In recent years, we learned the hard way that open source software requires substantial maintenance work. Just because the source code is open to inspection does not mean anyone is looking. While not the first incident, Heartbleed raised the awareness that even widely used open source software needs to be maintained. We must remember the lesson we already learned with Heartbleed: We need healthy open source projects if we want high-quality and secure software.
Digital technologies have the potential to improve people‘s lives. But they also bring negative side effects. Technological innovations and their use must therefore be geared to the wellbeing of people and society. Therefor the Digital Responsibility Goals define a framework and work toward a trusting, ethically sensitive, and sustainable digital transformation.
Read about the 7 goals.
While we have a tendency to distrust and malign big data and the organizations that harvest data, the obvious answer may be to stop using these services or technologies as a result may have wider-ranging implications which make an abrupt halt of these services less apparent. If used ethically, data has an important role to play in society.
We must no longer accept that online services misuse customer data for monetary purposes under the guise of “customer experience”. A transparent data policy is urgently needed. How to achieve this goal?
Read here
“New Work” has become a buzzword. But what does it mean? How does work change when all parties involved takes it seriously? And what does „The world we want to live in“ look like?
Find the answers here
All around one hears that Europe is lagging far behind the rest of the world (more
precisely America and Asia) in the fields of digitization and cloud technology. To catch
up and learn from the mistakes of others, the European Commission‘s study on open
source technology and OSBA‘s Digital Sovereignty Manifest are now available. This
article summarizes the relevant points made by these two publications.
Um zu verstehen, was souveräne Cloud-Nutzung ist, gibt dieser Artikel zunächst einige Hintergrundinformationen zum Thema Cloud, danach geht er auf Grundprinzipien der Souveränität und einer souveränen Cloud-Nutzung ein und zeigt auf, was das in der Praxis bedeutet.
To gain real DevOps and true transparency the SCS team around Kurt Garloff and Felix Kronlage-Dammers introduced the 5th open paradigm: open operations. That means transparent processes, advanced collaboration, error culture, and open documentation. How they want to master the challenges around that idea, both tell us in this interview.
Learn more about the concept:
https://scs.community/2022/06/23/this-was-oifsummit2022/
An Open Operations concept: https://www.youtube.com/watch?v=oGuUty7ufN8
Slide fantastic 4: (© Marvel)
At the Container Days 2021 in Hamburg I had the pleasure of meeting Bill Mulligan from CNCF* in person and we talked about the three p’s of CNCF (projects, places, people), Kubernetes, and how CNCF is growing.
Cloud has created a new attack vector, as data has moved to public servers, and
networks and infrastructure have become virtual. Covid-19 made things worse. Beside
the zero-trust concept there is data residency. This article explains how this tool works.
Digital sovereignty has become one of the most important goals in the European digitization strategy in recent months and years; ever since the repeal of the Cloud Act, Europe has shown that we mean business. Germany plays a leading role in these issues not only on a political level. But what is digital sovereignty? What is the current status? Where will, and must, the journey lead to? I discussed these topics with Dr Christian Knebel and Karsten Samaschke.
read the full interview
Digital sovereignty is becoming increasingly important. And data sovereignty plays a central role in this. So how can companies and public authorities become data sovereign? By using the right technologies.
As simple as it is to produce, consume, manipulate, and store data and applications in cloud environments, you need to ensure their availability, backup, and recovery. Surely, this can be handled by built-in mechanisms of the respective environments such as multi-location storage, backup, and restore – but what is about data safety, data integrity and privacy?
read more
Das Onlinezugangsgesetz für Bund und Länder gibt vor, welche Serviceleistungen des Staates in Zukunft digital ablaufen sollen. Dieser Artikel zeigt die Komplexität und die Herausforderungen dieses Vorhabens auf und wirft einen Blick auf den Stand der Umsetzung.
Hier weiterlesen
Social media is arguably one of the most disruptive technologies of the digital age, and its influence is only set to grow. However, while it is key for businesses to have some sort of social media presence, most businesses fail to integrate social media into broader data management strategies.
Responsible use of public money means that software should be accessible and freely available – we at publicplan think and act according to this credo. This approach promotes further development and stands for participation. Based on this understanding, publicplan has committed itself to the idea of free and open source software.
and the german version here
This article is a reprint of a speech given by Ann-Cathrin Riedel, Chair of LOAD e.V.
and Vice President of the European Society for Digital Sovereignty e.V., at the Open
Source Day 2021 of the Open Source Business Alliance e.V.. It is about the last push,
democracy as a way of life and the enthusiasm for open source that we can and must
awaken with enlighting narratives.
