Tag Archives: strategic

JFrog taps partners, adds features to bolster DevOps platform

JFrog continues to bolster its core universal repository platform with new features and strategic partnerships to provide developers with a secure, integrated DevOps pipeline.

The Sunnyvale, Calif. company’s continued evolution includes partnerships with established companies to provide services around JFrog’s flagship Artifactory universal repository manager. This week, JFrog partnered with RunSafe Security of McLean, Va. to help secure code as it is created.

Under the partnership, RunSafe’s security software will plug into users’ Artifactory repositories to protect binaries and containers in development. RunSafe’s Alkemist tool adds protection to all compiled binaries as developers add them to Artifactory, said Joe Saunders, founder and CEO of RunSafe.

Alkemist inserts in CI/CD pipelines at build or deploy time. The security software hardens third-party, open-source components, compiled code that developers originate themselves, and it hardens containers as part of the process, he said.

“We immunize software without developer friction to enable continuous delivery of code or product,” Saunders said.

How RunSafe works with JFrog

Rather than scanning and testing the code, RunSafe inserts protections into the code without changing the functionality, slowing it down, or introducing any overhead.

“We eliminate a major set of vulnerabilities that are often attributed to both open source and general compiled code,” Saunders said. “That is all the memory based attacks, things like buffer overflow, etc.”

RunSafe launched a beta program for developers to try out the Alkemist plugin, as memory corruption-based attacks can be devastating and stopping them is no trivial exercise in most development environments.

“When a determined attacker understands the layout and memory allocations within an application, they can craft targeted exploits to devastating effect,” said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y. “And they can keep using those attacks as long as the underlying binaries remain the same. What RunSafe does is bring reduced-friction binary hardening to app development.”

RunSafe uses a “moving target approach” that changes the underlying binary in a way that keeps the app’s functionality intact while destroying the effectiveness of previous attacks, Gonsalves said.

“Just when a hacker thinks they know precise location of a buffer overflow vulnerability and how to exploit it, boom, RunSafe’s Alkemist plugin for JFrog users switches things up and effectively neutralizes the attack,” he said. “This is hand-to-hand combat with the bad guys at the binary level. That it can be done with negligible performance overhead and zero change in app functionality makes it an effective and important layer of defense in DevSecOps.”

RunSafe employs a process known as binary randomization to thwart intruders. This process eliminates the footing that exploits need to find and identify vulnerabilities in code. Randomization is typically a runtime protection, but RunSafe has added it into the development process.

“What you see now, especially when you have to move faster, is a full integration with your security pipelines,” said Shlomi Ben Haim, CEO of JFrog. The goal is to be able to avoid or to quickly resolve any kind of bugs or violations of vulnerability or license compliance issues, he said. “We want to provide continuous deployment all the way to the edge, fully automated, with no script.”

JFrog-Tidelift deal assures open source integrity

Regarding open source license compliance, JFrog recently partnered with Boston-based Tidelift. The companies introduced an integration between the Tidelift Subscription, a managed open source subscription, and JFrog Artifactory.

Tidelift checks that open-source software it supports is clean and secure with no licensing issues. The combination of the Tidelift Subscription and JFrog Artifactory gives development teams assurance  that the open source components they are using in their applications ‘just work’ and are properly managed, said Matt Rollender, Tidelift’s vice president of global partners, strategic alliances and business development, in a blog post.

“Customers save time by being able to offload the complexity of managing open source components themselves, which means they can develop applications faster, spend less time managing security issues and build fails, while improving software integrity,” said Donald Fischer, CEO of Tidelift.

As more enterprises include large amounts of open-source code to their repertoires, companies like Tidelift allow developers to use open-source without having to think twice. While Tidelift is somewhat unique in its approach, its competitors could include Open Collective, License Zero, GuardRails and Eficode.

“Tidelift is taking a very interesting approach to developing a way to sustainably manage the maintenance on open source software components and tools that are used at enterprise development,” said Al Gillen, an analyst at IDC. “The company is filling a niche that is not readily addressed by any other solutions in the market today.”

