 29, 2023

With the huge amounts of data in all fields, a future in the cloud is imperative to help deal with this explosion of data, especially in the field of intelligence technology. This is the reason why the US Central Intelligence Agency is updating its cloud technology. The agency has recently released a draft request for proposal for its Commercial Cloud Enterprise contract.The C2E tens of billions contract will be a multi-award commercial cloud computing contract with a five-year base period and two five-year options for a period of performance of up to 15 years, according to nextgov.com.In a March 2019 presentation by the Directorate of Digital Innovation, a division of the CIA, the department outlined its vision for C2E. It would be broad and include infrastructure, platform and software cloud services supporting a broad range of users, with a variety of security clearances and a worldwide presence, as reported by techcrunch.com. The principal C2E Program objective is to acquire cloud computing services directly from commercial cloud service providers with established records for innovation and operational excellence in cloud service delivery for a large customer base,the department stated in the presentation.Apparently, the agency prefers to avoid all the attention that the Pentagon’s JEDI cloud procurement process got, and quietly go about its business.

Read More

AWS tags US$235 million to expand its cloud infrastructure in Latin America

Article | February 10, 2020

Amazon Web Services (AWS) is raising its stake on cloud computing infrastructure in Latin America. Proof of this is that the IT company will use R$1 billion (around US$235 million) to expand its data center in Sao Paulo. These millions will be used for its Data Processing Center located in that part of Brazil. In addition, a portion of these US$235 million will also be used to increase the services it offers to both public and private parties.The move gives reason to suggest that AWS is upping the ante in the future of startups and tech in the region that rely on cloud services to develop their own products.It launched its cloud center in Brazil in 2011 but it’ll be getting some beefing up thanks to these funds. Moreover, AWS has two Edge networks in São Paulo and two in Rio de Janeiro. As well as one in each of the following cities: Bogotá (Colombia), Buenos Aires (Argentina), and Santiago (Chile).The objective of all of this is to be the region’s prime provider of cloud infrastructure and beat out its competition AKA, Google Cloud Platform and Microsoft’s Azure.

Read More
MORE ARTICLES

Spotlight

iNube Software

iNube is a Bangalore-based IT solutions provider founded in August 2010. Our key focus areas are Insurance, Cloud Computing and Mobility. We are an ideas-led company focused on providing portfolio offerings on a cloud infrastructure in the insurance space. The product offerings of iNube are on a Software as a Service (SaaS) model. iNube believes that offerings on a SaaS model will help early business enablement for various stakeholders in the insurance space, viz-a-viz, Insurance companies, TPAs, Intermediaries and Service providers. iNube's products are designed to optimize productivity, enhance the quality of service delivered to end customers and reduce entreprise IT costs for its enterprise customers through adoption of cloud computing and mobility. We also work closely on Services engagements bringing in our Domain and Technical expertise to drive futuristic solutions which add immense value to customers.

Related News

Cloud Security

IBM Redesigns Cloud-Native SIEM to Level-up Security

IBM | November 08, 2023

The cloud-native SIEM enhances scalability, speed, and flexibility while leveraging AI for improved alert prioritization and response. Cloud-native QRadar SIEM is built on an open foundation, supporting interoperability with multi-vendor tools and cloud platforms. IBM plans to introduce generative AI capabilities in early 2024. IBM introduced a significant transformation to its flagship IBM QRadar SIEM (Security Information and Event Management) product. The new QRadar SIEM is redesigned on a cloud-native architecture tailored for hybrid cloud environments, with a strong focus on scale, speed, and flexibility. This update aims to empower security teams by enabling AI and security analysts to work together efficiently. In fact, SOC professionals get to less than half (49%) of the alerts that they're supposed to review within a typical workday, according to a recent global survey. [Source- Cision PR Newswire] The cloud-native QRadar SIEM builds upon the strong foundation of its predecessor, offering efficient data ingestion, rapid search capabilities, and analytics at scale. It is based on an open foundation and is part of the QRadar Suite, IBM's integrated threat detection and response software portfolio. As hybrid cloud environments expand and evolve rapidly, the security challenges become increasingly complex. The growing attack surface makes it difficult for security professionals to identify true threats amid the noise, leading to delayed threat responses. The new cloud-native QRadar SIEM addresses these challenges by leveraging AI to manage repetitive tasks and streamline the detection and response process for high-priority security incidents. Built on Red Hat OpenShift, QRadar SIEM is designed to be open at its core, allowing for deep interoperability with multi-vendor tools and cloud platforms. It supports common detection rules (SIGMA) to quickly integrate crowdsourced threat detections from the security community. Additionally, it offers federated search and threat-hunting capabilities across various data sources, enhancing threat investigation across cloud and on-premises environments. IBM's cloud-native SIEM includes AI capabilities that automatically prioritize alerts, reduce noise, and provide context for high-priority alerts. It streamlines threat investigations by running federated searches, creating visual attack timelines, and suggesting recommended actions. It plans to introduce generative AI (GAI) capabilities for QRadar Suite in early 2024. These AI capabilities will automate tasks like report creation, threat detection, log data interpretation, and threat intelligence curation. GAI is expected to enhance the productivity of security analysts, allowing them to focus on higher-value tasks. The investment in cloud-native SIEM and AI integration reflects its commitment to delivering next-generation security operations technology. These advancements are designed to simplify security operations, reduce complexity, and provide security teams with the tools to effectively address today's complex threat landscape. The new cloud-native QRadar SIEM will be available as SaaS in Q4 2023. IBM is actively working on its AI and data platform, watsonx, to enable generative AI to support security teams in automating routine tasks, accelerating threat response, and simplifying threat investigations. This represents a significant step toward more efficient and effective security operations.