(auch auf deutsch)
Hardly any other term has been redefined and re-framed so frequently in last year’s digital political discourse as “digital sovereignty”. This article is intended to help demystify the term “digital sovereignty” by exploring the different dimensions of digital independence and is a first approach to create a well-defined taxonomy that allows an evaluation of digital offerings far away from buzzwords and hypes.
Dieser Handlungsleitfaden will Ihnen den Umstieg in die Cloud erleichtern, indem er wichtige Aspekte und Schritte hervorhebt und näher beschreibt. Selbstverständlich kann er keinen Anspruch auf Vollständigkeit erheben, Unternehmen sind zu unterschiedlich strukturiert und aufgestellt – aber er kann Ihnen wertvolle Anregungen für Ihren Schritt in die Cloud geben.
Open Policy Agent (or OPA, pronounced Oh-pa!) is an open source, general purpose policy engine. Breaking that sentence apart, “open source” and “general purpose” likely won’t need further explanation for this audience, so let’s jump straight to the “policy engine” part.
Die deutsche Version des Textes finden Sie hier!
In den Interviews neueren Datums mit der F.A.Z. erklärte Bergmann zu der Frage, ob die heutige Form der „New Work“ seiner eigentlichen Intention entsprach. „Der Ausdruck ‚Neue Arbeit‘ wird heute in vielen Betrieben angepriesen. Aber um das ‚Wollen‘ geht es nicht“, erwiderte er. Aber worum geht es? Das erklärt Ihnen dieser Artikel.
“Das Brett ist megadick
– aber Europa hat erkannt, dass dieser Weg gegangen werden muss”
Digitale Souveränität ist in den letzten Monaten und Jahren zu einem der wichtigsten Ziele in der Europäischen Digitalisierungsstrategie geworden, spätestens mit dem Aufkündigen des Cloud Actes zeigte Europa, dass wir es ernst meinen. Aber was ist digitale Souveränität? Wohin wird und muss die Reise gehen? Darüber habe ich mit Dr. Christian Knebel, Gründer und Geschäftsführer der publicplan GmbH, und Karsten Samaschke, Gründer und Geschäftsführer der Cloudical Deutschland GmbH, gesprochen.
In order to manage cryptographic keys securely, Cryptographic Key Management Solutions (CKMS) shall be used. Consequently, the following questions arise:
- What are functional and non-functional requirements that such solutions must meet?
- What Cryptographic Key Management Solutions are there in the market?
- What is the “best” solution?
This article aims to address these three questions. In the first part, we list functional and non-functional requirements relevant for such solutions. Next, we provide an overview of existing solutions in the market. Finally, we conclude by suggesting an approach for identifying the “best” solution.
Open source projects are living by the contribution of time, ideas and passion of enthusiasts. In this article we introduce sustainable open source projects and a passionate initiative of the enthusiasts of protontypes.
Security as Code is a driving force for the current evolution of application security. It goes hand-in-hand with modern software development and the rise of Infrastructure as Code (IaC), but it is also helping innovation-minded organizations to better address and deal with the biggest security challenge seen in a generation.
When thinking about open source and sustainability, one of the first things coming into mind is that they are currently very much Zeitgeist. But what about them in combination? Does it make sense to use them as a pair? And is there perhaps a wider correlation between them, apart from software and infrastructure? Let’s find out…
Read more
Not like free beer. But open and free to use for several business cases: open source. How that works explain Julian Hansert from Kubermatic and Christopher Branston from SVA.
The evolution of cloud technology has caused cyber threats to evolve in a parallel manner. Cybersecurity risks have skyrocketed as more and more companies opt for migrating their servers and infrastructures to the cloud. This trend has resulted in immense amounts of sensitive data being interconnected, available, and – unfortunately – quite vulnerable to numerous threats.
Good news for all cloud enthusiasts and container fans: ContainerDays (CDS) will take place again from September 21 – 23, 2021. Europe’s flagship conference on container and cloud native technologies is going hybrid this year: live in Hamburg and worldwide online conference for free.
Tickets: https://www.containerdays.io/tickets/ – with the voucher: THANKS2CLOUDICAL@CDS21 you get 20% off
Read more
If you know the cloud report a little bit, you already know that we thematize topics like diversity, responsibility, sustainability beside all kind of cloud computing things. We understand “cloud” holistically, and we understand “open source” as a mindset of sharing, collaboration, forward-looking, reasonable, social. The open source communities and foundations like the Cloud Foundry Foundation are showing right now the future of technology´s development! This time we think about social responsibility.
Read the full article: here
Foundation for carbon neutral sustainability – LF Energy
While I was searching for open source, sustainability, energy awareness I found LF Energy, a sub-foundation of Linux Foundation that is focused on the power systems sector: “LF Energy brings together stakeholders to solve the complex, interconnected problems associated with the decarbonization of energy by using resilient, secure and flexible open source software. Digitalization facilitates a radically energy-efficient future.”
