Category: Technology

In today’s rapidly evolving digital landscape, cloud computing has become integral to business operations, offering scalability and flexibility. However, with these advantages come significant responsibilities, particularly concerning cloud security compliance. Ensuring that your organization’s cloud practices align with industry standards and regulatory requirements is paramount to safeguarding sensitive data and maintaining customer trust. Understanding Cloud Security Compliance Cloud security compliances involves adhering to a set of guidelines and standards designed to protect data stored and processed in the cloud. These standards ensure that organizations implement appropriate security controls to mitigate risks associated with cloud computing. Non-compliance can lead to severe consequences, including data breaches, legal penalties, and reputational damage. Key Frameworks and Regulations Several frameworks and regulations guide cloud security compliance: Best Practices for Achieving Cloud Security Compliance Conclusion Maintaining cloud security compliance is an ongoing process that requires diligence, regular updates to security practices, and adherence to established frameworks and regulations. By implementing these best practices, organizations can effectively mitigate risks, protect sensitive data, and uphold their reputation in the marketplace.

Challenges of Multicloud Management | Overcoming Adoption Issues Companies that run on technology are forging ahead with multicloud adoption due to—or perhaps, in spite of—significant market volatility. But multicloud environments aren’t always the right choice for everyone. Before joining the race to multicloud, consider the challenges of implementing multiple clouds and the strategies needed to succeed with cloud computing long term. Why organizations adopt multiple clouds more than 65% of organizations currently operate within multicloud environments, and another 20% report they’re actively pursuing an additional cloud platform for their cloud environment. To support this rapid adoption, 71% of leaders also plan to increase cloud budgets over the next year. It’s not difficult to see why so many companies are leaving single cloud environments behind and heading down the multicloud road. By leveraging multiple cloud providers, organizations can strategically distribute workloads and applications, mitigating risks associated with vendor lock-in and potential service outages. This approach fosters flexibility in cost optimization, as it allows organizations to select cloud computing services and providers based on specific strengths and pricing models.  Multicloud setups also promote redundancy and business continuity, as well as improved data access, low-latency deployment, and geographic reach to deliver superior customer value and innovation. What are the main challenges in implementing a multicloud strategy? Despite the benefits, multicloud isn’t without its challenges. While it’s easy to get caught up in the race to multicloud adoption, the truth is that not all organizations are at a level of cloud maturity and employee dexterity to successfully extract value from multicloud.  Most organizations are still stuck in tactical mode and struggling to reach peak performance with their current cloud solutions. To compound the problem, only 9% of technologists report having extensive experience with more than one cloud provider. Adding another cloud provider to the mix without the right talent, processes, and cloud infrastructure only makes the benefits of multicloud drift further and further away. Before organizations rush into multicloud to keep up with the competition, it’s critical they understand the key challenges of multicloud and invest in the infrastructure and employee upskilling to drive ROI. Multiple cloud providers increase security complexity Cloud Security is a formidable challenge for even the most seasoned of technologists. Multicloud environments add a level of complexity that make them much more difficult to secure, especially in a market where both cloud and cybersecurity are among the top tech skills gaps.  Each cloud provider approaches security differently in terms of security policies and shared responsibility models, and the onus falls on internal teams to identify and compensate for those differences. If it’s not absolutely required by the business, it’s unnecessary to layer on additional levels of complexity. So the first step of addressing multicloud security is ensuring the organization actually needs a multicloud environment. If it doesn’t, get rid of it.  