“Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium - Cloud Tech” plus 2 more

Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium - Cloud Tech
Is SAP Cloud Platform architecture the same as SAP cloud migration? - TechTarget
Daily API RoundUp: Google Cloud Web Risk, CheckWX, Nuki, iSports - ProgrammableWeb

Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium - Cloud Tech

Posted: 28 Aug 2019 12:00 AM PDT

The Linux Foundation has announced the launch of a new community of tech all-stars focused on advancing trust and security for cloud and edge computing.

The open source community, dubbed the Confidential Computing Consortium (CCC), has 10 initial members: Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

"Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data," the foundation noted in its press materials. "Confidential computing will enable encrypted data to be processed in-memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users."

Members are encouraged to bring their own projects to the consortium, with Microsoft offering Open Enclave SDK, a framework which allows developers to build trusted execution environment (TEE) applications using a single enclaving abstraction. Intel's Software Guard Extensions (SGX) SDK aims to help app developers protect select code and data from disclosure or modification at the hardware layer, while Red Hat's Enarx provides hardware independence for securing applications using TEEs.

This is by no means the only cross-industry collaboration taking place in the cloud space right now. In March Intel led a launch of cohorts in a campaign to improve data centre performance through Compute Express Link (CXL), an emerging high-speed technology standard.

Alibaba, Google, and Microsoft are, alongside Intel, members of both initiatives. The three pretenders to the cloud infrastructure throne made all the right noises upon launch, with the three gifts of the Magi being looked upon with awe.

"We hope the [Open Enclave SDK] can put the tools in even more developers' hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing," said Mark Russinovich, Microsoft CTO.

"As the open source community introduces new projects like Asylo and Open Enclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the CCC will help companies and users understand its benefits and apply these new security capabilities to their needs," said Royal Hansen, Google vice president for security.

The FAQ section also provides some interesting titbits. Under the question of 'why does this require a cross-industry effort?', the CCC responds with the following. "Of the three data states, 'in use' has been less addressed because it is arguably the most complicated and difficult. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.

"A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud," it adds.

One notable absentee from the CCC party is Amazon Web Services (AWS). The launch, at Open Source Summit, may be something of a clue. While AWS promotes its open source initiatives through its @AWSOpen Twitter handle among others, several in the community feel differently about AWS' relationship with open source players. The launch of DocumentDB, a database offering compatible with MongoDB in January caused TechCrunch to lead with the brazen headline that AWS had '[given] open source the middle finger'. Yet as reported by Business Insider in June, the company is increasingly 'listening' to the community.

You can find out more about CCC here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

SAP Cloud Platform architecture benefits

SAP Cloud Platform is the bridge to extending on-premises or cloud ERP functionality and getting access to SAP Leonardo technologies, such as IoT and blockchain. It's intended to be open and flexible, with open APIs and numerous tools, including an SDK for Apple iOS.

SAP Cloud Platform architecture enables organizations to build, extend and integrate business applications in the cloud. The platform provides an environment to tie together ERP applications and technologies such as machine learning, AI, blockchain, IoT and big data. With the SAP HANA service, organizations can use SAP HANA databases from their applications running on SAP Cloud Platform, via Java APIs and other application runtime environments.

SAP Cloud Platform consists of two different development environments, and the technologies a company needs to ensure a successful migration will depend on which SAP Cloud Platform offering it chooses, said Steele Arbeeny, CTO at SNP Schneider-Neureither & Partner SE, an IT consulting company and software provider based in Heidelberg, Germany.

Cloud Platform architecture components, requirements

One major component of SAP is the Neo platform, which closely resembles other infrastructure-as-a-service offerings, Arbeeny said. Neo requires organizations to have skills and tools for operating system administration and security, monitoring and management, as well as the knowledge to plan their own disaster recovery, scalability, capacity planning and high availability.

The other major component of SAP Cloud Platform is Cloud Foundry, which can be hosted in the SAP cloud and in the clouds of other providers, such as AWS and Google.

"This solution provides a containerized approach where your application components can be dropped into the Cloud Foundry containers, and the scalability, resource management and OS administration topics are abstracted away," Arbeeny said. "You may not even know what operating system you are running on."