The Tidelift Subscription ensures that all open-source software packages in the subscription are issue-free and are backed and managed by Tidelift and the open source maintainers who created them.

“This means comprehensive security updates and coordinated responses to zero-day vulnerabilities, verified-accurate open source licenses, indemnification, and actively maintained open source components,” Rollender said.

JFrog tool updates

At its SwampUp 2020 virtual conference in June, JFrog introduced several new offerings and updates to existing products.

The company introduced CDN-based and peer-to-peer software package distribution mechanisms to help companies that have to deliver large volumes of artifacts to internal teams and external clients. The company also released new features for its JFrog Pipelines CI/CD offering, expanding the number of pre-built common functions, known as “Native Steps.”

In addition, JFrog introduced ChartCenter, a free community repository that provides immutable Helm Chart management for developers. Helm charts are collections of files that describe a related set of Kubernetes resources.

While JFrog has made some good strategic moves, a lot of them only strengthen the company’s core business as a repository, said Thomas Murphy, a Gartner analyst.

“They have a solid footprint and are very robust, but the question is, over the next three years as we see a move from a toolchain of discrete tools to integrated pipelines and value stream tooling, what do they do to be bigger and broader?” Murphy said. “I think of the growth in ability of GitLab and GitHub, and the expansion of Digital.ai and CloudBees in contrast.”

Go to Original Article
Author:

Microsoft to deliver intelligent cloud from Norway datacenters | Stories

Microsoft Cloud to accelerate digital transformation and innovation through a strategic partnership with Equinor and to the benefit of organizations across Norway

REDMOND, Wash., and OSLO, Norway — June 20, 2018 — Microsoft Corp. on Wednesday announced plans to further expand its significant and growing investment in cloud computing in Europe by delivering the intelligent Microsoft Cloud from two new datacenter regions in Norway: one in the greater Stavanger region and the other in Oslo.

The Microsoft Cloud, comprising Microsoft Azure, Office 365 and Dynamics 365, will offer enterprise-grade reliability and performance with data residency from new datacenter locations. Initial availability of Azure is planned for late 2019 with Office 365 and Dynamics 365 to follow. Microsoft has deep expertise protecting data, championing privacy, and empowering customers around the globe to meet extensive security and privacy requirements with Microsoft’s Trusted Cloud principles and the broadest set of compliance certifications and attestations in the industry.

“Over a billion customers around the world trust the intelligent Microsoft Cloud to provide a platform to help transform their businesses,” said Jason Zander, executive vice president, Microsoft Azure, Microsoft. “By delivering the Microsoft Cloud from new datacenter regions in Norway, organizations will be empowered through cloud-scale innovation while meeting their data residency, security and compliance needs.”

Equinor, an international energy company, has chosen the Microsoft Cloud in Norway to enable its digital transformation and drive cloud-enabled innovation. The strategic partnership is supporting Equinor’s digital journey through a seven-year consumption and development agreement valued in the hundreds of millions of dollars (USD). Leveraging the cloud is a prerequisite for the energy industry’s transformation toward a digital future, and secure, reliable and cost-efficient operations are a requirement for Equinor’s adaptation of the cloud.

“Equinor plays a central role in stimulating innovation and advancement of the Norwegian economy, and we are deeply honored to be partnering with them to help take their business into its next stage of growth through the intelligent Microsoft Cloud,” said Kimberly Lein-Mathisen, general manager, Microsoft Norway. “By bringing these new datacenters online in Norway, we are also very pleased to be able to pave the way for growth and transformation of many other businesses and organizations in Norway, whether they be large enterprises, government bodies, or any of the 200,000 small and medium-size businesses that create Norway’s thriving economy.”

