Next generation of phishing attacks uses unexpected delivery methods to steal data

 

Netskope, a specialist in secure access service edge (SASE), has unveiled new research that shows how the prevalence of cloud applications is changing the way threat actors are using phishing attack delivery methods to steal data. 

The Netskope Cloud and Threat Report: Phishing details trends in phishing delivery methods such as fake login pages and fake third-party cloud applications designed to mimic legitimate apps, the targets of phishing attacks, where the fraudulent content is hosted, and more.

Although email is still a primary mechanism for delivering phishing links to fake login pages to capture usernames, passwords, MFA codes and more, the report reveals that users are more frequently clicking phishing links arriving through other channels, including personal websites and blogs, social media, and search engine results. The report also details the rise in fake third-party cloud apps designed to trick users into authorizing access to their cloud data and resources.

Phishing Comes From All Directions

Traditionally considered the top phishing threat, 11% of the phishing alerts were referred from webmail services, such as Gmail, Microsoft Live, and Yahoo. Personal websites and blogs, particularly those hosted on free hosting services, were the most common referrers to phishing content, claiming the top spot at 26%. The report identified two primary phishing referral methods: the use of malicious links through spam on legitimate websites and blogs, and the use of websites and blogs created specifically to promote phishing content.

Search engine referrals to phishing pages have also become common, as attackers are weaponising data voids by creating pages centred around uncommon search terms where they can readily establish themselves as one of the top results for those terms. Examples identified by Netskope Threat Labs include how to use specific features in popular software, quiz answers for online courses, user manuals for a variety of business and personal products, and more.

Ray Canzanese, threat research director, Netskope Threat Labs, said: “Business employees have been trained to spot phishing messages in email and text messages, so threat actors have adjusted their methods and are luring users into clicking on phishing links in other, less expected places.

“While we might not be thinking about the possibility of a phishing attack while surfing the internet or favourite search engine, we all must use the same level of vigilance and skepticism as we do with inbound email, and never enter credentials or sensitive information into any page after clicking a link. Always browse directly to login pages.” 

The Rise of Fake Third-Party Cloud Apps

Netskope’s report discloses another key phishing method: tricking users into granting access to their cloud data and resources through fake third-party cloud applications. This early trend is particularly concerning because access to third-party applications is ubiquitous and poses a large attack surface. On average, end-users in organisations granted more than 440 third-party applications access to their Google data and applications, with one organisation having as many as 12,300 different plugins accessing data – an average of 16 plugins per user. Equally as alarming, over 44% of all third-party applications accessing Google Drive have access to either sensitive data or all data on a user’s Google Drive – further incentivising criminals to create fake third-party cloud apps.  

“The next generation of phishing attacks is upon us. With the prevalence of cloud applications and the changing nature of how they are used, from Chrome extensions or app add-ons, users are being asked to authorise access in what has become an overlooked attack vector,” added Canzanese. “This new trend of fake third-party apps is something we’re closely monitoring and tracking for our customers. We expect these types of attacks to increase over time, so organisations need to ensure that new attack paths such as OAuth authorisations are restricted or locked down. Employees should also be aware of these attacks and scrutinise authorisation requests the same way they scrutinise emails and text messages.” 

Within the report, Netskope Threat Labs includes actionable steps organisations can take to identify and control access to phishing sites or applications, such as deploying a security service edge (SSE) cloud platform with a secure web gateway (SWG), enabling zero trust principles for least privilege access to data and continuous monitoring, and using Remote Browser Isolation (RBI) to reduce browsing risk for newly-registered domains.      

