“Das Brett ist megadick
– aber Europa hat erkannt, dass dieser Weg gegangen werden muss”
Digitale Souveränität ist in den letzten Monaten und Jahren zu einem der wichtigsten Ziele in der Europäischen Digitalisierungsstrategie geworden, spätestens mit dem Aufkündigen des Cloud Actes zeigte Europa, dass wir es ernst meinen. Aber was ist digitale Souveränität? Wohin wird und muss die Reise gehen? Darüber habe ich mit Dr. Christian Knebel, Gründer und Geschäftsführer der publicplan GmbH, und Karsten Samaschke, Gründer und Geschäftsführer der Cloudical Deutschland GmbH, gesprochen.
In order to manage cryptographic keys securely, Cryptographic Key Management Solutions (CKMS) shall be used. Consequently, the following questions arise:
- What are functional and non-functional requirements that such solutions must meet?
- What Cryptographic Key Management Solutions are there in the market?
- What is the “best” solution?
This article aims to address these three questions. In the first part, we list functional and non-functional requirements relevant for such solutions. Next, we provide an overview of existing solutions in the market. Finally, we conclude by suggesting an approach for identifying the “best” solution.
Open source projects are living by the contribution of time, ideas and passion of enthusiasts. In this article we introduce sustainable open source projects and a passionate initiative of the enthusiasts of protontypes.
Security as Code is a driving force for the current evolution of application security. It goes hand-in-hand with modern software development and the rise of Infrastructure as Code (IaC), but it is also helping innovation-minded organizations to better address and deal with the biggest security challenge seen in a generation.
When thinking about open source and sustainability, one of the first things coming into mind is that they are currently very much Zeitgeist. But what about them in combination? Does it make sense to use them as a pair? And is there perhaps a wider correlation between them, apart from software and infrastructure? Let’s find out…
Read more
Not like free beer. But open and free to use for several business cases: open source. How that works explain Julian Hansert from Kubermatic and Christopher Branston from SVA.
The evolution of cloud technology has caused cyber threats to evolve in a parallel manner. Cybersecurity risks have skyrocketed as more and more companies opt for migrating their servers and infrastructures to the cloud. This trend has resulted in immense amounts of sensitive data being interconnected, available, and – unfortunately – quite vulnerable to numerous threats.
Good news for all cloud enthusiasts and container fans: ContainerDays (CDS) will take place again from September 21 – 23, 2021. Europe’s flagship conference on container and cloud native technologies is going hybrid this year: live in Hamburg and worldwide online conference for free.
Tickets: https://www.containerdays.io/tickets/ – with the voucher: THANKS2CLOUDICAL@CDS21 you get 20% off
Read more
If you know the cloud report a little bit, you already know that we thematize topics like diversity, responsibility, sustainability beside all kind of cloud computing things. We understand “cloud” holistically, and we understand “open source” as a mindset of sharing, collaboration, forward-looking, reasonable, social. The open source communities and foundations like the Cloud Foundry Foundation are showing right now the future of technology´s development! This time we think about social responsibility.
Read the full article: here
Foundation for carbon neutral sustainability – LF Energy
While I was searching for open source, sustainability, energy awareness I found LF Energy, a sub-foundation of Linux Foundation that is focused on the power systems sector: “LF Energy brings together stakeholders to solve the complex, interconnected problems associated with the decarbonization of energy by using resilient, secure and flexible open source software. Digitalization facilitates a radically energy-efficient future.”
Read the full article: here
Many companies want to use orchestration tools for their applications, but not all of these apps are containerized or cloud native. Some apps would need a complete re-write. At the KubeCon & CloudNativeCon Europe HashiCorp introduced the new release of Nomad, their orchestration tool for containers, but also legacy applications. the cloud report talks with Chang Li about Nomad, of course also in comparison to Kubernetes.
If you want to use the possibilities of reliability and scalability in IT landscapes, this is easily achieved by Kubernetes ecosystems, which you can set up with a cloud service provider or in your own data center. This article describes how to roll out applications in a Kubernetes ecosystem, which tools you need, which “middleware” is necessary and which cloud service providers (hyperscalers or GDPR-compliant service providers) you can use.