Torbjørn Røe Isaksen, Norwegian minister of Trade and Industry said, “The Norwegian government is deeply committed to helping Norway thrive as a hub for digital innovation. Norway needs new industries that create jobs and boost economic growth. In February 2018 the Norwegian government released its datacenter strategy ‘Powered by Nature,’ establishing that attracting datacenters and international investments is an important part of our industrial policy. Therefore, we are very pleased to see Microsoft’s commitment to our country with this new datacenter. We believe that datacenters and cloud services will help ensure the competitiveness and productivity of Norwegian businesses and government institutions, and have a positive impact on our responsibility to our citizens to create an inclusive working life, to the environment, and to our economic development and job growth.”

The delivery of cloud services from Norway expands on Microsoft’s existing investments having operated in the country since 1990 with nearly 600 people working in offices in Lysaker, Oslo, Trondheim and Tromsø across sales, marketing and development, and a network of more than 1,700 partners. This new investment is the first time Microsoft will deliver the intelligent Microsoft Cloud from datacenters located in Norway and is expected to enable greater innovation for oil and gas and other industries, as well as the public sector.

Extending the value of the Microsoft Cloud regions for Norway, customers can also take advantage of hybrid cloud options with Microsoft Azure Stack. Available through service providers in the region, Azure Stack enables customers to develop solutions that harness the power of consistency between Azure and Azure Stack to cater to unique connectivity and compliance needs.

Microsoft has been rapidly expanding to meet an intensifying customer demand for cloud services. By investing in local infrastructure, Microsoft’s intelligent cloud services help companies innovate in their industries and move their businesses to the cloud while meeting data residency, security and compliance needs. Microsoft also has a long history of collaborating with customers to navigate evolving business needs and has developed strategies to help customers prepare for the new European Union General Data Protection Regulation (GDPR). We have invested to make the Microsoft Cloud GDPR compliant, are delivering innovation that accelerates GDPR compliance, and have built a community of experts to help customers along their full GDPR journey.

Office 365 and Dynamics 365 continue to expand the data residency options for customers with 18 geographies announced. The two products are the only productivity and business application platforms that can offer in-geo data residency across such a broad set of locations. Each datacenter geography delivers a consistent experience, backed by robust policies, controls and systems to help keep data safe and help comply with local and regional regulations.

Over the past three years, the number of Azure regions available has more than doubled. Azure has more regions than any other cloud provider with 52 regions announced across the globe.

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:
Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, [email protected]

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

Microsoft to deliver intelligent cloud from Norway datacenters | Stories

Microsoft Cloud to accelerate digital transformation and innovation through a strategic partnership with Equinor and to the benefit of organizations across Norway

REDMOND, Wash., and OSLO, Norway — June 20, 2018 — Microsoft Corp. on Wednesday announced plans to further expand its significant and growing investment in cloud computing in Europe by delivering the intelligent Microsoft Cloud from two new datacenter regions in Norway: one in the greater Stavanger region and the other in Oslo.

The Microsoft Cloud, comprising Microsoft Azure, Office 365 and Dynamics 365, will offer enterprise-grade reliability and performance with data residency from new datacenter locations. Initial availability of Azure is planned for late 2019 with Office 365 and Dynamics 365 to follow. Microsoft has deep expertise protecting data, championing privacy, and empowering customers around the globe to meet extensive security and privacy requirements with Microsoft’s Trusted Cloud principles and the broadest set of compliance certifications and attestations in the industry.

“Over a billion customers around the world trust the intelligent Microsoft Cloud to provide a platform to help transform their businesses,” said Jason Zander, executive vice president, Microsoft Azure, Microsoft. “By delivering the Microsoft Cloud from new datacenter regions in Norway, organizations will be empowered through cloud-scale innovation while meeting their data residency, security and compliance needs.”

Equinor, an international energy company, has chosen the Microsoft Cloud in Norway to enable its digital transformation and drive cloud-enabled innovation. The strategic partnership is supporting Equinor’s digital journey through a seven-year consumption and development agreement valued in the hundreds of millions of dollars (USD). Leveraging the cloud is a prerequisite for the energy industry’s transformation toward a digital future, and secure, reliable and cost-efficient operations are a requirement for Equinor’s adaptation of the cloud.