Read the full article: here
Many companies want to use orchestration tools for their applications, but not all of these apps are containerized or cloud native. Some apps would need a complete re-write. At the KubeCon & CloudNativeCon Europe HashiCorp introduced the new release of Nomad, their orchestration tool for containers, but also legacy applications. the cloud report talks with Chang Li about Nomad, of course also in comparison to Kubernetes.
If you want to use the possibilities of reliability and scalability in IT landscapes, this is easily achieved by Kubernetes ecosystems, which you can set up with a cloud service provider or in your own data center. This article describes how to roll out applications in a Kubernetes ecosystem, which tools you need, which “middleware” is necessary and which cloud service providers (hyperscalers or GDPR-compliant service providers) you can use.
Read the article: here
“Security by Design” and “Developer first” as approaches of GITLAB. Cindy introduces the offerings of automation tools to develop secure code quickly. GITLAB enables and empowers developers to join DevSecOps by using automation, open source and security knowledge. The tools help testing APIs and finding vulnerabilities before the code goes into production. But there are still a lot of challenges…
watch the interview here
Short interview with cloud security expert Jurlind Budurushi from Cloudical
Securing the infrastructure, platforms, processes, and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
To understand cybersecurity we need to understand what this “cyberspace” is. In the second episode we answer the questions: What is cloud computing? What are the security challenges? Who is responsible? And who (the fuck) is Alice?
Watch part II of our “Securing Cyberspace” series here
The first transnational lockdown 2020 came as a surprise to everyone and was implemented at short notice. In the days and weeks that followed, concepts were developed, technical equipment for working at home was purchased, a lot of improvisation was done, and as much as possible was digitized.
The event area was one of the first to quickly develop virtual alternatives to the cancelled on-site events. Meetups became virtual meetings. Many companies quickly offered webinars on all sorts of topics, which offered the advantage of being able to be attended live, but also available and retrievable online afterwards.
European Companies signed the Climate Neutral Data Center Pact and promise to gain this goal within 9 years!
How this can be achieved, what needs to be done, what is already done, and how this corresponds with digitization the cloud report asked Dr. Béla Waldhauser. And he answers openly and gives insights of the German business landscape, politics, prices, plans and good ideas.
Watch the interview here
Short interview with cloud security expert Archis Gore from Polyverse
Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
In my last comment I explained why diversity is important and a true value and strength for all communities, but also for society. And now I´m talking about equality? Equality in spite of diversity? Of course!
We only gain the full power of diversity if we consider our equality. Our equality as human beings. We are all different in our personality, outward appearance, faith, talent, sex, but we are all equal in our value!
Ten years after the zero trust security model was first articulated, organizations are doubling down – but successful defense also means reassessing your approach to operating the cloud.
A decade ago, Forrester Research analyst John Kindervag called time on perimeter security and warned us against trusting the traffic on our corporate networks…
Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
read the interview here
Poseidon & Cloud Native
What’s the story with Trident?
Container technology received a lot of attention recently and has become essential for cloud native deployments. However, all that glitters is not gold and the technology has a few drawbacks. The Cloud Native Computing Foundation identified within their most recent surveys the limitations within the areas of storage and security. The following article describes how to deal with persistent storage requirements in hybrid cloud environments. Furthermore, it describes possible solutions by taking advantage of dynamic storage orchestrators such as Trident and its related architecture.
The last year has influenced many things, and we have noticed it most in our professional lives in the way we work together. We are now used to communicate and work via a screen and shared resources. But for a large part of the IT world, this was not new – the open source communities…
An interview with Amith Nair
Around the time of KubeCon & CloudNativeCon Virtual 2020 the cloud report had the opportunity to talk with Amith Nair, Vice President Product Marketing at HashiCorp, about automation, what a company can do for cloud-native development and get to the heart of open source.
Read the interview here
Here you get all information about the latest VanillaStack release, what is new, what changed, what happend in the project, how they use the newest Stratos version, …
In this interview Andreas Weiss from the Gaia-X project management eco explains what Gaia-X really is about! No hyperscaler or European cloud, but an initiative to gain real data sovereignty in a secure, federative, open source data infrastructure. And of course, Gaia-X is way more, it is “a once in a lifetime achievement” and a great opportunity for Europe to take the different way and live our diversity.
Berlin based company Cloudical is offering a webinar series to introduce and discuss the LPIC 303 security certificate. It is important to secure the all underlying Linux to build a secure cloud environment. And the both experts are explaining step by step the parts of the certificate. Learn here what you can expect.