The drawback of this approach is companies can only run components that are supported in the specific SAP Cloud Platform instance of Cloud Foundry, Arbeeny said.

For organizations that are planning to use SAP Cloud Platform, a look at the pros and cons of integration tools and a study of approaches such as DevOps are critical.

Daily API RoundUp: Google Cloud Web Risk, CheckWX, Nuki, iSports - ProgrammableWeb

Posted: 14 Sep 2019 12:46 PM PDT

Every day, the ProgrammableWeb team is busy, updating its three primary directories for APIs, clients (language-specific libraries or SDKs for consuming or providing APIs), and source code samples. If you have new APIs, clients, or source code examples to add to ProgrammableWeb's directories, we offer forms (APIs, Clients, Source Code) for submitting them to our API research team. If there's a listing in one of our directories that you'd like to claim as the owner, please contact us at editor@programmableweb.com.

Eleven APIs have been added to the ProgrammableWeb directory in categories including Security, Weather, and Internet of Things. Highlights include the W3C Badging API for enabling users to see new activity about an application on a home screen. Here's a rundown of the latest additions.

APIs

Google Cloud Web Risk is a service for developers to check URLs against unsafe web resources. The Google Cloud Web Risk Lookup APITrack this API checks for malicious web sources and enables users to be warned before they click or post infected links. The Google Cloud Web Risk Update APITrack this API allows developers to download hashed lists of unsafe resources such as phishing sites or malware hosts for storage in a local database. If a match is found with the local database, the client can request verification from the Web Risk API servers to confirm the URL's presence on the unsafe lists. Both APIs are listed in Security.

CheckWX is a tool to help pilots better visualize weather data. The CheckWX APITrack this API returns aviation weather in JSON and XML formats. The API includes methods for stations, METeorological Aerodrome Reports (METARs), and Terminal Aerodrome Forecasts (TAFs). Developers can implement a station field, station radius, station latitude, and longitude. It is filed under the Weather category.

iSports API is a provider of sports data. Developers looking to implement football (soccer) data into applications can use the iSports football API and retrieve live scores, lineups, schedules, results, player information, odds and other information for more than 1400 leagues and cups. The API is filed under Sports.

Captcha.guru provides reCAPTCHA and antiCAPTCHA services. With the Captcha.guru APITrack this API, developers can use an image that contains distorted but human-readable text. To solve the CAPTCHA, the user has to type the text from the image. The API supports JSON formats and is listed in the Captcha category.

Nuki is a provider of keyless electronic door locks (smart locks). The Nuki Web APITrack this API provides access to smart lock solutions for iOS and Android devices. Developers can send commands through an HTTPS/TLS connection, forming a bridge and forwarding actions via Bluetooth. They can authentication bearer to make calls that will display JSON in return. The Nuki Bridge HTTP APITrack this API can access door openers, current lock states, and lock operations. By calling the URL, developers receive JSON arrays with bridges that include IP address, port, bridge ID, and day of last entry. The APIs are listed in the Internet of Things category.

[embedded content]

Nuki Smart Lock 2.0 - Turn your smartphone into an intelligent key Video: YouTube/Nuki Smart Lock

Hansard is the edited verbatim official report of proceedings of both the House of Commons and the House of Lords for The Parliament of New South Wales. The Hansard APITrack this API provides an open way to consume Hansard documents and metadata, including information for sitting dates, members, bills, and more. The Hansard API is listed under the Government category. See ProgrammableWeb's complete list of Government APIs.

SmartPension is a service for automatic enrollment of workplace pensions. The SmartPension APITrack this API returns JSON data with pension details for employees. With the API, developers can implement contributions, companies, referrals, enrollments, bills, advisers, and staging dates. The API is listed in the Human Resources category.

W3C Badging APITrack this API describes the process to set an application-wide badge without showing a more heavyweight notification. Badges can be shown on the home screen to notify the user when the state of the application has changed. This is useful for displaying how many new messages have arrived. The Badging API is listed under the Notifications category. See ProgrammableWeb's complete list of Notifications APIs.

The Badging API can be used to notify users from other places that new events have occured in applications

Cloud artiicle 14

Monday, September 23, 2019