DEV Community: Niharika

Pros and Cons of Different Cloud Environments – Public, Private, Hybrid and Multi-Cloud

Niharika — Thu, 11 May 2023 09:54:35 +0000

Cloud adoption is no longer an option now. Irrespective of the size or domain of operation, businesses all over the world are migrating to the cloud. While the new-age enterprises are already cloud-native, the older, established businesses are also embarking on their cloud migration journey. As is the case with technology perennially, even cloud computing is evolving at a break-neck speed. It is a booming industry which is always ready to exceed expectations by challenging the status quo and delivering new and improved solutions for business-critical problems. In fact, Fortune Business Insights predicts that the 2021-2028 period will make the global market for cloud storage worth more than $390 billion.
It is obvious that as the needs of enterprises evolve over time, they will prefer to have the ability to choose the cloud environment that is apt for their business needs. Enterprises, as of today, have more options in the cloud ecosystem. They are ready to make more investments in hybrid and multi cloud environments as it can provide them with greater flexibility and competitive advantage.
Let us then try and understand the origins of cloud computing, the different types of cloud available in the market, and the modifications and evolutions that have happened over a time period to suit the growing business needs of enterprises.

Evolution of Cloud Computing

What began as a novel and innovative concept has, over the years, become a disruptive endeavour. Modern cloud computing infrastructure is believed to have been developed in the 1990s when VPNs or virtual private networks were being used by businesses. Then came the pioneer Salesforce which offered its Software-as-a-Service over the Internet, an endeavour made possible by cloud computing. This was followed by Amazon Web Services being created in 2006 and the subsequent release of their offering Elastic Compute Cloud (EC2) in the market, which enabled customers to use virtual machines on rent as infrastructure for their data and applications. Powered by cloud computing, innovative streaming media giant Netflix, launched its streaming services online in 2007. A lot has happened since then, with Amazon, Google, Microsoft, and OpenStack all coming up with their cloud divisions in 2010 to make cloud services available for the masses, and since then, there has been an exodus of enterprises to the cloud via transitions and migrations.

Classification of Cloud Computing

Cloud computing involves a broad spectrum of architecture models, classifications and types. Let us understand the four main categories of the cloud:

Public Cloud
Private Cloud
Hybrid Cloud
Multi Cloud

Public Cloud

Public cloud is a type of computing service provided by vendors like Google, Amazon, Microsoft etc., which enables users to make use of the compute, storage, applications and deploy-and-develop environments to individual users or organizations on-demand over the public internet or through a dedicated connection for free or on a subscription / pay-per-use fee. The services include databases, firewalls, management tools, and different types of Platform-as-a-Service and Software-as-a-Service offerings. It is an alternative deployment approach to traditional on-prem IT architectures. Once upon a time, Netflix used to have its own IT infrastructure, but as demand fluctuated at different times of the day, in order to cater to its subscribers’ demands, it has moved a large part of its data centre operations to the public cloud. They particularly faced an issue during the evening and especially at weekends when demand would spike. So they signed up for Amazon’s cloud services and would pay only for the peak timings when there would be high demand, and in this case, they would use the Amazon regional data centres nearest to the user.

Benefits & Challenges of using Public Clouds:

Benefits of the public cloud include lower CAPEX investments as they do not have to set up and maintain on-premises infrastructure, high scalability to meet fluctuating demands, the flexibility of paying as per use and access to analytics for better business insights.
However, as public cloud resources run on a multi-tenant shared infrastructure that is available to users worldwide over the internet, they may be subjected to network bandwidth and connectivity issues. Along with it comes the issue of vendor lock-in, which can make migration between two cloud providers very difficult.

This is where private clouds come into play.

Private Cloud

A private cloud is pretty much like a public cloud, offering the same set of services in computing, storage and networking and scalability. However, the difference is that it is based on a single-tenant architecture that runs on privately owned infrastructure. A private cloud can be hosted at the organization’s own data centre by building layers of virtualization and cloud service over it, at a third-party facility or via a private cloud provider who offers private cloud hosting services.

Benefits and Challenges of Using Private Clouds:

Some of the benefits of opting for private clouds over public clouds are a higher level of security as organizations have the same amount of control as they would have on their own on-premises infrastructure, greater reliability due to dedicated channels for that organization only, greater long term savings even though it does warrant initial investment as the organization already has the hardware and network in place, almost similar costs every month irrespective of the workloads and greater adherence to data privacy. For instance, it is mandatory, as per GDPR, that EU residents’ data should remain inside the EU only.
However, the challenges with private clouds are that they need a high initial investment, on-demand scalability could become an issue due to the lengthy procurement process and capacity management needs to be done, which compounds the work of internal cloud operations staff.

Hybrid Cloud

A hybrid cloud is a combination of public and private cloud services. It is maintained by external and internal cloud service providers and with orchestration between the two. It combines the best of both worlds, i.e. the scalability to accommodate demand spikes which is offered by public clouds, and the secure maintenance of sensitive and critical data and applications in a private cloud. A hybrid cloud offers multiple advantages, such as flexible deployment options, the ability to move between different cloud environments and greater control on the spends.

A Case Study on Hybrid Cloud – Walmart

An example of a company using a Hybrid Cloud is Walmart, also known as the Triplet Model.

“We always blaze our own trail at Walmart, and that includes building one of the largest hybrid clouds in existence. This “Triplet Model,” as we call it, is innovative and powerful, both by design and deployment. By pairing public clouds (Google and Microsoft) with our Walmart Private Clouds via a regional cloud model across the U.S. (West, Central and East), we’re enabling 10,000 edge cloud nodes at our facilities and bringing computational power and data closer to our customers and associates. ”

– Suresh Kumar, Executive Vice President, Global Chief Technology Officer and Chief Development Officer, Walmart Inc

According to the Wall Street Journal, this move by Walmart, wherein it has built powerful custom software that enables it to run its back-end operations across any cloud system, has helped it save thousands of dollars in revenue. By placing the workloads in the right place, they have ensured that the application performance is high and there is low latency across the locations. Additionally, the model offers greater scalability and flexibility to react to increased demands during peak hours, along with reducing the cloud cost by 10-18%. With increasing interoperability between public clouds, hybrid clouds will soon become the norm.