Read the article: here
“Security by Design” and “Developer first” as approaches of GITLAB. Cindy introduces the offerings of automation tools to develop secure code quickly. GITLAB enables and empowers developers to join DevSecOps by using automation, open source and security knowledge. The tools help testing APIs and finding vulnerabilities before the code goes into production. But there are still a lot of challenges…
watch the interview here
Short interview with cloud security expert Jurlind Budurushi from Cloudical
Securing the infrastructure, platforms, processes, and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
To understand cybersecurity we need to understand what this “cyberspace” is. In the second episode we answer the questions: What is cloud computing? What are the security challenges? Who is responsible? And who (the fuck) is Alice?
Watch part II of our “Securing Cyberspace” series here
The first transnational lockdown 2020 came as a surprise to everyone and was implemented at short notice. In the days and weeks that followed, concepts were developed, technical equipment for working at home was purchased, a lot of improvisation was done, and as much as possible was digitized.
The event area was one of the first to quickly develop virtual alternatives to the cancelled on-site events. Meetups became virtual meetings. Many companies quickly offered webinars on all sorts of topics, which offered the advantage of being able to be attended live, but also available and retrievable online afterwards.
European Companies signed the Climate Neutral Data Center Pact and promise to gain this goal within 9 years!
How this can be achieved, what needs to be done, what is already done, and how this corresponds with digitization the cloud report asked Dr. Béla Waldhauser. And he answers openly and gives insights of the German business landscape, politics, prices, plans and good ideas.
Watch the interview here
Short interview with cloud security expert Archis Gore from Polyverse
Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
In my last comment I explained why diversity is important and a true value and strength for all communities, but also for society. And now I´m talking about equality? Equality in spite of diversity? Of course!
We only gain the full power of diversity if we consider our equality. Our equality as human beings. We are all different in our personality, outward appearance, faith, talent, sex, but we are all equal in our value!
Ten years after the zero trust security model was first articulated, organizations are doubling down – but successful defense also means reassessing your approach to operating the cloud.
A decade ago, Forrester Research analyst John Kindervag called time on perimeter security and warned us against trusting the traffic on our corporate networks…
Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
Poseidon & Cloud Native
What’s the story with Trident?
Container technology received a lot of attention recently and has become essential for cloud native deployments. However, all that glitters is not gold and the technology has a few drawbacks. The Cloud Native Computing Foundation identified within their most recent surveys the limitations within the areas of storage and security. The following article describes how to deal with persistent storage requirements in hybrid cloud environments. Furthermore, it describes possible solutions by taking advantage of dynamic storage orchestrators such as Trident and its related architecture.
The last year has influenced many things, and we have noticed it most in our professional lives in the way we work together. We are now used to communicate and work via a screen and shared resources. But for a large part of the IT world, this was not new – the open source communities…
An interview with Amith Nair
Around the time of KubeCon & CloudNativeCon Virtual 2020 the cloud report had the opportunity to talk with Amith Nair, Vice President Product Marketing at HashiCorp, about automation, what a company can do for cloud-native development and get to the heart of open source.
Read the interview here
Here you get all information about the latest VanillaStack release, what is new, what changed, what happend in the project, how they use the newest Stratos version, …
In this interview Andreas Weiss from the Gaia-X project management eco explains what Gaia-X really is about! No hyperscaler or European cloud, but an initiative to gain real data sovereignty in a secure, federative, open source data infrastructure. And of course, Gaia-X is way more, it is “a once in a lifetime achievement” and a great opportunity for Europe to take the different way and live our diversity.
Berlin based company Cloudical is offering a webinar series to introduce and discuss the LPIC 303 security certificate. It is important to secure the all underlying Linux to build a secure cloud environment. And the both experts are explaining step by step the parts of the certificate. Learn here what you can expect.
On Wednesday, the 27th of January the kick-off webinar for a Cloud Expo Gaia X series during the year 2021 started.[1] These events discuss the idea of Gaia X, the status of the project, introduce the participants and invite more to join this pioneer initiative.
[1] https://www.cloudexpoeurope.de/gaia-x
News from the VanillaStack project, two maintainers talk about community´s and customer´s feedback, about changes and bug fixes, about an evolving project, decission making and a from the CNCF Cetified Kuberntes project.