Additional key findings from the report include: 

• Employees continue to click, fall victim to malicious links. It is widely understood that it takes just one click to severely compromise an organisation. While enterprise phishing awareness and training continues to be more prevalent, the report reveals that an average of eight out of every 1,000 end-users in the enterprise clicked on a phishing link or otherwise attempted to access phishing content.
• Users are being lured by fake websites designed to mimic legitimate login pages. Attackers primarily host these websites on content servers (22%) followed by newly registered domains (17%). Once users put personal information into a fake site, or grant it access to their data, attackers are able to capture usernames, passwords, and multi-factor authentication (MFA) codes. 
• Geographic location plays a role in the access rate of phishing. Africa and the Middle East were the two regions with the highest percentages of users accessing phishing content. In Africa, the percentage of users accessing phishing content is more than 33% above average, and in the Middle East, it is more than twice the average. Attackers frequently use fear, uncertainty, and doubt (FUD) to design phishing lures and also try to capitalise on major news items. Especially in the Middle East, attackers appear to be having success designing lures that capitalise on political, social, and economic issues affecting the region.

Courtesy: https://www.cloudcomputing-news.net/

Distribute low-latency broadcast content in AWS using JPEG XS and AWS CDI

Introduction

Live production workflows are one of the most demanding workloads for broadcasters. Broadcasters require low latency, agility, scalability, and reliability to deliver live content like news and sporting events to consumers. Amazon Web Services (AWS) developed the AWS Cloud Digital Interface (CDI) SDK as an open-source project to help the media and entertainment industry with contribution and distribution workflows that provide high performance cloud networking between cloud applications.

AWS CDI is a network technology that allows for reliable transport of high-quality uncompressed video within AWS. It can be used to send video between applications with network latency as low as 8 milliseconds, which is less than one frame per second. Ground-to-cloud, cloud-to-cloud, and cloud-to-ground contribution and distribution workloads that require minimal artifacts and latency can leverage JPEG XS. JPEG XS is a visually lossless, low complexity, and low latency video codec that can transport over IP using the SMPTE 2110-22 standard. This also allows for the flexible transport of video, audio, and ancillary data separately using the SMPTE 2110 suite. With the combination of JPEG XS and AWS CDI, broadcasters can move live production workflows into the cloud and continue to maintain high-quality, low-latency content delivery while building end-to-end video solutions.

AWS Media Services support both CDI and JPEG XS to help enable live production workflows in AWS (learn more in the What’s New post). This blog post focuses on AWS Elemental MediaConnect and various use cases where it can be leveraged for production contribution and distribution workflows.

The scenarios highlighted in this blog exemplify various workflows using virtual private cloud (VPC) peering or AWS Organizations with Resource Access Manager (RAM). VPC peering is a networking connection between two VPCs that enables you to route traffic between them, either within a single account or another AWS account. AWS Organizations with RAM allows customers to use a single organization unit, with multi-account AWS environments for central governance and management. Resources are shared to minimize the cost and impact of any issues that arise.

This blog covers the following use cases for CDI/JPEG-XS workflows via MediaConnect:

• Routing JPEG XS signals across different subnets
• Routing JPEG XS/CDI signals across two AWS accounts with central governance
  • Leveraging MediaConnect with JPEG-XS (light compression)
  • Leveraging MediaConnect with CDI (uncompressed)

Routing JPEG XS signal across different subnets

When customers operating in independent AWS accounts need to share content inter and/or intra region, VPC peering can be used as depicted in figure 1. This scenario can benefit broadcasters who distribute to various distribution endpoints such as remote broadcast sites and local stations. JPEG XS can also be used in live cloud-based broadcast and production where content is sent downstream to another VPC for remote monitoring.

Figure 1. JPEG XS distribution using VPC peering

Routing JPEG XS/CDI signals across two AWS accounts with central governance

This scenario is for teams that operate independently but have a single organization and single payer configured using Resource Access Manager (RAM). RAM allows multi-AWS account environments with central governance and management. Resources are shared to minimize cost and impact of issues that arise. This scenario is useful for management and execution of multiple deployment stages (production, development, and testing). Account one acts as the source provider for account two’s environment. By sharing resources such as a subnet, CDI can be transported easily.