Multi Cloud

When an organization uses cloud computing services from at least two different cloud providers (could be two or more public clouds or two or more private clouds or a combination of both) to run their applications, it is said to be using multi cloud infrastructure. Multi-Cloud computing solutions are portable across multiple cloud providers’ cloud infrastructures. They are typically built on open-source, cloud-native technologies like Kubernetes, and as this technology is supported by all public cloud providers, enterprises using multi clouds have the flexibility & portability to migrate, build and optimize applications across multiple clouds and computing environments. Multi cloud environments are also compatible with DevOps practices and other cloud-native application technologies such as containers and microservices architecture that enable portability. Many enterprises are looking forward to implementing multi cloud strategies as it enables them to run applications wherever needed without adding to the complexity.

Hybrid and Multi Cloud – How do they differ?

At the outset, Hybrid and Multi Cloud may look very similar and are sometimes used interchangeably, but they refer to two distinct concepts. Yes, they both make use of multiple cloud environments from multiple vendors, but what fundamentally separates them is the type of cloud infrastructure. By implementing a multi cloud strategy, enterprises can work on different workloads by making use of cloud computing services from two or more public cloud vendors. In the case of hybrid clouds, however, enterprises work on common workloads that are deployed across multiple computing environments.
While multi cloud deployments interconnect services from separate cloud environments for different purposes, they do not necessarily need to connect the clouds. Hybrid cloud deployments on the other hand, need to have an orchestration between the various cloud environments ( i.e. an on-premises or a private cloud and a public cloud) as they address the same workload.

Benefits & Challenges of Multi Cloud:

Enterprises implementing Multi cloud architecture can reap multiple benefits, such as improving the flexibility and agility of the IT in the organization. Due to an increase in the number of players offering Cloud computing as a service, enterprises now have a wide array of options in the cloud ecosystem. Therefore, investment in multi-cloud is set to overtake legacy IT and private cloud spending in the next few years.

Here are some of the key benefits that can be achieved with multi cloud computing:

1. Avoid vendor lock-in: No more worrying about being at the mercy of one cloud provider. With multi cloud approach, enterprises can choose the solution that best meets their business requirements and the same time, reduce data, interoperability and cost issues, which often arise due to dependency on one cloud provider.

2. Best of each cloud: The idea of having a multi cloud approach is to reap the benefits offered by cloud providers without having to worry about speed, performance, reliability, geographical location, and security and compliance requirements.

3. Lower Total Cost of Ownership (TCO): By implementing multi-cloud strategy, enterprises can minimize their IT spending and take advantage of an optimum combination of pricing and performance across different cloud providers, thereby lowering the total cost of ownership.

4. Greater reliability and redundancy: By reducing the risk of a single point of failure, multi cloud deployment adoption significantly mitigates unplanned downtime or outages. This is because an outage in one cloud will not affect the workloads running on other clouds.

5. Enhanced Security & Regulatory Compliance: Multi cloud strategy also ensures security policies and regulatory compliance is consistent across all workloads irrespective of the vendor, service or environment.

Even with all the benefits listed above, there can be quite a few daunting challenges with multi cloud strategy implementation. One of the major roadblocks is a significant increase in management complexity. Business needs, design and development drivers, and architecture constraints due to existing systems need to be considered when implementing a multi cloud strategy and this adds to the increased management complexity. Maintaining consistent security is also a hindrance because the same workload is running on different clouds. In addition, integrating software environments and difficulty with achieving consistent performance and reliability across clouds also add to the challenges of implementing a multi cloud strategy. Lastly, implementing multi cloud involves an initial investment that could be costly for enterprises. However, these costs balance out in the long run offering a lower total cost of ownership (TCO)

Use cases of Multi Cloud:

Let us now look at some of the use cases of multi cloud and that would explain why it is getting popular as a strategy:

Disaster Recovery: Multi Cloud helps enterprises back up mission-critical applications so that in cases there is a disaster or single vendor outage, they can rely on other cloud providers.
Lower Latency: Organizations with a global footprint can serve their customers better by implementing a multi cloud strategy, as it gives them access to servers in different locations and provides them with better connections with low latency.
Extended Arm of IT: By implementing a multi cloud strategy, organizations can have better control of software and hardware asset utilization by providing employees with the appropriate cloud technologies that comply with security standards and policies.
Address Regional Requirements: With the added flexibility of switching between on-premises, public and private landscapes from different vendors, multi cloud strategy allows enterprises to adhere to region-specific compliance regulations.

As of today, many enterprises globally are transitioning from on-premises data centre to an option that incorporates cloud infrastructure. In these circumstances, they must choose the service provider in accordance with their current and future business needs.

The Importance of Security Operations Center (SOC)

Niharika — Thu, 23 Mar 2023 08:42:07 +0000

Enterprises across the globe are aware that cybercriminals do not follow standard working hours to strike an attack on a company’s cyber assets. They are known to act swiftly on weekends, holidays and after hours, wherein the threat response time tends to lag a lot. Therefore, the need for dedicated Security Operations Centres is crucial, and this is irrespective of the size or domain of the enterprise. This brings us to the definition of what is a SOC. A Security Operations Center, otherwise known as SOC, is a critical centralized unit within an organisation responsible for monitoring, detecting, investigating, responding and preventing its security posture and threat 24 x 7, which is managed by the IT security or InfoSec team. Thus, SOC acts as a hub, ensuring an organization’s IT network always operates securely, round the clock.

Need for a Security Operations Centre (SOC)

**
SOC utilizes a combination of the right tools and the right people to build, operate and maintain the security architecture within an organization using advanced technologies. A SOC’s primary function is to monitor & protect an organization’s IT assets, IPR, personnel data, and business systems and, thus, safeguard brand integrity. In addition, the SOC engineers strategize and implement a comprehensive cyber security strategy that encapsulates activity on servers, networks, applications, endpoint devices, websites, and other critical internal systems to identify and detect a vulnerability and defend most effectively against it.

Let us look at the responsibilities of a SOC in detail:

24/7 Monitoring:
Proactive, around-the-clock monitoring of the organization’s network ecosystem for threat and incident response.

Log Monitoring:
Analysis of logs, network traffic patterns, and other external data sources to identify potential vulnerabilities.