Read More

Cloud App Development

Box and Google Cloud Expand Strategic Partnership Across Generative AI and Go-to-Market

Business Wire | November 02, 2023

Box, Inc. (NYSE: BOX), the leading Content Cloud, and Google Cloud today announced an expanded partnership to transform work in the enterprise with generative AI. Box will integrate with Vertex AI to build new gen AI features that help customers more efficiently process and analyze data stored in the Box Content Cloud, which is also now available to customers directly through Google Cloud Marketplace. Enterprises today want to work with strategic technology platforms that can help them work smarter and more productively, said Aaron Levie, co-founder and CEO of Box. Google Cloud is an incredibly important partner that helps us serve our customers globally. This deepened partnership underscores our joint commitment to delivering solutions that leverage cutting edge technology to power entirely new ways for users to intelligently interact with their content and revolutionize the way businesses operate in the AI-first era. “Generative AI can streamline some of the most time-consuming processes facing enterprises today, such as manual data entry and analysis,” said Thomas Kurian, CEO of Google Cloud. “Our expanded partnership with Box will provide customers with new tools that help them quickly process and create insights from documents stored within Box Content Cloud, saving time that users can reallocate towards more impactful work.” New Box AI Capabilities, Powered by Vertex AI Box has chosen to integrate with Vertex AI, Google Cloud’s unified AI platform, to help customers process and analyze data faster, create more personalized user experiences, intelligent search, and more. Building on the earlier announcement that Box will integrate Google Cloud’s advanced large-language models (LLMs) into Box AI, Box will now use Vertex AI to help power its new metadata extraction feature. The new feature, coming first as an API, will save customers’ time inputting and maintaining data by automatically identifying and tagging key context from their documents, including matching metadata fields to attributes within a file. Soon, customers will be able to: Automatically classify and label documents at scale to surface key insights, such as contracts nearing their expiration and invoices requiring payment within the current month. Define metadata templates to extract information for custom use cases, such as automatically recognizing and tagging products in images or categorizing PII in specific types. Populate defined metadata templates and integrate with ERP and CRM systems to automate workflows such as invoicing, executing contracts, client and employee onboarding, and more. Identify and preserve critical information, such as timestamps, authorship, and document versions history, to maintain compliance protocols. Recognize and extract metadata in different languages to ensure consistent term recognition while operating in different countries and regions. Box is Now Available on Google Cloud Marketplace As part of the expanded partnership, Box is now also available on Google Cloud Marketplace, making it even easier for customers using Google Cloud infrastructure to purchase Box’s content management platform. With the Box app available on Google Cloud Marketplace, eligible customers can realize key benefits including: Reduced procurement cycles allowing for faster, smoother, and simpler buying process. Consolidated Google Cloud billing. Cost savings against existing Google Cloud commitments when purchased through Google Cloud Marketplace. Box Expands Its Use of Google Cloud Box already leverages Google Cloud as a key infrastructure provider for data storage and compute globally. Now, Box will expand its usage of Google Cloud by adopting several new services across networking, data analytics, and machine learning to deliver faster performance and higher-reliability to its customers. For example, Box is now applying: Google Cloud as a storage option for Box KeySafe, which enables Box customers to use their own encryption key within Box. This provides customers with more choice over where they maintain their encryption keys. Google Cloud’s global networking infrastructure to power Box network communication with customers, resulting in faster content transfers and increased productivity for customers around the world. Cloud Bigtable for improved performance and uptime for the core data systems that power Box. This enables Box to deliver its customers with a more reliable service to secure and manage all of their content needs. Google Cloud BigQuery to power Box's data application, analytics, and insights. With BigQuery, Box can now deliver more comprehensive data-driven insights to customers faster. Google Workspace Integrations The expanded partnership builds on existing integrations with Google Workspace, which lets Box customers create, collaborate, and save content in Google Docs, Sheets, or Slides from the secure Box Content Cloud platform. Additionally, the Box for Google Workspace add-on enables smooth and secure productivity and collaboration across Google Workspace, including Gmail, Google Drive, and Google Calendar. With these integrations, customers can: Create, open, and edit content using Google Workspace’s collaboration tools directly within Box. Add Box files directly to emails and save email attachments to Box without leaving Gmail. Include Box files and link Box Notes directly to your Google Calendar events. Save files in Google Drive to Box. Apply Box’s enterprise-grade security, compliance, and governance capabilities to Google Docs, Sheets, and Slides. About Box Box (NYSE:BOX) is the leading Content Cloud, a single platform that empowers organizations to manage the entire content lifecycle, work securely from anywhere, and integrate across best-of-breed apps. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. Visit box.com to learn more. And visit box.org to learn more about how Box empowers nonprofits to fulfill their missions. About Google Cloud Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Read More