“Equinor plays a central role in stimulating innovation and advancement of the Norwegian economy, and we are deeply honored to be partnering with them to help take their business into its next stage of growth through the intelligent Microsoft Cloud,” said Kimberly Lein-Mathisen, general manager, Microsoft Norway. “By bringing these new datacenters online in Norway, we are also very pleased to be able to pave the way for growth and transformation of many other businesses and organizations in Norway, whether they be large enterprises, government bodies, or any of the 200,000 small and medium-size businesses that create Norway’s thriving economy.”

Torbjørn Røe Isaksen, Norwegian minister of Trade and Industry said, “The Norwegian government is deeply committed to helping Norway thrive as a hub for digital innovation. Norway needs new industries that create jobs and boost economic growth. In February 2018 the Norwegian government released its datacenter strategy ‘Powered by Nature,’ establishing that attracting datacenters and international investments is an important part of our industrial policy. Therefore, we are very pleased to see Microsoft’s commitment to our country with this new datacenter. We believe that datacenters and cloud services will help ensure the competitiveness and productivity of Norwegian businesses and government institutions, and have a positive impact on our responsibility to our citizens to create an inclusive working life, to the environment, and to our economic development and job growth.”

The delivery of cloud services from Norway expands on Microsoft’s existing investments having operated in the country since 1990 with nearly 600 people working in offices in Lysaker, Oslo, Trondheim and Tromsø across sales, marketing and development, and a network of more than 1,700 partners. This new investment is the first time Microsoft will deliver the intelligent Microsoft Cloud from datacenters located in Norway and is expected to enable greater innovation for oil and gas and other industries, as well as the public sector.

Extending the value of the Microsoft Cloud regions for Norway, customers can also take advantage of hybrid cloud options with Microsoft Azure Stack. Available through service providers in the region, Azure Stack enables customers to develop solutions that harness the power of consistency between Azure and Azure Stack to cater to unique connectivity and compliance needs.

Microsoft has been rapidly expanding to meet an intensifying customer demand for cloud services. By investing in local infrastructure, Microsoft’s intelligent cloud services help companies innovate in their industries and move their businesses to the cloud while meeting data residency, security and compliance needs. Microsoft also has a long history of collaborating with customers to navigate evolving business needs and has developed strategies to help customers prepare for the new European Union General Data Protection Regulation (GDPR). We have invested to make the Microsoft Cloud GDPR compliant, are delivering innovation that accelerates GDPR compliance, and have built a community of experts to help customers along their full GDPR journey.

Office 365 and Dynamics 365 continue to expand the data residency options for customers with 18 geographies announced. The two products are the only productivity and business application platforms that can offer in-geo data residency across such a broad set of locations. Each datacenter geography delivers a consistent experience, backed by robust policies, controls and systems to help keep data safe and help comply with local and regional regulations.

Over the past three years, the number of Azure regions available has more than doubled. Azure has more regions than any other cloud provider with 52 regions announced across the globe.

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

For more information, press only:
Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, [email protected]

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.

Updates to Adobe Document Cloud bring integrated PDF services to Office 365 – Microsoft 365 Blog

Last September, we expanded our strategic partnership with Adobe to focus on integrations between Adobe Sign and Office 365 products such as Microsoft Teams, SharePoint, Outlook, and more.

We’ve seen our customers make great use of the combination. For example, the State of Hawaii saved a significant amount of employee time while also improving document status versus paper-based processes—providing a double win over previous paper-based processes.

Building on this success, today the Adobe Document Cloud team announced new capabilities that deepen the integration with Office 365 and can save you and your team time. PDF services integrations provide new fidelity when working with PDF documents as part of Office 365. Once integrated by your administrator, PDF services provide rich previews of PDF documents right within OneDrive and your SharePoint sites.

A screenshot displays a non-disclosure agreement in the Adobe Document Cloud.