Threat Intelligence:
Threat intelligence can assist the SOC team in making the right decisions to prevent an attack and decrease the time it takes to discover the threat in action.

Threat Hunting:
The threat-hunting module within a SOC is aimed at finding cyber threats within an enterprise’s network before they do any harm.

Root Cause Analysis:
Root cause analysis (RCA) is a systematic analysis & process to define, measure, analyze, improve, control and document the root cause of an incident to ensure the incident is not repeated.

Rules/ Policies Creation:
Create consistent policies that integrate best practices and organizational requirements for monitoring, incident response, reporting, and staffing.

Playbook Preparation:
A playbook defines a security workflow by outlining the steps teams will take to handle different security incidents in real-time. SOC playbooks drive teams to collaborate effectively to resolve incidents as fast as possible.

Blue Teaming:
A blue team is a company’s own cybersecurity employees and teams within a Security Operations Centre (SOC), which adds vital human intelligence to tools and tech. A mock attack scenario prepares them for real-world attacks and brings them in to identify, respond and defend against the attack.

Assessment & Compliance Audit:
SOC defines auditing procedures for organizations to securely manage data to protect their interests and privacy.

Device Management:
A SOC acts like the hub managing all of the organization’s IT infrastructure, including networks, devices, appliances, tools and databases, and other assets.

Roles within a SOC and Structure

Several tiers of security professionals, engineers and administration roles make up the SOC in an organization. Members of a SOC team include:

SOC Manager:
This role essentially supervises the overall security systems and procedures.

Analysts:
Analysts are responsible for compiling and analysis of the data, either from a fixed duration of time (previous week, quarter, or month) or after an incident has occurred. Depending upon the size of the SOC piece, there may be different tiers within the analyst role (senior/junior/lead).

Investigator:
The investigator’s role revolves around understanding the breach and investigating the reasons behind the same. They work in close tandem with the responder (one person may perform both “investigator” and “responder” roles).

Responder:
Responding to a security breach is the most critical task during a crisis. A responder is called in to address the issue.

Auditor:
SOC auditor is responsible for regularly auditing the systems to ensure compliance with regulations, which may be issued by an organization, industry, or governing bodies. Examples of these regulations include GDPR, HIPAA, and PCI DSS.

SOC Models

The security operations center (SOC) is the heart of an organization’s cybersecurity framework. Organizations may differ in terms of their expectations and requirements from a SOC. Based on geography, underlying infrastructure, regulatory needs, or budget, organizations may want to pick and choose among different SOC Models, as one size may not fit all. The Gartner Security Operations Centre (SOC) Hybrid-Internal-Tiered (HIT) Model suggests three models which organizations can evaluate and determine which SOC model would best align with their needs and requirements.

The three SOC models, as suggested by Gartner, are:

Hybrid SOC:
A hybrid SOC structure is an amalgamation of internal organization resources and managed service providers that together deliver to reduce the likelihood & impact of cyber-attacks. It usually engages a Managed Security Service (MSS), Managed Detection & Response (MDR), or a managed SIEM provider. This model helps reduce 24 x 7 operations costs and, thus, is preferred by SMEs and large organizations alike.

Internal SOC:
An internal SOC comprises of organization-owned threat detection and response team which functions round the clock, in-house. The organization designs and implements robust processes and frameworks to run the complete SOC structure and manage the SOC triad: People, Process, and Technology. Within an internal SOC implementation, enterprises may occasionally outsource a few specialized functions by choice (e.g. Technical Testing). Internal SOCs are CAPEX & OPEX heavy. Usually, they are preferred by organizations with deep pockets as the staff prerequisite for 24 x 7 coverage, and tool licenses are capital intensive.

Tiered SOC:
A tiered SOC model is made up of various stand-alone and independent SOCs inside an organization. Large and geographically distributed organizations with global operations usually prefer the tiered model. The individual SOCs are orchestrated by a parent (top-tier) SOC. Another implementation of a tiered approach may be within organizations with smaller groups or business units which need SOCs to run independently within these groups.
The security functions within a tiered SOC model are led by the top-tier SOC, which handles threat intelligence and response and lays down procedures and specifications for SOC operations.

Benefits of having a Security Operations Center (SOC)

A SOC is an indispensable part of the overall cyber-security strategy for an enterprise today. A robust SOC ensures continuous network monitoring, centralized visibility, and better collaboration for the IT teams in an organization.
Let us look at the benefits of the Security Operations Center:

Continuous Monitoring and Prevention:
SOCs run 24 x 7 x 365, and uninterrupted operations are one of the most crucial aspects to thwart any threat over the organization’s network. SOCs ensure monitoring and prevention at all hours, even outside of standard business hours.

Effective Incident Response:
SOC workflows define a standard set of procedures to be followed when the crisis hits. This reduces the time elapsed between incident detection and incident management. In addition, the SOC analysts further work on studying the threat and its implications and the probability of the same threat to re-engineer & pose a threat.

Centralized Visibility:
Today’s enterprise networks have become much more complex with the advent of remote working, the Internet of things (IoT), Bring-your-own-device (BYOD), and the geographical spread of larger organizations. Effectively securing such a disparate network demands a comprehensive, modern technology stack with an integrated network visibility system which is a SOC.

Organization-wide Collaboration:
An organization must have clear and transparent processes to report a security incident. A SOC brings people, processes, and technology within the same group to effectively communicate & collaborate when a threat hits. The SOC team also works towards raising awareness about new threats within the organization to its employees and other internal stakeholders.

Reduction in Cyber security costs:
SOC is a centralized hub to tackle malicious attacks. It removes the need for each function, department, location, or vertical to invest in the latest preventive tools licenses and thus brings down the overall CAPEX towards cyber security.

Additionally, threat management using SOC helps to bring down the effect of a breach and the potential costs the breach may incur via data exposure, legal cases, or business reputation damage.

Compliance Management:
SOC ensures regular system audits and compliance towards industry, quality systems, or government. These audits also help uncover any other lapses within the systems that may put sensitive data within the organization at risk & thus shield the organization from reputational damage and other legal challenges in the future.