Figure 2. JPEG XS distribution using Resource Access Manager

VPC sharing allows customers to share subnets with other AWS accounts within the same AWS organization. This is a very powerful concept with a number of benefits:

• Separation of duties: centrally controlled VPC structure, routing, IP address allocation
• Application owners continue to own resources, accounts, and security groups
• VPC sharing participants can reference security group IDs of one another
• Efficiency gains: higher density in subnets, efficient use of VPNs and AWS Direct Connect
• Hard limits can be avoided; for example, 50 VIFs per AWS Direct Connect connection through simplified network architecture
• Costs can be optimized through reuse of NAT gateways, VPC interface endpoints, and intra-Availability Zone traffic

Conclusion

In this post, we explain various ways AWS Elemental MediaConnect can distribute JPEG XS and/or CDI workflows in the cloud. Key factors to consider when deciding upon a distribution approach are:

• Content type and media format, compressed vs. non-compressed
• Currently MediaConnect supports support up to 10 CDI outputs at 1080P. For 4Kp60, you can have up to 10 ST 2110 JPEG XS outputs, but only 4 CDI outputs.

AWS Professional Services specializing in media and entertainment is ready to help you discover and develop the best approach that fits your unique needs. For more information, visit AWS Professional Services or reach out directly through your account manager.

Courtesy: https://aws.amazon.com/blogs/media

AWS Launches Second Infrastructure Region in India

 Second AWS Region in India provides customers with more options to run workloads with even greater resilience and availability, securely store data in India, and serve end users with even lower latency

The new AWS Asia Pacific (Hyderabad) Region is estimated to support an average of more than 48,000 full-time jobs annually through a planned investment of more than $4.4 billion (approx. INR 36,300 crores) in India by 2030

Hundreds of thousands of customers in India, including Acko General Insurance, Axis Bank, Clevertap, Digital India Corporation (MeitY), Dr. Reddy’s Laboratories, Government of Telangana, HDFC Bank, Jupiter, Lendingkart, National Skill Development Corporation, PhysicsWallah, and Tata Elxsi are innovating on AWS

SEATTLE--(BUSINESS WIRE)-- Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), today announced the launch of its second AWS infrastructure Region in India—the AWS Asia Pacific (Hyderabad) Region. Starting today, developers, startups, entrepreneurs, and enterprises, as well as government, education, and nonprofit organizations, will have greater choice for running their applications and serving end users from data centers located in India. Customers will have access to advanced AWS technologies to drive innovation including data analytics, security, machine learning, and artificial intelligence (AI). For more information about AWS Global Infrastructure, visit aws.amazon.com/about-aws/global-infrastructure.

“The launch of the AWS Asia Pacific (Hyderabad) Region supports India’s digital transformation and is part of our long-term investment in the country since opening our first office in 2011. Customers and partners in India will now have additional regional infrastructure to deploy applications with greater resilience, availability, and even lower latency,” said Prasad Kalyanaraman, vice president of Infrastructure Services at AWS. “We are proud to invest in the future of the Indian technology community and workforce, and we are committed to helping organizations across industries increase agility and drive innovation.”

“As a part of Prime Minister Narendra Modi’s $1 trillion digital economy vision, the ‘India cloud’ is set for big expansion and innovation. Data centers are an important element of the digital ecosystem. AWS’s investment in expanding their data centers in India is a welcome development that would help catalyze India’s digital economy,” said Shri Rajeev Chandrashekhar, union minister of state for Electronics and Information Technology and for Skill Development and Entrepreneurship. “The Government of India’s upcoming National Cloud and Data Center Policy envisions a significant increase in India’s cloud computing capacity from the current 565 MW to over 2565 MW in the near future. We look forward to greener and more sustainable data centers to power India’s expanding economy.”

“We welcome AWS’s commitment to invest approximately INR 36,300 crores in the AWS Region in Hyderabad, which strengthens Telangana’s position as a progressive data center hub in India,” said Shri K. T. Rama Rao, minister for Information Technology (IT), Industries and Commerce, Municipal Administration, and Urban Development at the Government of Telangana. “We recognize the power of cloud computing, which is why we have collaborated with AWS to improve e-governance, healthcare, and municipal operations to benefit the citizens of Telangana. We are pleased that the new AWS Region in Hyderabad will spur more innovation and growth for many enterprises, startups, and public sector organizations in India.”

