Subterms
Image: Getty US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software. The new guidance is meant to help US private and public sector organizations defend themselves against supply chain attacks, including the one Russian Foreign Intelligence Service (SVR) hackers […] More
DuckDuckGo is all about privacy and the company has gone out of its way to help protect consumers around the globe. One new arena it has entered is that of email privacy. You might not know this, but tracking companies can even do their thing using your email address.Consider this: Every time you sign up for a site/service or make an online purchase, you use an email address. That email address can be used by trackers to keep tabs on your behavior. No one wants that, which is why DuckDuckGo has released the beta of its email protection service to the public at large.What is DuckDuckGo’s email protection?Simply put, the DuckDuckGo email protection allows you to define your actual email address with the service, and then, when you need to use an email address online, you then use DuckDuckGo to create either a personal or private “Duck” address for the website in question. Any email that is then sent to the address is stripped of trackers and then forwarded to the personal email address you configured. More
Privacy has become an issue for nearly every person on the planet. Given how many people depend on web browsers every day for work, communication, connection, and entertainment, the security of those tools has become tantamount to the privacy of user information.Unfortunately, not every browser is capable of handling security in a way that can keep our data out of the hands of those who should not see it.What can you do?Thanks to DuckDuckGo, there’s an add-on available for every major browser on the market, and it can greatly enhance built-in security measures. That add-on is called DuckDuckGo Privacy Essentials.What does DuckDuckGo Privacy Essentials do? Here’s the shortlist:Shows you at-a-glance information on how much a site can be trusted.Forces sites to use encrypted connections (when available).Blocks nearly all trackers.Keeps your search history private.If you know anything about privacy, you should immediately understand how important that list is. And if you’re not sure if you can trust your desktop web browser of choice, it’s time you give it a much-needed privacy boost.Also: How to use confidential mode in Gmail to protect sensitive informationSo, how do you add the DuckDuckGo Privacy Essentials add-on to your web browser of choice? It’s actually much easier than you might think. And given the benefit you gain from the extension, this should be a no-brainer for everyone.Let’s install DuckDuckGo Privacy Essentials.Installing DuckDuckGo Privacy Essentials More
The next phase of cloud development will revolve around multi-cloud management and security, as businesses in Asia-Pacific want options but struggle to cope with the complexities of managing different platforms. Vendors such as VMware are hoping to step in and help customers do so with a range of products. While they talk about being “interconnected”, the reality today is that hyperscalers currently operate like isolated operating systems, according to Simon Piff, IDC’s Asia-Pacific vice president. This presents a significantly challenging piece for organisations in the region, Piff told ZDNet. It would fuel the need for multi-cloud management and cross-cloud security strategies as the next phase of development in the market, he said. This would result in tremendous opportunities for systems integrators and software vendors able to remove the complexities and offer the integration tools necessary to make multi-cloud management seamless, the analyst said. Charlie Dai, Forrester’s vice president and research director, noted that Asia-Pacific enterprises were looking to transition from being cloud-first to cloud-native so they could leverage future technologies. This involved the transformation of their cloud infrastructure into multi-cloud and hybrid cloud environments with technologies such as containers, Kubernetes, IaC (infrastructure as code), and SRE (site reliability engineering), said Dai, who leads Forrester’s research team in China. It also encompassed the modernization of applications at scale using microservices, service mesh, and DevOps automation, he said in an email interview. In addition, Kubernetes was fuelling platform-driven business innovation in key areas such as machine learning and artificial intelligence (AI), data management, IoT, 5G, and blockchain, he noted. Piff said organisations would need to have the right understanding of how to get the most of their cloud deployment. “Apps need to be cloud-native to take full advantage of the underlying cloud [infrastructures],” he said. “Simply moving an app to the cloud, without redesigning or refactoring, does not give the best value at all.”Dai added that organisations would need to focus on three pillars–encompassing platforms, practices, and partners–to drive their transformation towards being cloud-native. Organisations would face several challenges impacting key roles in their IT teams, he said. For instance, he explained that open source components in cloud-native infrastructures had different architectures, maturity, dependencies, roadmap, and requirements in terns of technical expertise. They also required enhancements in scalability, reliability, and performance for enterprise deployment and microservice applications in distributed environments.Hence, developers could find it tough to manage the complex service dependency and identify root causes of issues on the application layer, he said. In addition, cloud-native technologies not only expanded the attack surface across the container lifecycle, spanning design to runtime, but also introduced added risks from emerging technologies powered by Kubernetes.Opportunities to manage app, cloud sprawlOrganisations realise the need to optimise their application for speed, resilience, and security, but face challenges doing so across the development lifecycle. This spans building, deploying, running, managing, and securing their applications, according to Ajay Patel, VMware’s senior vice president and general manager of modern applications and management business group, which encompasses the vendor’s Tanzu and Aria portfolios. The vendor announced a host of product releases at its Explore conference in San Francisco this week, including Tanzu Application Platform, Tanzu for Kubernetes Operations, and multi-cloud management platform, VMware Aria.Patel said: “Platform teams must focus on delivering a great developer experience and path to production to speed velocity, while also providing a solution for deploying and running apps more securely, reliably, and at scale on any and many clouds.”With the multitude of choices available, though, managing their application and multi-cloud infrastructures has become highly complex, he said. Developers and IT teams have to control costs, ensure performance, and manage consistent security policies across their diverse environments. VMware CEO Raghu Raghuram said businesses deployed varying platforms and technologies over time, leading to cloud and application sprawl. They typically start their cloud journey on one platform, but would move some