SOC as a Service (SOCaaS)

With the ever-evolving cyber security ecosystem and growing complexity of vulnerabilities, an organization may need help to operate an effective and mature SOC in-house. Organizations may face issues with finding skilled cyber-security talent or expensive to retain them for 24 x 7 critical SOC operations. Also, a robust SOC involves investment in a plethora of security tools, technologies & solutions to address the vulnerabilities as digital attack surface continues to increase as an organization accelerates towards digitization.

The solution to this is Managed Security Operations Center (Managed SOC) or Security Operations Center as a Service (SOCaaS). SOCaaS allows a solution provider to operate and maintain a fully managed SOC on a subscription basis. SOCaaS encompasses the entire gamut of security functions performed by a traditional, in-house SOC (network monitoring, log management, threat detection, intelligence & response, incident investigation, reporting, and risk audit & compliance). The managed service provider for SOC services also carries the responsibility for the SOC staffing, processes, technologies, and tools & compliance with procedures needed for round-the-clock support and SOC operations.
According to a report by Markets and Markets, the global Security Operations Center as a Service (SOCaaS) market size is projected to reach USD 10.1 billion by 2027, at a CAGR of 10.5% from 2022 to 2027.

Benefits of SOCaaS

Organizations planning to build an in-house SOC or that are already operating an in-premises SOC may decide to outsource SOC management and deployment depending on the maturity level of their organization, current security posture, and management decisions.

Some of the benefits of moving to a SOCaaS are:

Faster Deployment and Remediation:
Managed SOC services ensure that the latest technology, tools, and expert people are always available to manage the threat. Outsourcing also ensures faster deployment as compared to building, deploying, and setting up SOC operations all by itself from an organization’s perspective.

Lower risk of loss from a breach:
SOCaaS provides organizations with access to hyper-specialized security experts from the industry talent pool without the overhead of hiring or retaining talent. These resources are critical to handling security events, analysis of network activities, and the formulation of a remediation strategy.

Access to the latest technologies:
It has been observed that one of the common causes of breaches is outdated software or operating systems or modules not upgraded with the latest patches. With understaffed IT teams, paying attention to this aspect is difficult, thus inviting attackers and cybercriminals. SOCaaS ensures dedicated resource alignment towards updating systems with the latest updates, tool licenses, and technologies & empowers the organization to better fight the incident as well as limit potential risk. In addition, it ensures access to best-of-breed security solutions.

Scalability and Flexibility:
SOCaaS, like other solutions as a service, ensures better flexibility and adaptability. As business scenarios evolve, SOCaaS ensures teams and services may easily be scaled up or down based on the organisation’s requirements. However, scalability is usually difficult in a tight-bound model as human resources– are finite and generally cannot be scaled up quickly as the need arises.

Lower cost than on-premises SOC:
SOCaaS can prove to be more cost-effective than deploying and operating an on-premises SOC. Expenditures associated with talent management, tool licenses, equipment, hardware, and software, are shared by multiple customers on the service provider’s side. This brings down the overall cost for each subscriber. SOCaaS pricing models have also evolved as Pay-as-you-go with a specific lock-in period meaning that subscriber only pays for the services they consume.

Resource optimization:
Increased exposure of an organisation’s sensitive information and critical assets to the web makes them prone to more serious economic, reputational & compliance damages. This situation has pushed a higher demand for highly proficient security engineers and analysts within the labor market.

SOCaaS helps solve the challenge of acquiring and maintaining workforce availability as the service provider ensures that the SOC is always staffed with able manpower. It also reduces the pressure of mundane tasks on an organization’s internal IT team to focus on other tasks.

What is Federated Learning?

Niharika — Mon, 20 Feb 2023 11:31:45 +0000

Federated Learning is a machine learning technique that enables data models to obtain experience from different data sets located in different sites (e.g. local data centres, a central server) without sharing the training data. Federated Learning, thus, allows personal data to remain on local sites, reducing the possibility of personal data breaches. It is a decentralised form of machine learning. Google introduced this concept in 2016 in a paper titled, ‘Communication Efficient Learning of Deep Networks from Decentralized Data. This and another research paper titled ‘Federated Optimization: Distributed Machine Learning for On-Device Intelligence.’ provided the first definition of Federated Learning.

Then, in 2017, Google, in a blog post, ‘Federated Learning: Collaborative Machine Learning without Centralized Training Data,’ explained in detail the nuances of this technique.

Need for Federated Learning

Most algorithm-based solutions today- spam filters, chatbots, recommendation tools, etc.- actively use artificial intelligence to solve modern world solutions. These are based on learning from data — Heaps of training data fed as input for the algorithm to learn and make decisions.

Many of these applications were trained on data available in one place. Unfortunately, gathering all the data at one location is practically impossible in today’s world of myriad applications. Getting data at a single site also brings an additional overhead of sharing the data via secure paths in such vulnerable times. However, today’s Artificial Intelligence is shifting towards adopting a decentralized approach. The new-age AI models are being trained collaboratively on edge or at the source, with data from cell phones, laptops, private servers, etc. This evolved form of Artificial Intelligence (AI) training is called federated learning, and it’s becoming the standard for meeting a raft of new regulations for handling and storing private data. By processing data at the edge, federated learning offers a way to capture raw data streaming from sensors on various touch points such as satellites, machines, servers, and many smart devices.

The Federated Learning Market

According to Research and Markets, the Global Federated Learning Market size is expected to reach $198.7 million by 2028, rising at a market growth of 11.1% CAGR during the forecast period. The growing need for improved data protection and privacy and the increasing requirement to adapt data in real-time to optimize conversions automatically are driving the advancement of the federated learning solutions market. Moreover, by retaining data on devices, these solutions assist organizations in leveraging machine learning models, boosting the federated learning market forward.

How does Federated Learning Work?

Federated learning allows AI algorithms to gain experience from a vast range of data located at different sites. The approach enables several organizations to collaborate on developing models without directly sharing sensitive clinical data.

The Federated Learning process has two steps: Training and Inference.

Training:
The local machine learning models are initially trained on local heterogeneous datasets and create local training datasets in each user’s device. The parameters of the models are exchanged between local data centres periodically. Usually, these parameters are encrypted before exchanging, improving data protection and cybersecurity.

After a shared global model is built, the characteristics of the global model are shared with local data centres to integrate the global model into their ML local models. The global model will combine the learning from the local models and, as a result, get a holistic view.