Cloud Security

Sysdig Debuts New Benchmark for Cloud Detection and Response

Business Wire | November 03, 2023

Sysdig, the leader in cloud security powered by runtime insights, today released at SANS CyberFest 2023 the 5/5/5 Benchmark for Cloud Detection and Response, a new framework that outlines how quickly organizations should detect, triage, and respond to attacks in the cloud. Operating securely in the cloud requires a mindset shift in regard to time, and with that, cloud security programs need to hold themselves to a modernized benchmark: five seconds to detect, five minutes to correlate insights and understand what’s happening, and five additional minutes to respond. Recent findings by the Sysdig Threat Research Team published in the 2023 Global Cloud Threat Report note that, after discovering an exploitable target, malicious actors require less than 10 minutes to execute an attack. Cloud attacks are swift and sophisticated, requiring robust threat detection and response programs that move at the speed of the cloud. On-premises attacks take 16 days on average and antiquated frameworks challenge security teams to respond to a breach within 60 minutes, which is simply insufficient for the cloud. Bad actors are exploiting the automation and scale of the cloud, along with new techniques, to accelerate all stages of an attack and inflict damage within minutes. The 5/5/5 Benchmark guides organizations to detect and respond to cloud attacks faster than adversaries can complete them. The Challenge Detect threats within five seconds.Organizations should be able to gather detection signals from their cloud security tools in real time to ensure visibility into ephemeral assets. Correlate and triage within five minutes.Teams should be able to gather full context for all correlated signals within five minutes of receiving the first relevant alert. Initiate a response within five minutes.Organizations should be able to initiate a tactical response within five minutes of confirming that an attack is in progress. What people are saying People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of 'best practices,' but no real way to quantify cloud security agility — until now, said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig. The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig Threat Research Team, sets a new standard for operating securely in the cloud. “As organizations move to the cloud, traditional on-premises security standards become outdated and too slow. In the cloud, both innovation and attacks happen quickly – companies need security tools, processes, and standards designed to operate at the speed of cloud-native environments,” said Phil Bues, Research Manager for IDC Cloud Security. “I don’t want to know 15 minutes after someone breached my system. I need to know instantly so that we can shut it down before the blast radius expands,” said Kuldeep Tomar, Head of Information Security at India’s leading digital skill games company and 5/5/5 Benchmark Advisor. “To move at the necessary speed, you need to not only be alerted to the right things, but also respond appropriately. Having a benchmark gives us a goal to hold ourselves to.” About Sysdig In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Sysdig. Secure Every Second.