With the launch of the AWS Asia Pacific (Hyderabad) Region, AWS now has 96 Availability Zones across 30 geographic regions, with announced plans to launch 15 more Availability Zones and five more AWS Regions in Australia, Canada, Israel, New Zealand, and Thailand. AWS Regions are composed of Availability Zones that place infrastructure in separate and distinct geographic locations. The AWS Asia Pacific (Hyderabad) Region consists of three Availability Zones and joins the existing AWS Asia Pacific (Mumbai) Region, which opened in June 2016. Availability Zones are located far enough from each other to support customers’ business continuity, and near enough to provide low latency for high availability applications that use multiple Availability Zones. Each Availability Zone has independent power, cooling, and physical security and is connected through redundant, ultra-low latency networks. AWS customers focused on high availability can design their applications to run in multiple Availability Zones to achieve even greater fault tolerance. The launch of the AWS Asia Pacific (Hyderabad) Region will enable local customers with data residency preferences to store data securely in India, while providing customers with even lower latency across the country.

AWS is planning to invest an estimated $4.4 billion (approx. INR 36,300 crores) in India by 2030 through the new AWS Asia Pacific (Hyderabad) Region, which includes capital expenditures on the construction of data centers, operational expenses related to ongoing utilities and facility costs, and purchases of goods and services from regional businesses. The investment is also estimated to support an average of more than 48,000 full-time jobs annually at external businesses during this time. These jobs will be part of the AWS supply chain in India, including construction, facility maintenance, engineering, telecommunications, and jobs within the country’s broader economy. The construction and operation of the AWS Asia Pacific (Hyderabad) Region is also estimated to add approximately $7.6 billion (approx. INR 63,600 crores) to India’s gross domestic product by 2030.

Customers welcome the AWS Asia Pacific (Hyderabad) Region

Hundreds of thousands of customers in India join millions of active customers using AWS in more than 190 countries around the world. Enterprises in India that choose AWS to speed time to market and innovate include Angel One Limited, Ashok Leyland, Axis Bank, Bajaj Capital, Broadridge, Dr. Reddy’s Laboratories, Edelweiss, HDFC Bank, HDFC Life, RBL Bank, Tata Elxsi, and Titan. Indian public sector customers use AWS to lower costs, become more agile, innovate faster, and better serve the citizens of the region. These customers include 21K School, Centre for Development of Advanced Computing (C-DAC), Common Service Centers, CropIn, Digital India Corporation (MeitY),EnglishHelper, Government of Telangana, Maharashtra State Electricity Distribution Company Limited, NITI Aayog, PhysicsWallah, Prasar Bharati News Services, TraceX, University of Delhi, upGrad, and Whrrl. Indian startups, including Acko General Insurance, Chingari, epiFi, Fibe, INDMoney, Jupiter, Lendingkart, and Loco, are building their businesses on AWS to scale rapidly and expand around the world.

Acko is considered India's first built-for-the-cloud general insurance company. "Since our inception in 2016, we have run our entire platform on AWS, which enables us to scale quickly to serve more than 50 million customers seeking seamless insurance experiences,” said Vishwanath Ramarao, chief technology and product officer at Acko. “We are obsessed with making insurance effortless. The launch of the new AWS Asia Pacific (Hyderabad) Region will enable us to run our applications across multiple highly available data centers in India to provide a seamless experience for customers while supporting our growth ambitions.”

Axis Bank, currently India’s third-largest private sector bank, offers an entire spectrum of financial services to customer segments covering large and mid-size corporations, small and medium enterprises, agriculture, and retail businesses. “With AWS as our primary cloud provider, we have successfully migrated more than 70 applications to the cloud, including digital offerings such as virtual debit card and credit card engagement platforms. We plan to migrate 70% of our on-premises workloads to the cloud in the next two years,” said Avinash Raghavendra, president and chief information officer at Axis Bank. “We welcome the launch of the second AWS Region in India, which will enable us to further expand the availability of our banking applications to customers, while ensuring that their data remains onshore.”