The second step is prioritizing investment in security tools that monitor data visibility, access management, key management, and workload management across the multicloud environment. And last, but certainly not least, is training employees to make sure they’re comfortable with the ins and outs of the selected cloud providers. With sharpened technical skill sets, employees will be more likely to spot security threats and remediate vulnerabilities before they become a problem. The multicloud maze muddles cloud governance and cloud visibility Governance is closely tied to security. As an increasing number of organizations adopt multiple cloud providers to power daily operations, managing these providers becomes more important than ever. For example, many organizations find themselves in a multicloud environment not out of intention, but by accident. Software-as-a-Service (SaaS) has made it incredibly easy for users to find and implement cloud tools without IT involvement. Some employees don’t fully grasp the policies for why and how to implement providers, and others solely focus on onboarding cloud resources that meet their own needs without considering larger organizational objectives.  The result is a disjointed cloud environment with scattered access management and low visibility. When the integrity of a cloud environment is compromised, it puts additional strain on management overhead, cloud costs, and security risks. Creating and enforcing strong cloud governance policies will bolster visibility and security within a multicloud approach. These policies will likely evolve alongside emerging cyber threats and technology advancements (like artificial intelligence) in the coming years, enabling cloud practitioners to bring multicloud management into a more comprehensive and centralized control panel. As cloud environments become increasingly mature, it will be critical for employee skill sets to advance alongside them. Lack of education is a main contributor to the accidental multicloud environment and can contribute to disparate architectures. Investment in continuous employee education and cloud training is the only way to successfully implement effective cloud data governance policies. Power to the people: Organizations need cloud upskilling strategies for success People, process, and technology make up the “Holy Trinity” of a successful organizational framework—but it’s people that stand at the core. After all, people create processes, select technology, and allocate funding and resources to all three prongs of this framework. If organizations want to turn this triangle into a flywheel, it’s critical they invest in cloud training and their people, especially in the context of multicloud success.

The breakthrough means that the advantages of hydrogen-based solid-state batteries and fuel cells are within practical reach. Researchers led by Genki Kobayashi at the RIKEN Cluster for Pioneering Research in Japan have developed a solid electrolyte for transporting hydride ions (H−) at room temperature. This breakthrough means that the advantages of hydrogen-based solid-state batteries and fuel cells are within practical reach, including improved safety, efficiency, and energy density, which are essential for advancing toward a practical hydrogen-based energy economy. The study was published in the scientific journal Advanced Energy Materials. For hydrogen-based energy storage and fuel to become more widespread, it needs to be safe, very efficient, and as simple as possible. Current hydrogen-based fuel cells used in electric cars work by allowing hydrogen protons to pass from one end of the fuel cell to the other through a polymer membrane when generating energy. Efficient, high-speed hydrogen movement in these fuel cells requires water, meaning that the membrane must be continually hydrated so that it does not dry out. This constraint adds an additional layer of complexity and cost to battery and fuel cell design that limits the practicality of a next-generation hydrogen-based energy economy. To overcome this problem, scientists have been struggling to find a way to conduct negative hydride ions through solid materials, particularly at room temperature. “We have achieved a true milestone,” said Kobayashi. “Our result is the first demonstration of a hydride ion-conducting solid electrolyte at room temperature.” The team had been experimenting with lanthanum hydrides (LaH3-δ) for several reasons; the hydrogen can be released and captured relatively easily, hydride ion conduction is very high, they can work below 100 °C, and have a crystal structure. But, at room temperature, the number of hydrogens attached to lanthanum fluctuates between two and three, making it impossible to have efficient conduction. This problem is called hydrogen non-stoichiometry, and was the biggest obstacle overcome in the new study. When the researchers replaced some of the lanthanum with strontium (Sr) and added just a pinch of oxygen — for a basic formula of La1-xSrxH3-x-2yOy — they got the results they were hoping for. The team prepared crystalline samples of the material using a process called ball-milling, followed by annealing. They studied the samples at room temperature and found that they could conduct hydride ions at a high rate. Then, they tested its performance in a solid-state fuel cell made from the new material and titanium, varying the amounts of strontium and oxygen in the formula. With an optimal value of at least 0.2 strontium, they observed complete 100 percent conversion of titanium-to-titanium hydride, or TiH2. This means that almost zero hydride ions were wasted. “In the