November 23, 2021

November 23, 2021

How to investigate service provider trust chains in the cloud

Microsoft Detection and Response Team (DART) has been assisting multiple organizations around the world in investigating the impact of NOBELIUM’s activities. While we have already engaged directly with affected customers to assist with incident response related to NOBELIUM’s recent activity, our goal with this blog is to help you answer the common and fundamental questions: How do I determine if I am a victim? If I am a victim, what did the threat actor do? How can I regain control over my environment and make it more difficult for this threat actor to regain access to our environments? ... DAP can be beneficial for both the service provider and end customer because it allows a service provider to administer a downstream tenant using their own identities and security policies. ... Azure AOBO is similar in nature to DAP, albeit the access is scoped to Azure Resource Manager (ARM) role assignments on individual Azure subscriptions and resources, as well as Azure Key Vault access policies. Azure AOBO brings similar management benefits as DAP does.


Sharded Multi-Tenant Database using SQL Server Row-Level Security

The distribution of tenants among multiple servers can be made using different methods. An intuitive way would be like "put the first 10 tenants in this server A, then only when needed provision a new server B and put the next 10 tenants there, etc". Another method would be starting with a few servers and distributing tenants evenly across those servers: Let's say you have 3 servers called A, B, C, you'd put Tenant1 into A, Tenant2 into B, Tenant3 into C, Tenant4 into A again, Tenant5 into B, etc. So basically tenants are distributed according to (TenantId)%(NumberOfServers). If you don't want to have a single catalog (which as I said before is both a bottleneck and a single point of failure) you can spread your catalog across multiple servers (exactly like the tenants' data) as long as your requests can be routed directly to the right place, which would require the sharding to be based on something like the tenant domain. ... The Security Policy TenantAccessPolicy can be used to apply filters over any number of tables. To make sure that any table with the [TenantId] column will always be filtered, we can create a DDL trigger that will apply the security predicate to any new (or modified) table.?


How Nvidia aims to demystify zero trust security

Nvidia is succeeding at its mission of demystifying zero trust in datacenters, starting with its BlueField DPU architecture. Its architecture includes secure boot with hardware root-of-trust, secure firmware updates, and Cerberus compliant with more enhancements to support the build-out of its zero-trust framework. One of Nvidia’s core strengths is its ability to extend and scale DPU core features with SDKs and related software, while scaling to support larger AI and data science workloads. Doubling down on DOCA development this year, Nvidia used GTC 2021 to announce the 1.2 release supports new authentication, attestation, isolation, and monitoring features, further strengthening Nvidia’s zero-trust platform. In addition, Nvidia says they are seeing momentum in customers and partners signing up for the DOCA early access program. ... Morpheus monitors network activity using unsupervised machine learning algorithms to understand typical behavioral patterns, as well as identity, endpoint, and location parameters across multiple networks.?


Privacy vs. Security: What’s the Difference?

The difference between data privacy and data security comes down to who and what your data is being protected from. Security can be defined as protecting data from malicious threats, while privacy is more about using data responsibly. This is why you’ll see security measures designed around protecting against data breaches no matter who the unauthorized party is that’s trying to access that data. Privacy measures are more about managing sensitive information, making sure that the people with access to it only have it with the owner’s consent and are compliant with security measures to protect sensitive data once they have it. ... Using apps with end-to-end encryption is a good way to boost the security of your data online. Messaging services like Signal are encrypted end-to-end, meaning that no one but the sender and recipient of the message can view the data. That’s because the data is encrypted (or scrambled) before being sent, then decrypted only when it hits your device. One caveat here is to make sure the service you’re using is actually end-to-end encrypted.?


Five principles for navigating the post-pandemic era

The pandemic has permanently changed what it means to be “at work”. Work is no longer a place you go, but what you do. Hybrid working, and the ability to work from anywhere, is here to stay. A huge part of this shift has been facilitated by our capacity to invent new ways of working fit for the digital age. Video conferencing, the cloud, instant messaging: it’s all part of the same narrative – how technology can facilitate new behaviours and patterns that can benefit the workforce. Network-as-a-Service (NaaS), for example, is a secure, cost-effective subscription-based model that lets businesses of all sizes consume network infrastructure on-demand and as needed. Think of it like a thermostat, where you can increase or decrease temperature to suit your needs. With a solution like NaaS, businesses can ensure their employees have the same security and network connectivity at a coffee shop or at home, as they would in the office. This fundamentally changes what it means to be safe, secure and online – and employees can work from any location.


Enterprise Readiness For The Digital Age: Digital Fluency And Digital Resiliency

Digital fluency is the missing ingredient in many digital transformation efforts. In most cases, I would argue that it’s not the technology that’s holding an employee back but the lack of digital infrastructure, Culture, leadership, and skills, which are required to thrive alongside technologies. Digital literacy in the workforce can be tricky, especially for a large organization with thousands of employees. Companies must consider each employee’s age, background, educational qualification, and current digital literacy level. Although the challenges are beyond Diversity and Inclusion (D&I), it also includes resistance to change, Fear of Missing Out (FOMO), tracking the change management, continuous process of change, etc. To be successful, businesses will need to provide the right digital tools and training to the workforce, including leadership and cultural support to build Tech intensity, i.e., an organization’s ability to adapt and integrate the latest technology to develop its unique digital capability and trust factor.

Read more here ...

要查看或添加评论,请登录

Kannan Subbiah的更多文章

  • March 20, 2025

    March 20, 2025

    Agentic AI — What CFOs need to know Agentic AI takes efficiency to the next level as it builds on existing AI platforms…

  • March 19, 2025

    March 19, 2025

    How AI is Becoming More Human-Like With Emotional Intelligence The concept of humanizing AI is designing systems that…

  • March 17, 2025

    March 17, 2025

    Inching towards AGI: How reasoning and deep research are expanding AI from statistical prediction to structured…

  • March 16, 2025

    March 16, 2025

    What Do You Get When You Hire a Ransomware Negotiator? Despite calls from law enforcement agencies and some lawmakers…

  • March 15, 2025

    March 15, 2025

    Guardians of AIoT: Protecting Smart Devices from Data Poisoning Machine learning algorithms rely on datasets to…

    1 条评论
  • March 14, 2025

    March 14, 2025

    The Maturing State of Infrastructure as Code in 2025 The progression from cloud-specific frameworks to declarative…

  • March 13, 2025

    March 13, 2025

    Becoming an AI-First Organization: What CIOs Must Get Right "The three pillars of an AI-first organization are data…

  • March 12, 2025

    March 12, 2025

    Rethinking Firewall and Proxy Management for Enterprise Agility Firewall and proxy management follows a simple rule:…

  • March 11, 2025

    March 11, 2025

    This new AI benchmark measures how much models lie Scheming, deception, and alignment faking, when an AI model…

  • March 10, 2025

    March 10, 2025

    The Reality of Platform Engineering vs. Common Misconceptions In theory, the definition of platform engineering is…

社区洞察

其他会员也浏览了