PhysicsWallah is an educational platform in India that provides affordable and comprehensive curricula to middle and high school students, and for national degree entrance exams. “We have collaborated with AWS since 2020 and use services such as Amazon CloudFront, AWS Elemental, and Amazon Redshift to seamlessly and securely deliver our live video classes to more than 6 million students across India,” said Prateek Maheshwari, co-founder at PhysicsWallah. “As user engagement across our app, website, and YouTube channel continues to grow across the country, a second AWS Region in India will enable us to continue to scale and provide even lower latency for students accessing our platform.”

Tata Elxsi is a world-leading provider of design and technology services across several industries, including the automotive, broadcast, and healthcare sectors. Part of the Tata Group, Tata Elxsi has over 12,000 designers, engineers, and technologists working in more than 36 offices worldwide. "At Tata Elxsi, we support our customers in reimagining their products and services by applying design thinking and using innovative technologies. Previously, our on-premises infrastructure curtailed our capabilities to deliver high-performing differentiated consumer experiences and services continuously. We embarked on our digitization journey with AWS and migrated several business-critical processes to the cloud, including our own industry-specific software products, platforms, and R&D projects,” said Nitin Pai, chief strategy officer and chief marketing officer at Tata Elxsi. “AWS's robust cloud infrastructure and affordable services enable us to launch new and innovative solutions, scale based on our clients’ needs, and enable compliance across different jurisdictions. The launch of the second AWS Region in India offers a welcome boost for us to foster greater business resilience.”

India-based AWS Partners also welcome the AWS Asia Pacific (Hyderabad) Region

The AWS Partner Network (APN) includes tens of thousands of independent software vendors (ISVs) and systems integrators (SIs) around the world. AWS Partners build innovative solutions and services on AWS, and the APN helps by providing business, technical, marketing, and go-to-market support to customers. AWS SIs, consulting partners, and ISVs help enterprise and public sector customers migrate to AWS, deploy mission-critical applications, and provide a full range of monitoring, automation, and management services for customers' cloud environments. Examples of India-based AWS Partners include Biz2credit, BlazeClan, BluePi, Capillary, Cloud Kinetics, Darwinbox, Dataevolve Solutions, Deloitte, Gupshup, Hostin, Infosys, Manthan, Minfy Technologies, Powerupcloud, Progressive Infotech, Redington, Tata Consultancy Services, Trigyn Technologies, Umbrella Infocare, and Wipro. For the full list of AWS Partners, visit aws.amazon.com/partners.

Built-in-the-cloud systems integrator Minfy is an AWS Premier Tier Services Partner headquartered in India with offices in Southeast Asia, United States, and Australia. Since 2016, Minfy has helped more than 320 commercial and public sector customers innovate and digitally transform in the cloud. “Minfy works with many companies, state governments, and large public sector organizations in India, including National Skill Development Corporation, Dalmia Bharat, Exidelife, BookMyShow, MapmyIndia, and Tata Trusts, that build and run their service offerings at scale,” said Vikram Manchanda, CEO at Minfy. “As many of our customers manage highly confidential citizen data, we need to meet strict data security and governance requirements when we migrate their workloads to the cloud. The AWS Asia Pacific (Hyderabad) Region will help us confidently meet these requirements while we deliver highly reliable and available solutions that help customers improve the quality of their service delivery for citizens with our deep tech capabilities in healthcare, life sciences, financial services, energy, and sustainability.”

Commitment to sustainability

As part of The Climate Pledge, Amazon is committed to reaching net-zero carbon across its business by 2040 and is on a path to powering its operations with 100% renewable energy by 2025, five years ahead of the original 2030 target. Amazon is the world’s largest corporate purchaser of renewable energy, and as of the end of 2021, reached 85% renewable energy across its business. In September, Amazon announced its first utility-scale renewable energy projects in India—420 megawatts (MW) of combined capacity across three solar farms located in the state of Rajasthan. Once fully operational, these solar projects will have the combined capacity to generate 1,076,000 megawatt hours of renewable energy per year, enough to power more than 360,000 average-sized households in New Delhi annually (based on the average energy consumption per Indian household of 250 kilowatt hours from Statista). Amazon now has 57 renewable energy projects across Asia Pacific.