In addition to many reporting, sharing, and collaboration scenarios, PDF files are frequently used to create final or archived versions of content spanning across many different files. With PDF services and the newly introduced Combine Files by Adobe functionality, you can select several files and pull into one PDF with just a couple of clicks within SharePoint document libraries.

A screenshot displays a launch team group in SharePoint.

PDF services are now available in the ribbon for online versions of Word, Excel, and PowerPoint—making the creation of high-quality, full fidelity PDFs from these applications even easier.

PDF servicesalong with capabilities as part of Adobe Sign and upcoming Adobe Reader enhancements—are all part of Adobe Document Cloud. All share a commitment to productive integrations across Office 365—and we hope to see your team benefit from these integrations as well.

If you are an administrator, with Adobe Document Cloud, get started integrating with Office 365 with this guide. Adobe Document Cloud and Office 365 provide great complementary functionalities, and you can learn more about this and Adobe Sign integrations with Office 365. We look forward to seeing continued productivity improvements across the millions of joint customers that Adobe Document Cloud and Microsoft Office 365 share.

AI apps demand DevOps infrastructure automation

Artificial intelligence can offer enterprises a significant competitive advantage for some strategic applications. But enterprise IT shops will also require DevOps infrastructure automation to keep up with frequent iterations.

Most enterprise shops won’t host AI apps in-house, but those that do will turn to sophisticated app-level automation techniques to manage IT infrastructure. And any enterprise that wants to inject AI into its apps will require rapid application development and deployment — a process early practitioners call “DevOps on steroids.”

“When you’re developing your models, there’s a rapid iteration process,” said Michael Bishop, CTO of Alpha Vertex, a fintech startup in New York that specializes in AI data analysis of equities markets. “It’s DevOps on steroids because you’re trying to move quickly, and you may have thousands of features you’re trying to factor in and explore.”

DevOps principles of rapid iteration will be crucial to train AI algorithms and to make changes to applications based on the results of AI data analysis at Nationwide Mutual Insurance Co. The company, based in Columbus, Ohio, experiments with IBM’s Watson AI system to predict whether new approaches to the market will help it sell more insurance policies and to analyze data collected from monitoring devices in customers’ cars that help it set insurance rates.

“You’ve got to have APIs and microservices,” said Carmen DeArdo, technology director responsible for Nationwide’s software delivery pipeline. “You’ve got to deploy more frequently to respond to those feedback loops and the market.”

This puts greater pressure on IT ops to provide developers and data scientists with self-service access to an automated infrastructure. Nationwide relies on ChatOps for self-service, as chatbots limit how much developers switch between different interfaces for application development and infrastructure troubleshooting. ChatOps also allows developers to correct application problems before they enter a production environment.

AI apps push the limits of infrastructure automation

Enterprise IT pros who support AI apps quickly find that no human can keep up with the required rapid pace of changes to infrastructure. Moreover, large organizations must deploy many different AI algorithms against their data sets to get a good return on investment, said Michael Dobrovolsky, executive director of the machine learning practice and global development at financial services giant Morgan Stanley in New York.

“The only way to make AI profitable from an enterprise point of view is to do it at scale; we’re talking hundreds of models,” Dobrovolsky said. “They all have different lifecycles and iteration [requirements], so you need a way to deploy it and monitor it all. And that is the biggest challenge right now.”

Houghton Mifflin Harcourt, an educational book and software publisher based in Boston, has laid the groundwork for AI apps with infrastructure automation that pairs Apache Mesos for container orchestration with Apache Aurora, an open source utility that allows applications to automatically request infrastructure resources.

Long term, the goal is to put all the workload management in the apps themselves, so that they manage all the scheduling … managing tasks in that way is the future.
Robert Allendirector of engineering, Houghton Mifflin Harcourt

“Long term, the goal is to put all the workload management in the apps themselves, so that they manage all the scheduling,” said Robert Allen, director of engineering at Houghton Mifflin Harcourt. “I’m more interested in two-level scheduling [than container orchestration], and I believe managing tasks in that way is the future.”

Analysts agreed application-driven infrastructure automation will be ideal to support AI apps.