Find more details about the VanillaStack here
Out Now: The Cloud Report issue 4/2020
Content: Open Source, Open Infrastructure Foundation, Open Source Cloud Stack…
For a PDF version of issue 4/2020 go here
To order a physical copy please send an e-mail to: sales@cloudical.io
One of GAIA-X’s main goals is to restore data sovereignty in Europe when using cloud technology. US hyperscalers, for example, are subject to the US Cloud Act, which enables US authorities to enforce the release of data stored in data centers in Europe. This is contrary to European law and the GDPR. At the beginning of 2019 it was still being considered to build a European hyperscaler, but it was finally decided to create solutions with standards that would give European users more sovereignty.
Nowadays cloud is everywhere, cloud is important to many enterprises – and for good reason! With cloud approaches, one gets the benefit of understanding resources as pool, which allows utilizing them according to the currently given needs.
But cloud is complex, especially, if you want to be in control: You need to set up your infrastructure, you need to automate it, you need to maintain it, you need to learn many things.
One of Polyverse´ offering is the Polymorphing. In this interview Archis tells us what the Polymorphing does (fancy things!) and Jurlind explaines why and how it is integrated in the VanillaStack. But first of all it is about cloud security, collaboration, open source and open minset!
The Coronavirus is wreaking havoc on everything in our lives. It’s hard to find something that hasn’t been impacted in a major way as we attempt to limit the spread of the virus. Cloud security professionals should pay close attention to how our online needs are rapidly changing — these new adjustments are more than just necessary to make things work in the interim. The workarounds to keep our lives as normal as possible could permanently define the way we work, study, and do business from here on out.
Kubernetes is an opensource platform for automating deployment, scaling, and management of containerized applications. According to the data from GitHub, Kubernetes represents one of the largest opensource projects worldwide, and the development and deployment of tools around Kubernetes is rapidly and continuously growing. This rapid and continuous evolution makes Kubernetes an unsteady, fastmoving target, in particular regarding security.
Last week Dan Kohn, the former executive director at Cloud Native Computing Foundation (CNCF), died quite to early as a result of colon cancer.
We thank him for his long-term engagement for open source, for boundless collaboration and the Public Health Initiative of the Linux Foundation and his former dedication in several organizations and foundations.
By enabling a long-held dream of computing as utility, Cloud Computing has become one of the major technology trends in the last decade. Due to its’ flexible and agile nature, Cloud Computing is continuously and significantly transforming a large part of the IT industry.
Clouds are replacing traditional corporate data centers. More and more companies are connecting the computing power of external providers instead of managing their own pool of physical servers.
Why do successful businesses move to clouds? Short answer: to cut costs and speed up growth. In more detail, let’s consider the main factors that push businesses to move to cloud services and the arguments in favor of the cloud.
Over the past 18 months, containers have taken most organizations by storm. Containers and microservices are key enablers in organisations’ quests for digital transformation. But, they increasingly need to adopt a smart cloud security strategy based around a Container Security Triad.
The OpenStack Foundation’s virtual OpenDev event this summer created a space for engaging conversations on a variety of topics within the open infrastructure community. Packaged into three separate events, each three days in duration, participants discussed open infrastructure software, hardware automation and containers in production. In the first session, Blizzard Entertainment, Verizon, and OpenInfra Labs discussed combatting the challenges behind scaling, testing and integration during their presentations to the open source community.
The cloud report had the opportunity to talk with Kim-Norman Sahm, CTO of Cloudical, about the way cloud computing is going, open source and avoiding vendor lock-in.
Today the SUSECONdigital 2020 starts! Upfront the cloud report interviewed Melissa di Donato. Have a spectacular SUSECON.
SUSE prides itself as the largest independent open source company in the world. With the appointment of Melissa di Donato to CEO in August 2019, SUSE started a new chapter and put itself on the path to global growth. In this interview, Melissa explains how her style of leadership matches perfectly with the vision of open source, the role of women in tech leadership and how fierce collaboration inspires SUSE and its customers.
This article gives a short overview of the Gaia-X project as next generation cloud computing: with motivation for the project, what is Gaia-X?, project organization, role of civil society and prospects.
Motivation