workloads to another for licensing or pricing gains offered by other cloud vendors. Speaking at the conference, Raghuram said 75% of organisations today operated two or more public clouds. Doing so also enabled then to access best-of-breed services and innovation across different cloud players, so they could differentiate the applications they were building, he explained, In addition, businesses looked for greater choice and flexibility, allowing them to avoid vendor lock-in, he said. This, however, drove up complexity and application development had become slow and cumbersome, he added. Managing applications across disparate clouds also was difficult and costly, with each cloud vendor requiring administrators to use proprietary tools that were siloed and did not interoperate. The need to resolve this was driving towards being “cloud smart”, Raghuram said, where organisations had the ability to select the right cloud for the right app, based on the needs of individual app. Pointing to Aria, he said the multi-cloud management platform was designed to provide real-time cost analysis and recommendations on optimising their workload deployment.Core to Aria is Aria Graph, a graph-based data store that captures the resources and relationships of a multi-cloud environment. According to VMware, the graph is built for cloud-native applications and provides a single source of truth that is updated “near real-time”. The vendor added that Aria’s graph data store and API services could be integrated with third-party tools, such as observability and application performance management applications. The multi-cloud management platform would enable developers as well as site reliability engineering (SRE) and platform engineering teams to pull relevant data for analysis and debugging. It also provided visibility of cost, performance, and configuration of applications and workloads across cloud environments, VMware said.Piff said: “Arguably, cost optimisation is an area that need deep focus and will become a financial differentiator between organisations. If an end-user does not need an application 24 by 7, then [the ability to] only pay for the times when it is in use will be a huge advantage. If capacity can be bought only when needed, then organisations should see some interesting savings, but it will take time and a mindset shift.”According to the IDC analyst, VMware was in a good position to be a neutral party that could help ease the management of multi-cloud environments for organisations. He explained that much of the automation the software vendor had driven into its platform, around provisioning and performance, could be used to create de-provisioning and to manage costs–alongside the management of security, to a certain degree. Paul Simos, VMware’s Southeast Asia and Korea service president and managing director, noted that organisations in the region had the frameworks and understanding to deploy cloud and application modernisation at small scale. To drive their cloud transformation to the next phase, they now needed to know how to do this at scale, he told ZDNet. Key to this, Simos said, was frictionless developer experience and automation Sylvian Cazard, VMware’s Asia-Pacific Japan senior vice president and general manager, added that these organisations also were adopting cloud-native applications and using Kubernetes to manage and scale these apps. With extensive cloud deployment fuelled by the pandemic, Cazard added that multi-cloud management and the need to control costs from operating as well as securing these environments had become a focus of IT leaders. Ensuring control, consistency, and security were top priorities, he said, alongside meeting regulatory requirements for data sovereignty. Sovereign clouds increasingly were a major topic in Asia-Pacific, he added. Simos said VMware, with its product portfolio including Aria, aimed to help enterprises scale their cloud deployment, establish service consistency, and enrich cloud-native developer experience.Dai said VMware had a long track record serving enterprise customers in the cloud era powered by virtual machines. The vendor also was making substantial progress in the cloud-native era to help enterprises address challenges with its Tanzu portfolio.Specifically, he said VMware Tanzu Application Platform was touted to improve developer productivity and simplify DevSecOps in distributed cloud environments, while VMware Tanzu for Kubernetes Operations was designed to give operators a “consistent, secure, and simplified” container and virtual machine lifecycle management experience, with multi-cloud observability.The Forrester analyst, though, noted in a previous ZDNet report that VMware would need to work on a “clear and solid” go-to-market strategy, while its Broadcom acquisition was being firmed up. Piff also noted that the vendor should assure customers the impending acquisition would not go the way of Broadcom’s previous acquisitions of CA Technologies and Symantec. Asked about feedback from its Asia-Pacific customers on the Broadcom acquisition, Cazard said it still was “very much business as usual”. He noted that most clients had been with VMware for a decade and already had seen the software vendor function through previous acquisitions with EMC and Dell.He said there had been no change in customer spending, adding that VMware also was continuing to expand its product portfolio, as evident at the Explore conference. Broadcom and VMware have up to a year, until October 2023, to close the acquisition.Asked for his comments on customers that might choose to wait before forking out more spend in VMware, Raghuram said CIOs who chose to wait a year before making any investment decisions to drive their digital initiatives would be in trouble. Based in Singapore, Eileen Yu reported for ZDNet from VMware Explore 2022 in San Francisco, USA, on the invitation of VMware.RELATED COVERAGE More
Image: Getty Images/iStockphoto Microsoft has detailed a high-severity flaw in the TikTok Android app that could have allowed an attacker to hijack an account when users click on a link. Fortunately, developers at TikTok parent ByteDance quickly fixed the flaw after Microsoft researchers reported the issue to it in February through its bug bounty program, […] More
Apple has released an important security update for the iPhone 5s, iPhone 6 and older iPads to address one of two flaws affecting iOS 15 that also affected iOS 12. Apple has rolled out a fix for iOS 12 in the update in iOS 12.5.6 that brings across a patch for a remote code execution […] More
Image: Getty There’s been a big rise in ransomware attacks targeting Linux as cyber criminals look to expand their options and exploit an operating system that is often overlooked when businesses think about security. According to analysis by cybersecurity researchers at Trend Micro, Linux servers are “increasingly coming under fire” from ransomware attacks, with detections […] More
Imagw: Black_Kira/Shutterstock Google Chrome extensions are meant to make your life easier. With Chrome browser extensions that help you get discounts, correct your grammar, take screenshots, and watch shows with friends, downloading an extension can be very tempting. However, malicious extensions are mimicking the appearance of popular ones to put your privacy at risk. Malicious […] More