short-term, our results provide material design guidelines for hydride ion-conducting solid electrolytes,” said Kobayashi. “In the long-term, we believe this is an inflection point in the development of batteries, fuel cells, and electrolytic cells that operate by using hydrogen.” The next step will be to improve performance and create electrode materials that can reversibly absorb and release hydrogen. This would allow batteries to be recharged, as well as make it possible to place hydrogen in storage and easily release it when needed, which is a requirement for hydrogen-based energy use. Here is an exclusive Tech Briefs interview with Genki Kobayashi, edited for length and clarity. Tech Briefs: What was the biggest technical challenge you faced while developing this new material? Kobayashi: The use of ionic conductors as solid electrolytes requires not only ionic conductivity but also chemical and electrochemical stability. In hydride ionic conductors, there are no investigations from this point of view, so it was necessary to devise how the performance thresholds could be experimentally proven. In this paper, a test cell was actually assembled to investigate whether the hydrogenation reaction proceeds according to the theoretical values. Tech Briefs: Can you explain in simple terms how it works? Kobayashi: Although it is still in the verification stage, we want to create an electrochemical device that can store hydrogen through an electrochemical reaction and retrieve it when it is needed. In the long term, we would like to consider applications in fuel cells. Tech Briefs: What are the pros and cons of it? Kobayashi: Negatively charged hydrogen (hydride ions) are more reactive with O2 than the normally used protons (H+), so if they can be used in fuel cells, the resistance to reaction will be reduced, resulting in higher power density and/or reduced use of rare metal catalysts. The materials we have developed cannot be handled in the atmosphere, so there are many challenges that need to be overcome for their application in batteries and fuel cells. Device configurations will need to be innovated. Tech Briefs: How soon could we see these types of batteries implemented on a commercial scale? Kobayashi: I would like to show specific application directions in 5-10 years. I think it will be more than 10 years before practical-based industry-academia collaboration will be underway.

Brain-inspired AI code library hits a milestone, driving advances in AI innovation: A new open source code library, snnTorch, has surpassed 100,000 downloads and is used in a wide variety of projects — from NASA satellite tracking efforts to optimizing chips for AI. brain-inspired AI code librarySpiking neural networks, a form of low-power, brain-inspired deep learning, are being incorporated into more applications across a variety of fields. Four years ago, UC Santa Cruz’s Jason Eshraghian developed a Python library that combines neuroscience with artificial intelligence (AI) to create spiking neural networks, a machine learning method that takes inspiration from the brain’s ability to efficiently process data. Now, his open source code library — snnTorch — has surpassed 100,000 downloads and is used in a wide variety of projects, from NASA satellite tracking efforts to semiconductor companies optimizing chips for AI. “It’s exciting because it shows people are interested in the brain, and that people have identified that neural networks are really inefficient compared to the brain,” said Assistant Professor Eshraghian. “People are concerned about the environmental impact [of the costly power demands] of neural networks and large language models, and so this is a very plausible direction forward.” Here is an exclusive Tech Briefs interview with Eshraghian, edited for length and clarity. Tech Briefs: What was the biggest technical challenge you faced while developing snnTorch? Eshraghian: Starting any project where the state of research is highly unsettled can be extremely daunting. Then taking that and making it not just functional, but intuitive and user-friendly — that was a constant balancing act. On the one hand, I wanted to maintain the sophistication and complexity of biological neurons and all the fun stuff neuroscience has to offer. On the other hand, I had to make sure the interface was natural and straightforward for developers. There’s little value in a tool that nobody understands. For every function I coded up, I probably spent half a day forgetting I just wrote it so that I could give it arguments that felt intuitive with names that blended with what PyTorch had to offer. This was critical because snnTorch is meant to be used in conjunction with other deep learning libraries out there. It was very important for it to feel syntactically similar to PyTorch, while still being distinguishable. A lot more time went into making it “usable” than “functional.” Tech Briefs: Can you explain in simple terms how it works? Eshraghian: Deep learning relies on layers upon layers of “artificial neurons” which communicate often using 32-bit floating point values. The brain uses biological neurons. These