“The infrastructure framework for this will be more and more automated, and the infrastructure will handle all the data preparation and ingestion, algorithm selection, containerization, and publishing of AI capabilities into different target environments,” said James Kobielus, analyst with Wikibon.

Automated, end-to-end, continuous release cycles are a central focus for vendors, Kobielus said. Tools from companies such as Algorithmia can automate the selection of back-end hardware at the application level, as can services such as Amazon Web Services’ (AWS) SageMaker. Some new infrastructure automation tools also provide governance features such as audit trails on the development of AI algorithms and the decisions they make, which will be crucial for large enterprises.

Early AI adopters favor containers and serverless tech

Until app-based automation becomes more common, companies that work with AI apps will turn to DevOps infrastructure automation based on containers and serverless technologies.

Veritone, which provides AI apps as a service to large customers such as CBS Radio, uses Iron Functions, now the basis for Oracle’s Fn serverless product, to orchestrate containers. The company, based in Costa Mesa, Calif., evaluated Lambda a few years ago, but saw Iron Functions as a more suitable combination of functions as a service and containers. With Iron Functions, containers can process more than one event at a time, and functions can attach to a specific container, rather than exist simply as snippets of code.

“If you have apps like TensorFlow or things that require libraries, like [optical character recognition], where typically you have to use Tesseract and compile C libraries, you can’t put that into functions AWS Lambda has,” said Al Brown, senior vice president of engineering for Veritone. “You need a container that has the whole environment.”

Veritone also prefers this approach to Kubernetes and Mesos, which focus on container orchestration only.

“I’ve used Kubernetes and Mesos, and they’ve provided a lot of the building blocks,” Brown said. “But functions let developers focus on code and standards and scale it without having to worry about [infrastructure].”

Beth Pariseau is senior news writer for TechTarget’s Cloud and DevOps Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Microsoft and Adobe announce an expanded partnership around Adobe Sign and Microsoft Teams

Almost exactly a year ago, Microsoft and Adobe announced a strategic partnership around Microsoft’s Azure cloud and Adobe’s Marketing Cloud. That, however, was only a first step for the two companies. Today, they are announcing a major expansion of this partnership that sees them collaborating around e-signatures and team communications.

Specifically, this expanded deal means that Adobe Sign will become Microsoft’s preferred e-signature solution, with integrations into Office 365 and Dynamics 365, while Microsoft Teams — the company’s Slack competitor — will become the preferred collaboration service for the Adobe Creative Cloud, Document Cloud and Experience Cloud.

Microsoft will also integrate Adobe Sign into services like its workflow automation service Flow, and the Microsoft bot framework will be able to talk to Sign, too, to check on the status of an approval process, for example. And when a user drops a new template into a specific Creative Cloud folder, Flow will also be able to see this and automatically route the document through the approval process.

Similarly, Adobe will also make Microsoft Azure its preferred cloud of Adobe sign. This means Adobe’s Creative Cloud tools, for example, will see deep integrations into Microsoft Teams.

The Adobe Sign integration with Teams, Flow, Word, PowerPoint and Outlook will go live in the coming weeks. The Creative Cloud integration with Microsoft teams will also launch soon, with the integrations into the Adobe Experience Cloud following after that.

Adobe’s Jon Perera, the company’s VP of product development for its Document Cloud, told me that he expects this deal will also make other Adobe products, including the likes of the Adobe Stock stock imagery marketplace, more discoverable, and will hence drive more users to it. The two companies also expect to do a lot of joint enterprise customer engagements and campaigns.

Microsoft and Adobe obviously share a huge number of customers already, while their product portfolio only overlaps in a few areas. That makes for an easy partnership, though it comes as a bit of a surprise that Microsoft wouldn’t want to build its own e-signature solution. I asked Microsoft’s corporate VP for Office 365 about this. “As a company, we always wanted a very strong partner ecosystem. We can’t do it all,” he told me. “What’s best for our company is to have a strong partner ecosystem. We do what each does best.”