About Amazon Web Services

For over 15 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud offering. AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 200 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 96 Availability Zones within 30 geographic regions, with announced plans for 15 more Availability Zones and five more AWS Regions in Australia, Canada, Israel, New Zealand, and Thailand. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. To learn more about AWS, visit aws.amazon.com.

About Amazon

Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Amazon strives to be Earth’s Most Customer-Centric Company, Earth’s Best Employer, and Earth’s Safest Place to Work. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Career Choice, Fire tablets, Fire TV, Amazon Echo, Alexa, Just Walk Out technology, Amazon Studios, and The Climate Pledge are some of the things pioneered by Amazon. For more information, visit amazon.com/about and follow @AmazonNews.

What is the difference between cloud computing and virtualization?

Understanding the distinctions is essential for companies looking to modernize and maximize resources.

Cloud computing and virtualization are not interchangeable terms, nor are they two different options to choose from when building your IT environment, system or networks. Virtualization was created in the 1960s to maximize hardware resources by creating a virtual layer on top of a host or a computer. Virtualization is at the core of cloud computing. Thanks to it, cloud vendors can provide a wide range of different services, operating systems and other virtual machines while maximizing data centers.

What is cloud computing?

Cloud computing revolutionized IT infrastructures by removing hardware and software costs from the equation and allowing customers to access these resources via the internet. Cloud computing resources include physical and virtual services, applications, data storage, development tools, AI-powered services and VMs.

Cloud assets are hosted at cloud data centers and managed by cloud service providers. Cloud computing allows companies to pay only for what they use, operate with high levels of security, automate with inbuilt cloud features and leverage innovations like machine learning.

Cloud computing can run on public clouds offered by vendors like Google Cloud, Microsoft Azure Cloud and Amazon Web Services, or on private clouds.

Key features of cloud computing

• Lowers costs while improving access to technology: Cloud computing allows organizations to access the latest technology while not investing in the expensive hardware and software that powers innovations.

• Improves deployment and return on investment: Deploying IT systems in the cloud drastically reduces the time it takes for companies to begin operating, and it rapidly impacts performance and returns on investment.

• Services, scale, support and security: Cloud vendors offer a wide range of services, full support for all level workers and built-in security, and these features reduce costs and can help improve business and strengthen its security posture — scaling in the cloud can be done in just a few clicks.

• Virtualized IT: With cloud computing, organizations can quickly create their virtualized IT infrastructure — servers, operating systems, software, networks and other infrastructure.

What is virtualization?

Virtualization is the creation of VMs layered over a host. Using software called a hypervisor, users can create several VMs on their data servers, computers or hosts. For example, with virtualization, if a customer needs to run three different operating systems, macOS, Windows and Linux, instead of having to power up three machines, the user can create them virtually in just one data center or host.

While anyone can create their VM, in cloud computing, virtualization is taken to the limit. Virtualization is the essence of cloud computing. Cloud vendors make the most of their data centers and hosts by offering all kinds of VMs that can be deployed with just a few clicks. Virtualization not only saves time and money. VMs can move from one host to another almost instantly, avoiding the risks of downtime if one host shuts down.

The software that coordinates VMs on a host is called a hypervisor. It acts as an interface between the physical hardware and the VMs, ensuring all VMs have the processing power and resources they need from the hardware. VMs are, as the term implies, a device that only exists virtually, in the form of software. VMs can replicate operating systems or create virtual networks.

Type 1 hypervisors or “bare-metal” are the most common hypervisors used to create VM. They interact directly with the hardware and physical resources replacing the traditional operating system. Type 2 hypervisors run as an application on the OS installed in the main hardware and are primarily used in endpoint devices to run an alternative OS.

Key features of virtualization

• Virtual machines: Virtualization creates VMs on main hosts.
• Agility and performance: The ability to create VMs on one hardware gives companies endless possibilities to maximize resources.
• Saves costs: Virtualization saves costs by creating VMs and IT infrastructure on the cloud or other data centers, and VMs also improve disaster recovery and business continuity.
• Virtual OS and Virtual Networks: Organizations can leverage different OS and networks by deploying VMs, and this allows them to build sophisticated IT architectures while keeping costs low.
• Support DevOps: VMs can easily be turned off or on, migrated and adapted, providing maximum flexibility for development, and they can also serve to test environments, rapidly migrate and consolidate systems in one server.