neurons have memory. They respond to history, they’re robust to noise, and they communicate using voltage bursts known as “action potentials.” These bursts look like sudden spikes that come out of nowhere. So, if we chain up a load of these biological neurons, we call that a “spiking neural network.” Hence the “snn” in snnTorch. snnTorch takes neuron models and learning rules developed by computational and theoretical neurosciences, and then introduces some of its own. Many of these neuron models are quite dreadful at being “trained” the same way that deep learning trains its artificial neurons, so under the hood of snnTorch, there are a lot of modifications made to these neurons that make them compatible with the advances in deep learning. As a result, when combining neuron models in snnTorch with different connection structures in PyTorch, you have a neural network that evolves over time using neurons that transmit information between each other via spikes. This is great for brain modelling, but more importantly, it’s also incredibly energy efficient when models are compiled to neuromorphic, or brain-inspired, hardware. Tech Briefs: The paper says, “Eshraghian is collaborating with people to push the field in a number of ways, from making biological discoveries about the brain, to pushing the limits of neuromorphic chips to handle low-power AI workloads, to facilitating collaboration to bring the spiking neural network-style of computing to other domains such as natural physics.” Do you have any updates you can share? Eshraghian: The brain is a highly complex dynamical system, composed of neurons that are in themselves highly complex dynamical systems. There are a lot of phenomena in natural physics that are inherently “brain-like.” For example, if I take a resistor, connect it to a capacitor, and inject this circuit with a current, then it actually does a fairly good job of emulating a biological neuron. A lot of similar, interesting dynamics exist at the molecular and atomic level, where material scientists and physicists are trying to build next-generation nanoelectronics and push beyond some of the limitations of silicon with the slowing down of Moore’s Law. But bridging the gap between physics and application is incredibly hard. It took six decades of advances in transistors and integrated circuits to build a 24-core microprocessor. It can be incredibly hard to justify jumping ship to a totally different material stack to start building a new technology from a functionality and financial perspective. Tech Briefs: Going from that, what are your next steps? Eshraghian: Now that we have a software framework that bridges deep learning with neuroscience, and a tool that enables interoperability with exotic hardware, the next steps in my lab are to build that hardware and create tools that make it easy for others to build that hardware. The deep learning community has a lot of reliance on NVIDIA at the moment. And the modern AI revolution would simply not have been possible without them and the GPUs they sell. But there is space to do better. My short-term dream is to have chip design follow a process that is almost as simple as training a deep learning model — which has become incredibly simple in today’s day and age thanks to tools such as Tensorflow and PyTorch. Doing the same thing for AI chips and accelerators, so that we can run our models locally, and reduce our overdependence on centralized servers, is the next obvious step.

7 Compliance Frameworks to Know in Cloud Security 70% of organizations report more than half of their infrastructure exists in the cloud. But almost just as many don’t have a defined cloud strategy. This makes them more susceptible to security and compliance risks. If your organization lacks a clear cloud strategy or security policy, common compliance frameworks can provide a starting point to protect your cloud environments. 7 compliance frameworks to know in cloud security 1. ISO 27001 ISO 27001 is an international standard for information security management systems. It provides a clear, systematic approach to managing sensitive information across a variety of cloud solutions and services, As such, ISO 27001 lays a foundation for creating and maintaining a robust security program in the cloud. It includes requirements and best practices focusing on: It also supports continual monitoring, evaluation, and improvement of cloud security procedures. By applying the standard’s guidance, organizations can maintain high-security standards, reduce risks, and protect important data from unauthorized access or breaches. An ISO 27001 certification signals an organization’s dedication to information security and reassures customers their data is safe. Organizations must pass a formal audit performed by an accredited certifying body to earn the certification. 2. NIST Cybersecurity Framework Created by the National Institute of Standards and Technology (NIST), the NIST Cybersecurity Framework offers easy-to-follow guidelines, standards, and practices to uncover and address your organization’s highest-priority risks. Although not tailored specifically for the cloud, the NIST Cybersecurity Framework gives you a versatile structure that can strengthen your overall security (including your cloud security). It does this through five essential functions. 