Inference:
In inference, the model is stored on the user’s device. Thus, predictions are quickly prepared using the model on the user device.

Use-cases of Federated Learning

Federated learning methods are critical in supporting privacy-sensitive applications where the training data is distributed at the network edge. The models that come out of this are trained on various data, all without compromising privacy.

Some of the use cases of Federated Learning are:

1. Mobile/Smartphone Applications:
One of the initial applications of federated learning involves building models based on user behaviour from smartphone usage, such as for next typed-word prediction, face detection to unlock phones, voice recognition, etc. Google uses federated learning to improve on-device machine learning models like “Hey Google” in Google Assistant, which allows users to issue voice commands.

2. Quality Inspection in Manufacturing Sector:
The introduction of federated learning is advantageous for enterprises, manufacturing organizations and research institutions to collaborate on applications such as quality inspection, anomaly detection, object detection, etc. Use cases where the error/faulty images in the production line are few in number and also fewer in variety; using federation learning, multiple parties can collaborate to train a robust quality inspection model for similar products or use cases.

3. Healthcare:
Hospitals deal with a humongous amount of patient data for predictive healthcare applications. They must operate under strict privacy laws and practices, and any slip may bring legal, administrative, or ethical challenges. Federated learning serves as a solution for such kind of applications that require data to remain local. It effectively reduces the strain on the network and enables private learning between various devices/organizations.

4. Autonomous Vehicles:
Federated learning makes real-time predictions possible, which is one of the USPs for developing autonomous cars. Information such as real-time updates on the road and traffic conditions faster decision-making. This can provide a better and safer self-driving car experience. Research, Real-time End-to-end federated learning: An automotive case study has proved that federated learning can reduce training time in wheel steering angle prediction in self-driving vehicles.

5. Federated Learning for Security and Communications:
Privacy preservation, safe multiparty processing, and cryptography are some confidentiality technologies that can be utilized to improve the data protection possibilities of federated learning. An IEEE Study introduces Federated Learning-based distributed learning architecture in 6G. In this architecture, many decentralized devices associated with different services can collaboratively train a shared global model (e.g., anomaly detection, recommendation system, next-word prediction, etc.) by using locally collected datasets.

6. Federated Learning in Wireless Networks:
Federated Learning can handle resource allocation, signal detection, and user behaviour prediction problems in future 6G networks. FL algorithms can address various resource management problems, such as distributed power control for multi-cell networks, joint user association and beamforming design, & dynamic user clustering. Users’ quality-of-service (QoS) can be predicted using FL, where each BS uses the FL algorithm based on some stored information. All BSs transmit the FL model results to a server to obtain a unified FL model. FL algorithms can be utilized to automatically design the BS codebooks and decoding strategy of users to minimize the bit error rate.

(Read: Machine Learning Based Network Traffic Anomaly Detection)

Challenges in Federated Learning

1. Systems Heterogeneity:
A network consists of different devices, and the storage, computational, and communication capabilities of each device in federated networks may differ due to heterogeneity in hardware (CPU, memory), network connectivity, and power (battery level).

2. Statistical Heterogeneity:
Devices generate and collect data in a non-identically distributed manner across the network. This data generation paradigm will not be aligned with frequently-used Independent and Identically Distributed Data (IID) distribution.

3. Security:
Any Malicious user can add a security threat by Poisoning. Poisoning comes in two forms:

• Data Poisoning: During a Federated training process, several devices can participate by contributing their on-device training data. Here, it is challenging to detect & prevent malicious devices from sending fake data to poison the training process. This process poisons the model.

• Model Poisoning: In this form, malicious clients modify the received model by tampering with its parameters before sending it back to the central server for aggregation. As a result, the global model is severely poisoned with invalid gradients during the aggregation process.

Conclusion:

Federated learning is facilitating the evolution of ML approaches within businesses. Organizations are pushing efforts towards a thorough investigation of federated learning. Using FL, companies may reinforce to re-look at their existing algorithms and improve their AI applications. A challenge that may risk the adoption of this technology is “trust”. Researchers are looking at multiple ways and incentives to discourage parties from contributing phoney data to sabotage the model or dummy data to reap the model’s benefits without putting their data at risk.

Transforming Guest Loyalty in Hospitality with Passpoint

Niharika — Tue, 03 Jan 2023 09:13:58 +0000

Driving guest loyalty has always been a complex playground for hospitality brands. Creating personalized services, using technology to engage and interact, implementing a tiered-based approach or ensuring safety, etc., brands continue to foray into such measures and try to use them in different ways to turn guests into loyal returning customers. As studies have shown, customer retention has a significant impact on profits as compared to acquiring new customers, which states that Increasing customer retention rates by 5% increases profits by 25% to 95%. That is why brands have long competed to speed up loyalty enrolments by ensuring the best stay experience.

But what indicates guest loyalty?

For hotels, it is when customers provide repeat business to them, either through rebooking at a specific brand location or choosing to stay at other chain locations of the same or partner brand. Simply put, a loyal guest will continue to choose one hotel location or its chain over other available options. This often occurs irrespective of higher prices since customers will not hesitate to spend a bit more on assurance of the highest quality of stay.
A returning guest will go to the extent of being a social media promoter on various digital channels, creating more potential loyal guests for the future.
Hospitality technology solutions have played an influential role in enhancing guest satisfaction and, subsequently, guest loyalty which automatically drives revenue opportunities. Placing investments in experience and management technologies proves to be an effective way to provide an exceptional experience during and after a guest arrives at a brand’s destination.

Can Wi-Fi be a guest loyalty enabler?

While services and amenities play an important role in strengthening a brand’s loyalty program, Wi-Fi continues to be on top of the guest list of requirements, where it is often noticed that the first thing most of them do upon arrival is to look for a Wi-Fi connection. As the need of modern guests to always stay connected increases, it points toward a great platform that can be built on top of Wi-Fi and leveraged by brands to enhance their loyalty programs.
A great Wi-Fi experience for your guests generates an opportunity to add millions to the top line, steers brand loyalty, and reduces your loyalty acquisition cost.
Ensuring guests have an ‘always-on’ Wi-Fi service will become a key to enabling a superior quality guest experience. But continuing the traditional method of asking the guests to enter their email address or phone number every time they intend to use the Wi-Fi on every visit introduces unwarranted barriers that can damage the guest experience.
More often, a hotel’s Wi-Fi security might lack basic features, favouring convenience for guests over providing secure Wi-Fi access. It puts guests, especially business customers, at risk since it allows malicious actors to compromise the guest’s device and then access the business network of the guest’s employer. Attackers may target hotels to get records of guest names, personal information, and even credit card numbers.