How do cloud computing and virtualization differ?

Without the concept of virtualization, there would be no cloud computing. The difference between cloud computing and virtualization is that the first is a term reserved for computing resources that are accessible on-demand via the internet. In contrast, virtualization refers to simply creating VMs that are solely software layered on top of a host or main hardware.

On the other hand, cloud computing is a broader term that encompasses everything that the cloud offers, from data storage to AI analytics. Cloud computing is a service usually offered to customers as Infrastructure as a Service, Platform as a Service and Software as a Service. While virtualization may also be provided as a service, it is more commonly used as a technical term. The term defines how hardware resources are used to create virtual networks and VMs.

Courtesy: https://www.techrepublic.com/

Cloud computing: Migration is not stopping and there's no going back

Cloud computing spending continues to rise – and once apps have moved to the cloud, they tend to stay there.

Tech analyst Gartner is predicting that spending on public cloud computing services will grow 20.7% in 2023 to $591.8 billion – up from the $490 billion predicted for 2022, which Gartner says represents a growth rate of 18.8%. 

The world, arguably, has become a trickier place to predict these days with so many concurrent global events happening. Amazon's latest forward-looking statement lists COVID-19, exchange rates, geopolitical tensions, recession, inflation, interest rates, global labor shortages and supply chain issues, world events, the rate of growth of the internet, e-commerce and cloud as factors impacting its guidance.  

Gartner's analysts offer an outlook for public cloud spending, which reflects some of this uncertainty.

"Current inflationary pressures and macroeconomic conditions are having a push and pull effect on cloud spending," Sid Nag, vice president analyst at Gartner, said in a press release. 

"Cloud computing will continue to be a bastion of safety and innovation, supporting growth during uncertain times due to its agile, elastic and scalable nature."

Amazon last week reported AWS revenue growth slowed in the third quarter to 27.5%. It missed analysts estimates and was the slowest year-on-year growth since 2014. AWS was launched in 2006. Microsoft Azure and other cloud services revenue growth for Q1 fiscal 2023 was up 35%. Microsoft doesn't break out numbers specific to Azure.   

Microsoft Azure and Google Cloud are slowly taking share from AWS, but AWS is still the giant in public cloud, with 38.9% share of worldwide revenues in 2021, according to Gartner. Microsoft has a 21.1% share, followed by Alibaba at 9.5% and Google at 7.1%. 

Gartner's current forecast for public cloud spending includes cloud business process services (BPaaS), cloud application infrastructure services (PaaS), cloud application services (SaaS), cloud management and security services, cloud system infrastructure services (IaaS), and desktop-as-a-service (DaaS). 

The biggest categories are SaaS, IaaS, and PasS. Gartner forecasts 23.2% growth for PaaS and 16.8% for SaaS in 2023, but it also sees challenges from inflation and hiring. 

"Cloud migration is not stopping," said Nag. "IaaS will naturally continue to grow as businesses accelerate IT modernization initiatives to minimize risk and optimize costs. Moving operations to the cloud also reduces capital expenditures by extending cash outlays over a subscription term, a key benefit in an environment where cash may be critical to maintain operations.

"Higher-wage and more skilled staff are required to develop modern SaaS applications, so organizations will be challenged as hiring is reduced to control costs. But since PaaS can facilitate more efficient and automated code generation for SaaS applications, the rate of PaaS consumption will consequently increase."

Nag still sees spending on public cloud rising despite growth, profitability and competition pressures. There's also an element of lock-in, not to a specific vendor but by shifting workloads to the cloud, after which they are unlikely to move back to on-premise systems.

"Once applications and workloads move to the cloud they generally stay there, and subscription models ensure that spending will continue through the term of the contract and most likely well beyond. For these vendors, cloud spending is an annuity – the gift that keeps on giving," said Nag. 

Courtesy: zdnet.com