Connect with us

Technology

Debunking the myths around cloud-native architectures

Voice Of EU

Published

on

Avanade’s Tarun Arora explains what cloud-native engineering is and, more importantly, what it isn’t.

Click here to view the full Cloud Week series.

The move to the cloud has been growing for several years now, but the pandemic has undoubtedly accelerated this trend even further, with cloud market spend reaching new heights last year.

However, while it’s important for companies to embrace this element of digital transformation, they need to have a strong understanding of what cloud-native applications are and how exactly they can be of benefit.

Tarun Arora is the director of engineering and head of app modernisation and cloud transformation at Avanade in Ireland and the UK.

He said that when a new trend emerges every few years, it’s common for organisations to feel the urge to jump on the bandwagon.

“We all witnessed this with agile – organisations adapted their big waterfall processes into iterative design phases and classed themselves as agile.”

‘Cloud-native technologies and human-centric design isn’t just for tech unicorns anymore’
– TARUN ARORA

However, adopting agile processes takes time and careful consideration, just like a migration to the cloud. Arora said in order to understand what cloud native is, it’s important to understand what it isn’t.

“It isn’t running a server in the cloud. Renting a virtual machine from a public cloud provider does not make your infrastructure cloud native. The processes to manage these virtual machines is often no different to managing them if they were in a data centre,” he said.

“It isn’t running a workload in a container. While containerisation offers isolation from the operating system, on its own it causes more overheads than benefits.”

Arora said being cloud native also isn’t just about infrastructure as code, continuous integration or continuous deployment pipelines. “While this is a big step in terms of mindset for the infrastructure team, and can bring huge benefits, it still falls short of being cloud native. Often the use of configuration tools is dependent on humans, which is a huge limitation in terms of scale.”

According to the Cloud Native Computing Foundation, cloud-native technologies empower organisations to build and run scalable applications in modern, dynamic environments, while containers, service meshes, microservices, immutable infrastructure and declarative APIs exemplify this approach.

“Cloud-native architectures are all about dynamism,” said Arora. “This type of application architecture is open and extensible. It can be changed easily and quickly by updating its microservices, and thanks to containers, it can move from cloud to cloud with ease, as well as scale in or out rapidly.”

Creating a human-centric approach

Arora also spoke about the need for a human-centred design when it comes to cloud adoption.

“Systems written in the last decade came with user manuals because they delivered requirements that needed the user to learn the platform before it could be used. Today, we navigate through applications that learn our preferences, allow us to switch between devices offering a seamless uninterrupted experience,” he said.

“The human-centred design comes with an organising strategy to solve problems corresponding to either usability or business conversion or fulfilling the context-based needs.”

The human-centred approach has been widely heralded as the best way to tackle most things, from technology and product design to education and the future of work.

“Businesses are powered by applications and advanced by your ability to simplify the experiences for your users. You have to think a few levels above the platform, think about the user, the user journeys and user interactions,” Arora added.

He said it’s important to think who the users are, what they expect from a product, how they interact with it and whether or not it addresses their needs.

“User experience can’t be an afterthought! Technology leaders often confuse design and user experience with a user interface, often leaving a front-end developer to figure this out,” he said. “Approaching the solution through a design-led thinking approach allows you to put design in the priority for taking control of the user interactions with a digital solution.”

Cloud adoption

Arora said cloud adoption has followed an S-curve, meaning adoption was slow in the early days while businesses learned about its viability. And once that occurred, adoption accelerated dramatically.

“Cloud computing has hit the steep part of the S curve. The significance of this tipping point is profound. The discussion with clients is less about why to use the cloud, but more about how to unlock its full value,” he said.

“Event-driven architectures, cloud-native technologies and human-centric design isn’t just for tech unicorns anymore. Data has truly become the new currency and cloud the means to mine it. As more businesses globally tap into the opportunity the cloud offers, it has become table stakes in any transformation programme.”

Source link

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading

Technology

Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU

Published

on

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading

Technology

Limerick’s Serosep crowned Irish Medtech Company of the Year 2021

Voice Of EU

Published

on

Other winners at the Irish Medtech Association awards included Alcon Ireland, West, Vertigenius, Luminate Medical, BioMEC, Jabil Healthcare, Cook Medical and Aerogen.

Limerick-headquartered business Serosep has been named Irish Medtech Company of the Year at a virtual conference hosted today (2 December) by The Irish Medtech Association with Enterprise Ireland and IDA Ireland.

The Irish Medtech Association which represents the medtech sector in Ireland made the announcement at its annual Medtech Rising conference. This year’s awards ceremony was the first to feature new categories. Alcon Ireland won the Sustainable Medtech company of the Year, while West scooped the Best Medtech Talent Strategy Award.

According to the association’s director Sinéad Keogh, the annual awards ceremony offers the medtech community a chance to “recognise and celebrate the strength and importance of the industry in improving life.”

“The sector has remained resilient despite the challenges of the Covid pandemic, with over 42,000 people now working in the industry, across 450 companies,” she added.

The overall winner, Serosep, is a self-funded, family run business, which manufactures clinical diagnostic products at its base in Annacotty, Co Limerick. It serves more than 35 different countries spread over 5 continents. The company is 25 years in business and employs 114 people. Earlier this year, it announced a five-year contract to supply its gastroenteritis diagnostic system to Liverpool University Hospital. The company already supplies the NHS.

Serosep CEO and founder Dermot Scanlon, said he was “humbled” to receive the award, adding that the company’s innovative diagnostic test tools have “changed the way gastroenteritis is tested in clinical laboratories.”

“We are currently manufacturing in excess of one million tests in our state-of-the-art facility,” he said, explaining that the award would motivate the whole company to “continue forging ahead, achieving bigger and better things.”

Other award winners included:

Trinity College Dublin spin-out Vertigenius, winner of the eHealth Innovation of the Year Award. Vertigenius is a platform which aims to enhance clinical and patient engagement in the treatment of balance problems.

Luminate Medical, winners of the Emerging Medtech Company of the Year Award. The NUI Galway spin-out has developed a technology to prevent chemotherapy induced hair loss.

NUI Galway’s Biomechanics Research Centre (BioMEC) won the Academic Contribution to Medtech Award. The company’s technology integrates the latest in silico computational models to simulate the mechanical performance of implanted coronary stents.

Bray-based Jabil Healthcare scooped the Medtech Partner/Supplier of the Year Award for its new Covid-19 PCR testing device.

Cook Medical received the Women in Leadership Company initiative Award for its commitment to gender balance in the workplace.

The Covid-19 Response Recognition Award was awarded to Aerogen which has developed an inhaled vaccine station. The company’s products have been used on more than 3m critically ill people since March 2020, according to Enterprise Ireland’s head of life sciences, Deirdre Glenn. Aerogen won last year’s Medtech Company of the Year award.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!