da Agency

Google Cloud IAM for AWS users

By Rae Wang, Product Manager

Many businesses want to use multiple cloud providers as part of their IT strategy. This allows them to leverage unique services from different cloud vendors and protect app availability in disaster and recovery scenarios. However, running across multiple providers requires more sophisticated planning and management, for example, managing the different Identity and Access Management (IAM) policies from their providers. Setting the right IAM policies is key to securing your resources and data on the different platforms.

If you have experience with Amazon Web Services (AWS) IAM, we recently published a guide on how to think about IAM policies on Google Cloud Platform (GCP). The two platforms offer different frameworks for resources and policies. It’s important to understand these concepts during planning, as it may not be possible to translate directly from a feature in one service to a feature in the other.

One key concept in Google Cloud IAM is policy inheritance. GCP resources can be organized into hierarchies with projects, folders and organizations. Policies are inherited down the hierarchy. For example, if you’re granted the “log viewer” role in an organization, you’ll automatically be able to read logs in projects and resources created under that organization. When using GCP IAM, you’ll want to leverage this capability by planning the hierarchies you create to map to your company and team structures. This will allow for simpler policy management.

AWS policies used to be managed at the granularity of individual resources. Recently with the addition of AWS Organization, you can start to apply the same hierarchical model to AWS resources as well. A remaining difference is the concept of a GCP Project, which is a resource encapsulation that creates a trust boundary for a team, an app or a development environment.

Another difference with AWS is how GCP uses IAM roles to provide groups of permissions that map to meaningful aspects of people’s job functions. These roles allow you to grant the same access to different resources without having to list all the permissions every time, which makes your policies simpler to read and understand. GCP provides many pre-defined roles and will soon support custom roles.

The guide discusses these concepts in detail, and also compares GCP and AWS IAM capabilities in other areas, such as identity management and automation. We hope it helps you manage policies and permissions across multiple providers.

Quelle: Google Cloud Platform

da Agency

Scalable Telemetry Based Multiclass Predictive Maintenance Model

I recently presented Building a Scalable Telemetry Based Multiclass Predictive Maintenance Model in R at the ICDSE conference. This conference was inter-disciplinary where the attendees were primarily from academia and shared their scholarly research and innovation. Due to the nature of the conference, the focus was on the methodology used to solve their domain-specific problem rather than the tooling needed to solve a large-scale problem.     

My talk at the conference was focused on outlining how a user or an organization would build a Scalable Telemetry based Predictive Maintenance Model. To set the context, I described how we routinely come across IoT devices with sensors embedded all around us, which collect a lot of telemetry data over time. Then the natural next question was on how this data can be used to address business questions like, "When is my device going to fail?" Some tips on how the raw sensor data can be enhanced with additional machine related data and how to formulate and build a reasonable ML model were briefly discussed during the talk.

Finally, typical scenarios for an on-premise and cloud based solution was outlined with focus on SQL Server R Services and Azure Machine Learning Studio, as well as jupyter notebooks as example tools to develop and operationalize these models. To accompany my oral presentation, I wrote a short paper which describes the methodology in more detail. The audience was intrigued with the solution and hoped to use such a similar technique for the healthcare domain.  
Quelle: Azure

da Agency

Azure making IoT compliance easy

I am excited to announce the release of a whitepaper which emphasizes Microsoft’s leadership in customer advocacy, privacy protection, and unique data residency commitments.  Moreover, the heart of this whitepaper is compliance in relationship to the Internet of Things (IoT); an exploding industry and ever-present technology in our society.

At Microsoft, developing secure software is part of our DNA, rooted in decades of experience in developing secure software. This new whitepaper brings that experience to bear on how to think of an IoT solution. Compliance and privacy officers can download this paper (Microsoft Azure and Data Compliance in the context of the Internet of Things (IoT)) for guidance on how to use the capabilities built into the Azure IoT platform to achieve their governance goals. The paper describes how Microsoft addresses key security, privacy, and compliance principles in Azure, breaks down Azure’s IoT features, and provides recommendations for how customers can achieve a high level of security and data compliance in their IoT environment.

Microsoft’s IoT offering (a.k.a. Azure IoT Suite) is an enterprise-grade set of services that enable customers to build and deploy an IoT solution quickly.  Advanced topics include data residency, encryption, and auditing.

Producing high quality guidance like this is part of our drive to ensure we are providing the best cloud technology for customers, while ensuring that it’s easy to use by both technologists and business stakeholders alike. 

You can find this Azure whitepaper as well as other useful guidance on the Microsoft Trust Center.
Quelle: Azure