Read More

Cloud Security

IBM Redesigns Cloud-Native SIEM to Level-up Security

IBM | November 08, 2023

The cloud-native SIEM enhances scalability, speed, and flexibility while leveraging AI for improved alert prioritization and response. Cloud-native QRadar SIEM is built on an open foundation, supporting interoperability with multi-vendor tools and cloud platforms. IBM plans to introduce generative AI capabilities in early 2024. IBM introduced a significant transformation to its flagship IBM QRadar SIEM (Security Information and Event Management) product. The new QRadar SIEM is redesigned on a cloud-native architecture tailored for hybrid cloud environments, with a strong focus on scale, speed, and flexibility. This update aims to empower security teams by enabling AI and security analysts to work together efficiently. In fact, SOC professionals get to less than half (49%) of the alerts that they're supposed to review within a typical workday, according to a recent global survey. [Source- Cision PR Newswire] The cloud-native QRadar SIEM builds upon the strong foundation of its predecessor, offering efficient data ingestion, rapid search capabilities, and analytics at scale. It is based on an open foundation and is part of the QRadar Suite, IBM's integrated threat detection and response software portfolio. As hybrid cloud environments expand and evolve rapidly, the security challenges become increasingly complex. The growing attack surface makes it difficult for security professionals to identify true threats amid the noise, leading to delayed threat responses. The new cloud-native QRadar SIEM addresses these challenges by leveraging AI to manage repetitive tasks and streamline the detection and response process for high-priority security incidents. Built on Red Hat OpenShift, QRadar SIEM is designed to be open at its core, allowing for deep interoperability with multi-vendor tools and cloud platforms. It supports common detection rules (SIGMA) to quickly integrate crowdsourced threat detections from the security community. Additionally, it offers federated search and threat-hunting capabilities across various data sources, enhancing threat investigation across cloud and on-premises environments. IBM's cloud-native SIEM includes AI capabilities that automatically prioritize alerts, reduce noise, and provide context for high-priority alerts. It streamlines threat investigations by running federated searches, creating visual attack timelines, and suggesting recommended actions. It plans to introduce generative AI (GAI) capabilities for QRadar Suite in early 2024. These AI capabilities will automate tasks like report creation, threat detection, log data interpretation, and threat intelligence curation. GAI is expected to enhance the productivity of security analysts, allowing them to focus on higher-value tasks. The investment in cloud-native SIEM and AI integration reflects its commitment to delivering next-generation security operations technology. These advancements are designed to simplify security operations, reduce complexity, and provide security teams with the tools to effectively address today's complex threat landscape. The new cloud-native QRadar SIEM will be available as SaaS in Q4 2023. IBM is actively working on its AI and data platform, watsonx, to enable generative AI to support security teams in automating routine tasks, accelerating threat response, and simplifying threat investigations. This represents a significant step toward more efficient and effective security operations.

Read More

Cloud App Development

Box and Google Cloud Expand Strategic Partnership Across Generative AI and Go-to-Market

Business Wire | November 02, 2023

Box, Inc. (NYSE: BOX), the leading Content Cloud, and Google Cloud today announced an expanded partnership to transform work in the enterprise with generative AI. Box will integrate with Vertex AI to build new gen AI features that help customers more efficiently process and analyze data stored in the Box Content Cloud, which is also now available to customers directly through Google Cloud Marketplace. Enterprises today want to work with strategic technology platforms that can help them work smarter and more productively, said Aaron Levie, co-founder and CEO of Box. Google Cloud is an incredibly important partner that helps us serve our customers globally. This deepened partnership underscores our joint commitment to delivering solutions that leverage cutting edge technology to power entirely new ways for users to intelligently interact with their content and revolutionize the way businesses operate in the AI-first era. “Generative AI can streamline some of the most time-consuming processes facing enterprises today, such as manual data entry and analysis,” said Thomas Kurian, CEO of Google Cloud. “Our expanded partnership with Box will provide customers with new tools that help them quickly process and create insights from documents stored within Box Content Cloud, saving time that users can reallocate towards more impactful work.” New Box AI Capabilities, Powered by Vertex AI Box has chosen to integrate with Vertex AI, Google Cloud’s unified AI platform, to help customers process and analyze data faster, create more personalized user experiences, intelligent search, and more. Building on the earlier announcement that Box will integrate Google Cloud’s advanced large-language models (LLMs) into Box AI, Box will now use Vertex AI to help power its new metadata extraction feature. The new feature, coming first as an API, will save customers’ time inputting and maintaining data by automatically identifying and tagging key context from their documents, including matching metadata fields to attributes within a file. Soon, customers will be able to: Automatically classify and label documents at scale to surface key insights, such as contracts nearing their expiration and invoices requiring payment within the current month. Define metadata templates to extract information for custom use cases, such as automatically recognizing and tagging products in images or categorizing PII in specific types. Populate defined metadata templates and integrate with ERP and CRM systems to automate workflows such as invoicing, executing contracts, client and employee onboarding, and more. Identify and preserve critical information, such as timestamps, authorship, and document versions history, to maintain compliance protocols. Recognize and extract metadata in different languages to ensure consistent term recognition while operating in different countries and regions. Box is Now Available on Google Cloud Marketplace As part of the expanded partnership, Box is now also available on Google Cloud Marketplace, making it even easier for customers using Google Cloud infrastructure to purchase Box’s content management platform. With the Box app available on Google Cloud Marketplace, eligible customers can realize key benefits including: Reduced procurement cycles allowing for faster, smoother, and simpler buying process. Consolidated Google Cloud billing. Cost savings against existing Google Cloud commitments when purchased through Google Cloud Marketplace. Box Expands Its Use of Google Cloud Box already leverages Google Cloud as a key infrastructure provider for data storage and compute globally. Now, Box will expand its usage of Google Cloud by adopting several new services across networking, data analytics, and machine learning to deliver faster performance and higher-reliability to its customers. For example, Box is now applying: Google Cloud as a storage option for Box KeySafe, which enables Box customers to use their own encryption key within Box. This provides customers with more choice over where they maintain their encryption keys. Google Cloud’s global networking infrastructure to power Box network communication with customers, resulting in faster content transfers and increased productivity for customers around the world. Cloud Bigtable for improved performance and uptime for the core data systems that power Box. This enables Box to deliver its customers with a more reliable service to secure and manage all of their content needs. Google Cloud BigQuery to power Box's data application, analytics, and insights. With BigQuery, Box can now deliver more comprehensive data-driven insights to customers faster. Google Workspace Integrations The expanded partnership builds on existing integrations with Google Workspace, which lets Box customers create, collaborate, and save content in Google Docs, Sheets, or Slides from the secure Box Content Cloud platform. Additionally, the Box for Google Workspace add-on enables smooth and secure productivity and collaboration across Google Workspace, including Gmail, Google Drive, and Google Calendar. With these integrations, customers can: Create, open, and edit content using Google Workspace’s collaboration tools directly within Box. Add Box files directly to emails and save email attachments to Box without leaving Gmail. Include Box files and link Box Notes directly to your Google Calendar events. Save files in Google Drive to Box. Apply Box’s enterprise-grade security, compliance, and governance capabilities to Google Docs, Sheets, and Slides. About Box Box (NYSE:BOX) is the leading Content Cloud, a single platform that empowers organizations to manage the entire content lifecycle, work securely from anywhere, and integrate across best-of-breed apps. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. Visit box.com to learn more. And visit box.org to learn more about how Box empowers nonprofits to fulfill their missions. About Google Cloud Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Read More