Driving Guest Loyalty & Security with Passpoint

Passpoint upgrades the existing Wi-Fi infrastructure and services deployed at hotels. It enables guests, along with the staff, to connect with minimum friction and with added security via encryption. It removes the friction and frustration of asking your guests to log in each time and takes them closer to a seamless Wi-Fi journey that increases satisfaction and drives loyalty.
With Passpoint, hotels can unlock seamless, secure connectivity on the network and automatically connect their guests at every brand property without asking them to re-enter credentials for authentication every time they visit any of the properties. Additionally, through roaming agreements in place, devices can auto-connect to other places during a guest journey, like meeting rooms, coffee shops, restaurants, and more.
This opens up avenues for hoteliers and the associated businesses to build services around the connected guests. It also brings a solution to the long-standing battle for hotels of not having a standard for secure Wi-Fi access by introducing enterprise-grade security (a.k.a WPA2/WPA3) to the network.Passpoint upgrades the existing Wi-Fi infrastructure and services deployed at hotels. It enables guests, along with the staff, to connect with minimum friction and with added security via encryption. It removes the friction and frustration of asking your guests to log in each time and takes them closer to a seamless Wi-Fi journey that increases satisfaction and drives loyalty.
With Passpoint, hotels can unlock seamless, secure connectivity on the network and automatically connect their guests at every brand property without asking them to re-enter credentials for authentication every time they visit any of the properties. Additionally, through roaming agreements in place, devices can auto-connect to other places during a guest journey, like meeting rooms, coffee shops, restaurants, and more.
This opens up avenues for hoteliers and the associated businesses to build services around the connected guests. It also brings a solution to the long-standing battle for hotels of not having a standard for secure Wi-Fi access by introducing enterprise-grade security (a.k.a WPA2/WPA3) to the network.

Next Generation Hotspot powered by Passpoint

HSC’s Next Generation Hotspot (NGH) has leveraged Passpoint to transform the way how guests experience the Wi-Fi service during their stay. Hotels have leveraged the NGH solution so that guests enjoy a consistent branded Wi-Fi experience, regardless of the service provider or the underlying network infrastructure.
Similar to the principles of a cellular journey, NGH securely authenticates a guest with a certificate on their mobile phone, which the guests download during their first visit, and enables an experience of how a device is recognized as it moves from one location to another. It keeps the guests connected to the wi-fi, no matter whichever brand’s location they visit.
For the hotels, it allows them to identify the guests’ devices and locations and build their digital guest journey around this information. By allowing guests to connect to Wi-Fi with a single guest profile, brands can deliver digital and real-time service based on actual data. NGH eliminates the reliance on MAC addresses for guest recognition and authentication, thus, providing a future-proof solution for the upcoming MAC randomization threats.
Moreover, businesses always look to achieve additional revenues through loyalty programs. Apart from establishing a new connectivity experience that focuses on the massive adoption of a hotel’s loyalty program, NGH differentiates itself by empowering them to push location-based advertisements to guests, creating a new engagement channel that extends the reach of its advertising without having to install any application on guests’ devices. NGH also includes rich presence and location analytics, which give brands full control to trigger location or event-specific guest interactions like rewards or special offers.

As one of the pioneers in providing Wi-Fi-based solutions to hospitality and other enterprises, HSC believes Hospitality brands need to have a strategic approach to deliver the best Wi-Fi experience to guests and make it part of the journey towards driving loyalty. Wi-Fi is a business asset rather than a mere IT consideration. Introducing Passpoint into your existing Wi-Fi service can result in the creation of a cost-effective and incredibly successful loyalty acquisition channel that drives additional revenue.

Cryptography & Challenges posed by Quantum Computers

Niharika — Thu, 15 Dec 2022 13:06:15 +0000

Abstract

Most of the security protocols today employ a combination of symmetric key encryption and asymmetric key encryption. Asymmetric key algorithms are computationally expensive but provide ease of use since their public keys can be easily distributed. Symmetric key algorithms are many times faster than asymmetric key algorithms. However, it is a challenge to distribute symmetric keys among participants. Security protocol designers usually combine both types of algorithms and use symmetric algorithms for data encryption and asymmetric key algorithms for establishing shared secrets (symmetric key). The public key of the asymmetric keys pair is currently shared using public key infrastructure (PKI).
Quantum computers can break most of the asymmetric key algorithms but cannot break symmetric key algorithms with larger key size. Researchers are working on quantum secure methods for exchanging/establishing symmetric keys so that these can replace the existing PKI infrastructure that has become vulnerable to attack using quantum computers. One group of these methods utilize quantum physics principles for establishing key and are called the Quantum Key Distribution method (QKD). These require a new physical channel and quantum physics-based secure mechanism to distribute the large symmetric keys among communicating parties. Another group of methods depends on mathematical problems that are difficult even for quantum computers, these methods are called Post Quantum Cryptography (PQC).

What is Cryptography?

Cryptography is the art and science of protecting information by writing it secretly, which prevents third parties or the public from reading sensitive information. The process of scrambling the information to make it unreadable is called Encryption, and this scrambled information is called cipher text. The decryption process converts scrambled information to the original form or plain text. Cryptography helps maintain the confidentiality and integrity of important information and has various usages spanning multiple domains.

Symmetric key cryptography:

“Symmetric key” cryptography and “public key” cryptography are two categories of cryptography. Here “key” refers to the information known to parties involved and is used to encrypt/decrypt information.
Symmetric key cryptography uses the same key to encrypt information and decrypt information. One of the challenges of symmetric key cryptography is securely communicating the key to all the concerned parties without divulging it to adversaries. Some popular symmetric key cryptography algorithms are AES, DES, and IDEA.

