/ By James Kobielus / 0 Comments

Everybody who survives 2020 will look back on it as a year that stood outside the normal flow of our lives. Tech vendors have had to adapt to the chaotic storm of events that has turned global society upside down.

In addition to the FAANG vendors (Facebook, Amazon, Apple, Netflix, Google), Microsoft will remain one of the dominant figures in the eventual post-pandemic phase of our lives. This week at its now virtual-only annual Ignite conference, the Redmond, Washington-based cloud powerhouse cemented its position as an innovation leader.

We could easily focus on Microsoft’s numerous tweaks to its Azure cloud portfolio and Office productivity tools, but these are less interesting than the new and enhanced solutions that are positioning the company for life after COVID-19.

To read this article in full, please click here

/ By Paul Krill / 0 Comments

GitHub has made its code scanning service generally available. Based on the CodeQL semantic code analysis technology acquired from Semmle, GitHub code scanning now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases. The service also supports analysis using third-party tools. 

GitHub code scanning is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with linting suggestions. The service integrates with the GitHub Actions CI/CD platform or a user’s other CI/CD environment. Code is scanned as it is created while actionable security reviews are surfaced within pull requests and other GitHub experiences. This process is intended to ensure that vulnerabilities never make it into production.

To read this article in full, please click here

/ By Paul Krill / 0 Comments

GitHub has made its code scanning service generally available. Based on the CodeQL semantic code analysis technology acquired from Semmle, GitHub code scanning now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases. The service also supports analysis using third-party tools. 

GitHub code scanning is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with linting suggestions. The service integrates with the GitHub Actions CI/CD platform or a user’s other CI/CD environment. Code is scanned as it is created while actionable security reviews are surfaced within pull requests and other GitHub experiences. This process is intended to ensure that vulnerabilities never make it into production.

To read this article in full, please click here

/ By Paul Krill / 0 Comments

GitHub has made its CodeQL code scanning service generally available. Based on semantic code analysis technology acquired from Semmle, CodeQL now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases.

CodeQL is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with linting suggestions. CodeQL integrates with the GitHub Actions CI/CD platform or a user’s other CI/CD environment. Code is scanned as it is created while actionable security reviews are surfaced within pull requests and other GitHub experiences. This process is intended to ensure that vulnerabilities never make it into production.

To read this article in full, please click here

/ By Paul Krill / 0 Comments

GitHub has made its CodeQL code scanning service generally available. Based on semantic code analysis technology acquired from Semmle, CodeQL now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases.

CodeQL is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with linting suggestions. CodeQL integrates with the GitHub Actions CI/CD platform or a user’s other CI/CD environment. Code is scanned as it is created while actionable security reviews are surfaced within pull requests and other GitHub experiences. This process is intended to ensure that vulnerabilities never make it into production.

To read this article in full, please click here

/ By David Linthicum / 0 Comments

My interesting weekend reading was this Cloud Security Alliance (CSA) report, which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind. These threats are described as “egregious.”

CSA surveyed 241 experts on security issues in the cloud industry and came up with these top 11 threats:

  1. Data breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access, and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

This is a pretty good report, by the way. It’s free to download, and if you’re interested in the evolution of cloud computing security, it’s a good read.  

To read this article in full, please click here

/ By David Linthicum / 0 Comments

My interesting weekend reading was this Cloud Security Alliance (CSA) report, which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind. These threats are described as “egregious.”

CSA surveyed 241 experts on security issues in the cloud industry and came up with these top 11 threats:

  1. Data breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access, and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

This is a pretty good report, by the way. It’s free to download, and if you’re interested in the evolution of cloud computing security, it’s a good read.  

To read this article in full, please click here

/ By David Linthicum / 0 Comments

My interesting weekend reading was this Cloud Security Alliance (CSA) report, which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind. These threats are described as “egregious.”

CSA surveyed 241 experts on security issues in the cloud industry and came up with these top 11 threats:

  1. Data breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access, and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

This is a pretty good report, by the way. It’s free to download, and if you’re interested in the evolution of cloud computing security, it’s a good read.  

To read this article in full, please click here

/ By Paul Krill / 0 Comments

Microsoft has unveiled a preview of a C++-based vectorized query engine for the Azure Databricks cloud analytics and AI service based on Apache Spark. Azure Databricks, which is delivered in partnership with Databricks, introduced the Photon-powered Delta Engine September 22.

Written in C++ and compatible with Spark APIs, Photon is a vectorized query engine that leverages modern CPU architecture and the Delta Lake open source transactional storage layer to enhance Apache Spark 3.0 performance by as much as 20x. Microsoft said that as organizations embrace data-driven decision-making, it is now imperative for them to have a platform that can quickly analyze massive amounts and types of data.

To read this article in full, please click here

/ By Paul Krill / 0 Comments

Microsoft has unveiled a preview of a C++-based vectorized query engine for the Azure Databricks cloud analytics and AI service based on Apache Spark. Azure Databricks, which is delivered in partnership with Databricks, introduced the Photon-powered Delta Engine September 22.

Written in C++ and compatible with Spark APIs, Photon is a vectorized query engine that leverages modern CPU architecture and the Delta Lake open source transactional storage layer to enhance Apache Spark 3.0 performance by as much as 20x. Microsoft said that as organizations embrace data-driven decision-making, it is now imperative for them to have a platform that can quickly analyze massive amounts and types of data.

To read this article in full, please click here