Cloud Security

Sysdig Debuts New Benchmark for Cloud Detection and Response

Business Wire | November 03, 2023

Sysdig, the leader in cloud security powered by runtime insights, today released at SANS CyberFest 2023 the 5/5/5 Benchmark for Cloud Detection and Response, a new framework that outlines how quickly organizations should detect, triage, and respond to attacks in the cloud. Operating securely in the cloud requires a mindset shift in regard to time, and with that, cloud security programs need to hold themselves to a modernized benchmark: five seconds to detect, five minutes to correlate insights and understand what’s happening, and five additional minutes to respond. Recent findings by the Sysdig Threat Research Team published in the 2023 Global Cloud Threat Report note that, after discovering an exploitable target, malicious actors require less than 10 minutes to execute an attack. Cloud attacks are swift and sophisticated, requiring robust threat detection and response programs that move at the speed of the cloud. On-premises attacks take 16 days on average and antiquated frameworks challenge security teams to respond to a breach within 60 minutes, which is simply insufficient for the cloud. Bad actors are exploiting the automation and scale of the cloud, along with new techniques, to accelerate all stages of an attack and inflict damage within minutes. The 5/5/5 Benchmark guides organizations to detect and respond to cloud attacks faster than adversaries can complete them. The Challenge Detect threats within five seconds.Organizations should be able to gather detection signals from their cloud security tools in real time to ensure visibility into ephemeral assets. Correlate and triage within five minutes.Teams should be able to gather full context for all correlated signals within five minutes of receiving the first relevant alert. Initiate a response within five minutes.Organizations should be able to initiate a tactical response within five minutes of confirming that an attack is in progress. What people are saying People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of 'best practices,' but no real way to quantify cloud security agility — until now, said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig. The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig Threat Research Team, sets a new standard for operating securely in the cloud. “As organizations move to the cloud, traditional on-premises security standards become outdated and too slow. In the cloud, both innovation and attacks happen quickly – companies need security tools, processes, and standards designed to operate at the speed of cloud-native environments,” said Phil Bues, Research Manager for IDC Cloud Security. “I don’t want to know 15 minutes after someone breached my system. I need to know instantly so that we can shut it down before the blast radius expands,” said Kuldeep Tomar, Head of Information Security at India’s leading digital skill games company and 5/5/5 Benchmark Advisor. “To move at the necessary speed, you need to not only be alerted to the right things, but also respond appropriately. Having a benchmark gives us a goal to hold ourselves to.” About Sysdig In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Sysdig. Secure Every Second.

Read More

Events