Asymmetric key cryptography:

Instead of using one key, asymmetric key cryptography or public-key cryptography (PKC) uses a key pair. One of the keys of this key pair is called the public key. The public key can be known to everyone and is used to encrypt the information. Another key of the key pair is called the private key. The private key is kept secret and used for decryption. Asymmetric key cryptography allows anyone holding the public key to encrypt the information. However, only the person with the secret private key can decrypt it. Digital signatures schemes (DSA), end-to-end E-Mail encryptions (OpenPGP), secure transport layer protocol (SSL), and many other security protocols use Asymmetric key cryptography. Some asymmetric key cryptography algorithms are RSA, Diffie-Hellman, and ECC.
Public and Private Keys used in PKC algorithms are mathematically related, which means that the security of PKC hinges on the difficulty of solving complex mathematical problems to derive one key from another. All PKC algorithms depend on the complexity of solving complicated mathematical problems using conventional computers. Some of these complex problems used in cryptography are prime factorization of large numbers or solving discrete logarithm problems. One of the most popular and widely used cryptographic algorithms, RSA, is based on prime factorization. Diffie-Hellman and ECC algorithms depend on solving discrete logarithm problems.
PKC algorithms with a decent key size are considered secure for conventional computers. It is not possible or is very time/resource-consuming for classical computers to be able to solve the mathematical problems that form the basis of these PKC algorithms. All this will change with the advent of quantum computing.

Quantum Computers

Noted physicist Feynman conceptualized the idea of using the effects of quantum mechanics in a computer. In contrast to bits of the conventional computer that can take 0 or 1 values, fundamental blocks of quantum computer qubits can exist in 0, 1, or simultaneously in both states. Phenomena of qubits entanglement result in a tremendous increase in the possibility of parallel processing. An n-qubit quantum computer can process 2n operations in parallel. Several companies have been working on building quantum computers. IBM Quantum System One is a 27-qubit computer, and Intel has 49 qubit processors; however, Quantum computers are so far not available for wide usage.
Quantum computers threaten cryptographic algorithms because they can perform many times more parallel operations than conventional computers. Quantum computers can break PKC by solving complex mathematical problems or break symmetric key cryptography by exhaustively searching for all possible secret keys.

How Quantum Computers are a Threat to Cryptography?

Mathematician Peter Shor published a Quantum computers algorithm for large integer prime factorization and discrete logarithm problems. Shor’s algorithm makes it possible to break widely used RSA, Diffie-Hellman, and ECC algorithms using quantum computers. Shor’s algorithm would require a 1000-qubit computer to break 160-bit ECC and a 2000-qubit computer to break 1024-bit RSA. Quantum computers with this kind of processing power do not exist today. However, they may become available in the future. There are reports that hackers have been collecting encrypted data with the hope that, in the future, they will be able to decrypt it using quantum computers and make monetary and political gains out of it.

Indian-origin Computer scientist Lov Grover developed a Quantum computer algorithm for searching unsorted databases. Grover’s algorithm requires √N operations to search N entries, while conventional computers require N/2 operations to search N entries. For keys of smaller size, Grover’s algorithm can break the symmetric key algorithm DES.
Grover’s algorithm can exhaustively search for keys of symmetric-key algorithms. However, the number of operations needed to perform search increases exponentially with an increase in key size. The security offered by Symmetric key Algorithms like DES and AES improves with an increase in key size. AES algorithm with a key of 256 bits is considered safe from quantum computers.

(Source: NISTIR 8105 Report on Post-Quantum Cryptography)

The Way Forward:

From the above discussion, it is clear that symmetric key cryptography will be secure even when quantum computers with thousands of qubits become available. However, new protocols shall be required to securely distribute shared keys since the current PKC-based shared key establishment mechanism will not withstand quantum computers.
Currently, two types of techniques are in development for secure key distribution. The first type of technique depends on computational problems that are difficult even for quantum computers and are called post-quantum cryptography. The second type of technique depends on the laws of quantum physics and is called Quantum key distribution.

Quantum Key Distribution

Quantum key distribution (QKD) methods allow the secure exchange of shared keys between two participants over an insecure channel. Laws of physics (characteristics of quantum mechanics) guarantee the security of key distribution, so an increase in computing power cannot break this security.
In QKD, the information that needs to be exchanged is encoded as quantum states of light. Following Quantum physics concepts form the basis of the security of QKD:

Heisenberg’s uncertainty principle implies that the act of measuring an unknown quantum state modifies the state. So, if an eavesdropper measures the data(qubit) during transmission, the value of the data(qubit) will change.
It is physically impossible to make a perfect copy of an unknown quantum state, so an eavesdropper can’t copy a bit stream and measure it later.
Properties of quantum entanglement limit the information that third parties may obtain.

Quantum key distribution uses two communication channels, one channel can be an insecure authenticated public channel, and the second channel needs to be a quantum communication channel. The sender uses a light source to send a stream of photons through the quantum channel. Each one of these photons represents a bit of information. Before sending each photon, the sender randomly chooses the measurement basis for the photon and records both the measurement basis and the value of the bit. The receiver also randomly chooses one of the two measurement basis and records both the selected basic and measured values. After transferring all the bits, the sender and receiver exchange the measurement basis used to measure each bit. Since both sender and receiver randomly selected measurement basis, it will be the same for some of the bits. The value of the bits for which the sender and receiver used the same measurement basis forms the shared secret key. Since only measurement basis is exchanged on the unsecured channel and not the actual measurement, the sender and receiver can construct the key; however, the eavesdropper can’t.

Post Quantum Cryptography

Post Quantum Cryptography (PQC) algorithms consist of mathematical problems that are considered difficult for conventional computers, as well as for quantum computers. Some of the methods that fall under PQC methods are code-based cryptography, Multivariate based cryptography, and Lattice-based cryptography. In 2016 NIST launched the Post Quantum Cryptography project, which aims to standardize a few Quantum resistant cryptography systems. In 2016 NIST floated a request for submission for PQC algorithms. The evaluation process for PQC started with 69 algorithms. After round 3 of evaluation in July 2020, NIST has narrowed it down to four key exchange algorithms and three digital signature algorithms. On July 5, 2022, NIST declared that they have selected the CRYSTALS-Kyber KEM algorithm and 3 digital signature algorithms for standardization. These OQS implementations can help in prototyping Quantum resistant cryptography.