On Wednesday, the 27th of January the kick-off webinar for a Cloud Expo Gaia X series during the year 2021 started.[1] These events discuss the idea of Gaia X, the status of the project, introduce the participants and invite more to join this pioneer initiative.
[1] https://www.cloudexpoeurope.de/gaia-x
News from the VanillaStack project, two maintainers talk about community´s and customer´s feedback, about changes and bug fixes, about an evolving project, decission making and a from the CNCF Cetified Kuberntes project.
Find more details about the VanillaStack here
Out Now: The Cloud Report issue 4/2020
Content: Open Source, Open Infrastructure Foundation, Open Source Cloud Stack…
For a PDF version of issue 4/2020 go here
To order a physical copy please send an e-mail to: sales@cloudical.io
One of GAIA-X’s main goals is to restore data sovereignty in Europe when using cloud technology. US hyperscalers, for example, are subject to the US Cloud Act, which enables US authorities to enforce the release of data stored in data centers in Europe. This is contrary to European law and the GDPR. At the beginning of 2019 it was still being considered to build a European hyperscaler, but it was finally decided to create solutions with standards that would give European users more sovereignty.
Nowadays cloud is everywhere, cloud is important to many enterprises – and for good reason! With cloud approaches, one gets the benefit of understanding resources as pool, which allows utilizing them according to the currently given needs.
But cloud is complex, especially, if you want to be in control: You need to set up your infrastructure, you need to automate it, you need to maintain it, you need to learn many things.
One of Polyverse´ offering is the Polymorphing. In this interview Archis tells us what the Polymorphing does (fancy things!) and Jurlind explaines why and how it is integrated in the VanillaStack. But first of all it is about cloud security, collaboration, open source and open minset!
The Coronavirus is wreaking havoc on everything in our lives. It’s hard to find something that hasn’t been impacted in a major way as we attempt to limit the spread of the virus. Cloud security professionals should pay close attention to how our online needs are rapidly changing — these new adjustments are more than just necessary to make things work in the interim. The workarounds to keep our lives as normal as possible could permanently define the way we work, study, and do business from here on out.
Kubernetes is an opensource platform for automating deployment, scaling, and management of containerized applications. According to the data from GitHub, Kubernetes represents one of the largest opensource projects worldwide, and the development and deployment of tools around Kubernetes is rapidly and continuously growing. This rapid and continuous evolution makes Kubernetes an unsteady, fastmoving target, in particular regarding security.
Last week Dan Kohn, the former executive director at Cloud Native Computing Foundation (CNCF), died quite to early as a result of colon cancer.
We thank him for his long-term engagement for open source, for boundless collaboration and the Public Health Initiative of the Linux Foundation and his former dedication in several organizations and foundations.
By enabling a long-held dream of computing as utility, Cloud Computing has become one of the major technology trends in the last decade. Due to its’ flexible and agile nature, Cloud Computing is continuously and significantly transforming a large part of the IT industry.
Clouds are replacing traditional corporate data centers. More and more companies are connecting the computing power of external providers instead of managing their own pool of physical servers.
Why do successful businesses move to clouds? Short answer: to cut costs and speed up growth. In more detail, let’s consider the main factors that push businesses to move to cloud services and the arguments in favor of the cloud.
Over the past 18 months, containers have taken most organizations by storm. Containers and microservices are key enablers in organisations’ quests for digital transformation. But, they increasingly need to adopt a smart cloud security strategy based around a Container Security Triad.
The OpenStack Foundation’s virtual OpenDev event this summer created a space for engaging conversations on a variety of topics within the open infrastructure community. Packaged into three separate events, each three days in duration, participants discussed open infrastructure software, hardware automation and containers in production. In the first session, Blizzard Entertainment, Verizon, and OpenInfra Labs discussed combatting the challenges behind scaling, testing and integration during their presentations to the open source community.
The cloud report had the opportunity to talk with Kim-Norman Sahm, CTO of Cloudical, about the way cloud computing is going, open source and avoiding vendor lock-in.
Today the SUSECONdigital 2020 starts! Upfront the cloud report interviewed Melissa di Donato. Have a spectacular SUSECON.
SUSE prides itself as the largest independent open source company in the world. With the appointment of Melissa di Donato to CEO in August 2019, SUSE started a new chapter and put itself on the path to global growth. In this interview, Melissa explains how her style of leadership matches perfectly with the vision of open source, the role of women in tech leadership and how fierce collaboration inspires SUSE and its customers.
This article gives a short overview of the Gaia-X project as next generation cloud computing: with motivation for the project, what is Gaia-X?, project organization, role of civil society and prospects.
Motivation