3. CIS Controls The Center for Internet Security (CIS) Controls is a collection of best practices to help organizations improve their cybersecurity posture. While they’re not focused on cloud security, they’re often used to enhance security and compliance in cloud settings. The CIS Controls framework includes 18 main security controls. CIS provides a Cloud Companion Guide to determine which of these is most relevant to your cloud environment (and how to interpret and apply them). Use this to map out your controls, decide metrics for each control, and determine the desired results.   4. Federal Risk and Authorization Management Program (FedRAMP) The Federal Risk and Authorization Management Program (FedRAMP) is a cloud security framework created by the US federal government. It aims to simplify the process of evaluating, approving, and monitoring cloud service providers (CSPs) that manage federal government data. FedRAMP provides standardized baselines to evaluate the security of cloud service providers. Though it mainly targets government agencies, private organizations can also use the FedRAMP framework to evaluate cloud services for their own needs. There are three main steps to the FedRAMP process: 5. International Organization for Standardization (ISO) In addition to the popular ISO 27001, the International Organization for Standardization created several standards covering cloud security. You needn’t choose one over the other. Several can be combined to create a robust cloud security program. ISO 27017 : This standard offers guidance for implementing security controls for cloud services. It emphasizes the distinct security aspects and risks related to cloud services. ISO 27018: This standard offers guidance on safeguarding personal information in the cloud. This focuses on privacy concerns associated with the information cloud service providers process. ISO 1778: This standard offers an overview of cloud computing terms and definitions. It helps businesses speak the language and make well-informed choices about cloud adoption and security approaches. ISO 17789 : This standard offers guidance on cloud service-level agreements (SLAs). It presents advice for creating SLAs between cloud service providers and clients that clarify service security expectations, roles, and responsibilities. 6. CSA Cloud Controls Matrix (CCM) The cloud security alliance (csa) cloud controls matrix (ccm) v4.0 includes 197 control objectives and related control requirements broken into 17 cloud security domains. It aligns with other standards, such as ISO 27001 and the NIST Cybersecurity Framework. Similar to the CIS controls, you can use the CSA CCM as a model and make a list of the requirements specified. From there, you can determine how your organization will meet those requirements. The CSA also has an implementation guide that can be useful to understand how to navigate these controls. 7. CSA Security, Trust, Assurance, and Risk (STAR) The Cloud Security Alliance STAR program helps organizations evaluate CSPs to make well-informed choices. As part of this program, a certifying body evaluates and reviews a CSP’s security methods. CSPs compliant with popular security methods earn a STAR certification. Looking for vendors with this certification can reassure you their cybersecurity methods are up to par. Best practices for cloud security compliance Regardless of the framework(s) you use, knowing the best way to incorporate it can guide your cloud security journey. Here are some best practices to ensure your organization’s cloud security compliance. Train and educate employees Moving to the cloud is a big investment, but it’s not going to pay off if the team hasn’t been properly trained to use it. Cloud engineers need Cloud skills and adjacent tech skills in cybersecurity, DevOps, and data analytics. But every department needs onboarding, not just your tech teams. Non-tech roles need to know how to use cloud technology and comply with cloud security best practices.  To upskill your teams: Don’t hesitate to talk to your cloud provider—they’ve helped other clients through this transition and can guide your journey. Identify the relevant compliance regulations Your teams need to know how to work in the cloud. But even more importantly, they need to know how to work in the cloud securely.  To comply with your organization’s chosen cloud security framework(s), everyone working closely with the cloud should understand how to: Develop an understandable cloud security policy Your organization might pick one cloud security framework or use overlapping frameworks to cover specific needs and obligations. Once you’ve chosen your framework(s), implement and maintain that framework with a clear policy. Your cloud security policy should cover information such as: For example, if your business uses online cloud billing software, you’ll want to make sure it complies with ISO 27001 and other