HSC is currently working on projects where PQC algorithms are being used to safeguard VPN and E-Mail products. Our team has also worked on the implementation of the QKD post-processing algorithm. If you are interested in this technology and its applications then let us connect!

An Introduction to DevSecOps

Niharika — Wed, 23 Nov 2022 08:48:16 +0000

Introduction

Let’s begin with DevOps first.

DevOps is an amalgamation of cultural and technical philosophies of software development, quality assurance, and IT operations united into a single system managed centrally. The overarching purpose of having a DevOps philosophy is to increase the speed at which applications and support services are delivered. At the same time, DevOps emphatically negates the bimodal notion that speed and stability are mutually exclusive and instead reinstates the concept that speed depends upon stability.
To realize the complete advantage of the agility of a DevOps approach, IT security must also play an integrated role in the entire application development life cycle. Therefore, a DevOps framework demands security as a shared integrated responsibility end-to-end. This is where “DevSecOps” comes into the picture to accentuate the need to inculcate a security foundation into DevOps initiatives.

What is DevSecOps?

DevSecOps, short for Development, Security and Operations, integrates security at every phase of the SDLC, enabling the development of robust and secure applications at the speed of Agile and DevOps. DevSecOps is about built-in security, not security that functions as a perimeter around apps and data.
In the past, organizations included security features within the developed code towards the end of SDLC and were noted by a separate team. However, with the evolution of SDLC and multiple software releases in a year, it became operationally impossible to follow the old approach. With software developers adopting Agile and DevOps practices, the SDLC now ranges from weeks to days, and the traditional reactive approach to security has become obsolete.
DevSecOps addresses security issues as they arise- at the stage where they are easy to identify and tackle, i.e., before the software gets into the production stage. Thus, DevSecOps makes security a shared responsibility of the development, security, and IT operations teams rather than the sole responsibility of a security team.

DevSecOps Market Size

According to a report by Grandview Research, the global DevSecOps market size was valued at USD 2.79 billion in 2020 and is expected to expand at a compound annual growth rate (CAGR) of 24.1% from 2021 to 2028. In addition, the continued rise in the number of businesses and applications migrating to the cloud, 5G rollouts, and Internet of Things deployments are also expected to favour the growth of the development, security, and operation (DevSecOps) market.

According to Markets & Markets, APAC is estimated to account for the largest DevSecOps market size during the forecast period.
The APAC region is expected to offer extensive growth opportunities for the market during the forecast period. Rapid advancements in cloud computing, IT infrastructure services, and the Internet of Things (IoT) have led many organizations to adopt DevSecOps solutions and services.

Best Practices for DevSecOps Implementation

DevSecOps brings cybersecurity processes into the SDLC from the very start. Throughout the development cycle, the software code is reviewed, audited, and tested for security issues that are addressed soon after identification.

Some of the industry-advocated best practices in the DevSecOps are:

Shift-Left:
‘Shift-Left’ approach encourages software engineers to move security from the right (end) to the left (beginning) of the DevOps (delivery) process. Shifting left allows the team to identify security risks and vulnerabilities early in the SDLC & address them immediately. This helps the development team to build the product efficiently & inculcate security features as they build it.
Security Education, Awareness & Ownership:
The philosophy “security is everyone’s responsibility” should be a part of an organization’s culture. An alliance between the development, operations and compliance teams ensures that everyone in the organization understands the company’s security posture and adheres to the same standards.
Fostering Cultural Change:
The leaders within an organization should promote change & allocate security responsibilities and product ownership. When both developers and security teams become process owners and take responsibility for their work, it fosters collaboration and cultural changes towards DevSecOps initiatives.
Traceability, Auditability, and Visibility:
IBM suggests implementing traceability, audits, and visibility in a DevSecOps process to create a more secure environment:

– Traceability: To track configuration items across the SDLC to locate where requirements are implemented in the code. It helps achieve compliance, track & reduce bugs, ensure secure code in application development, and support code maintainability.

– Auditability: For ensuring technical, procedural, and administrative security controls for compliance. The processes need to be auditable, well-documented and adhered to by all team members.

– Visibility: Visibility ensures that the organization has a robust monitoring system to monitor operations, send alerts, communicate changes, deal with vulnerabilities as they hit, and provide accountability.

Benefits of DevSecOps

The DevSecOps approach brings with it a multitude of benefits. Some of them are:

Robust Application Security: DevSecOps promises a proactive approach to mitigate security threats early in the SDLC. Development teams can rely on automated security tools to test software code, and perform security audits and time-ensured development cycles. When vulnerabilities are exposed, the security and development teams work collaboratively at the code level to address the problem.
Collaboration & Ownership: DevSecOps practices bring the development teams and application security teams to work alongside each other in the development process, thus building a collaborative cross-team approach rather than in silos.
Streamlined Application Delivery: Since security is embedded earlier in the development lifecycle and the critical security processes are automated in the DevSecOps approach, the code delivery is streamlined and meets compliance terms. This ensures quicker software development life cycles.
Limit Security Vulnerabilities: Automating security processes early in the development stage helps to better identify, manage, and patch vulnerabilities and exposures. Introducing security measures to mitigate risk & provide insight helps teams to remediate and react quickly when issues are discovered.
Quick & Cost-effective Software Delivery: When code is developed in a non-DevSecOps environment, security issues can lead to substantial time delays & prove to be expensive. The rapid, secure delivery of DevSecOps saves time and reduces costs by minimizing the need to repeat a process to address security issues. In addition, integrated security eliminates the need for reviews and rebuilds, resulting in more secure code.
Ease of scalability: Implementing tuned and developed DevSecOps tools and processes eliminates the need for manual replication and compute resources. DevSecOps makes it easy to scale systems and processes upward or downward because of automation.

DevSecOps adoption is on the rise, though still emerging as a best practice for developing secure, high-quality code. As DevSecOps practices pick up, the industry is seeing many parallel and facilitating technology trends which would contribute towards the growth of DevSecOps adoption. From Infrastructure as a Code (IaaC), AIOps & GitOps, Serverless Architecture and Kubernetes infrastructure, these technologies will help organizations innovate faster without sacrificing security and product quality, & enable collaboration between teams, and automate processes that ensure quality control.