da Agency

Keep your users safe with reCAPTCHA Enterprise

Globally, organizations across industries have been working to expand their online footprint to continue doing business. Whether it’s to help more workers safely do their job from home, to help customers interact with them more efficiently, or other reasons, this sudden shift has put a strain on IT teams, in particular. Cybercriminals are also taking advantage of current events to attempt and reframe malicious activities.reCAPTCHA Enterprise—which we made generally available earlier this year as a service for Google Cloud—can help protect your website from fraudulent activity, spam, and abuse. Today we’ll discuss how it can detect some of the most common web-based attacks and reduce your end users’ and business’ exposure to risk. How it worksreCAPTCHA Enterprise is a frictionless fraud detection service that leverages our experience from more than a decade of defending the internet and data for our network of four million sites. It can be installed on any web page at the point of action—whether it’s login verification, on the purchase page, or at account creation—to help detect and prevent fraud. Meanwhile, legitimate users will be able to login, make purchases, view pages, and create accounts and fake users will be blocked.At its core, reCAPTCHA Enterprise works by using advanced risk analysis strategies to tell humans and bots apart. It provides security teams with several features, including extra granular risk scores, reason codes for high-risk scores, and the ability to tune the risk analysis engine to your site’s specific needs. For example, any action can have a fraud risk score attached to it which can inform your team of suspicious activity.Using the reCAPTCHA Enterprise adaptive risk analysis engine, your countermeasures will stop bots and other automated attacks while approving valid users. Let’s take a look at some of the attacks reCAPTCHA can help stop.  Account Takeovers (ATOs) and Hijacking: This attack is when a bad actor uses a stolen or leaked credential to login and take over a legitimate user’s account. With the recent rise in credential losses, these attacks are rapidly rising to become the top threat. The correct password is no longer a sufficient form of authentication; it must be paired with a secondary layer of security.Fraudulent Transactions: Fraudsters use fake or stolen credit cards to make purchases online, which can often result in a chargeback or involvement with law enforcement. This not only costs your business time and money, but it also provides an avenue for organized crime to use their credit card databases on your site. Scraping: Companies in a variety of industries, including ecommerce, travel, social media, and news, rely on proprietary content as their primary differentiation. Less reputable organizations will often employ bots to steal this content, either for republishing or to gather competitive intelligence.Synthetic Accounts: All manner of fraud on marketplace, ecommerce, and social media sites starts with the creation of a synthetic account. This account can then be leveraged by fraudsters to commit a range of activities from abuse, to spreading misinformation, to creating false listings. To see reCAPTCHA Enterprise in action, watch our video below.To learn more about the different types of attacks reCAPTCHA can help prevent, visit our documentation. To get started with reCAPTCHA today, contact sales.
Quelle: Google Cloud Platform

da Agency

Anthos in depth: Modern application development and delivery

“Keep calm and carry on.” While the words may resonate with the public, carrying on with business as usual these days is not an option for most enterprises—especially not application development and delivery teams. And to the 71% of CIOs who recently cited “improved agility and faster time to market” as top priorities for their businesses, today, we’re going to talk about how Anthos can help you improve application development and delivery in your organization. Traditionally, application development and delivery has been affected by several shortcomings, which slow your time to market: Siloed application operation teams and tools—one for on-prem and one for each of your cloud environmentsInfrequent rollouts with long lead times that increase risk and complexity of each production deploymentReliability and security issues that don’t get caught during developmentLack of scalability, observability, and governance as you add more applications, teams, and updatesPrinciples for fast, secure, and reliable CI/CDAdopting containerization and a consistent, policy-based platform like Anthos can help you create more secure and reliable applications faster, with more features, so you can stay ahead in a rapidly changing world. But just because you now drive your old sedan on a racetrack doesn’t mean it goes any faster. Likewise, keeping the same old application development and delivery tools and methodologies after adopting Anthos won’t materially change your application development speed.Over the years, Google has worked to build services that operate at tremendous scale. In that time we developed principles for application development and delivery and worked to bring you concepts like SRE and innovations like Kubernetes. With Anthos, you have access to application development and delivery tools that work across on-prem and cloud environments. These tools deliver a number of benefits:Automated build, test, and deployContinuous integration (CI) and continuous delivery (CD) lets you remove the constraints of traditional software delivery cycles and move to an on-demand model. Your application operators can push new code to users quickly by using fully-managed tools that enable easy scaling, maintenance, and updates. We provide guidance for these methodologies that integrate with your current tools: source control, artifact repositories, and issue management, both on-prem and in your multi-cloud environments. Policy-based securitySecurity should be based on policies that are managed centrally and enforced by automated tools. Anthos simplifies the implementation of this principle by creating a common management layer across all of your environments. Anthos Config Management enforces security and governance policies across those environments. Policies can be added or updated with a simplified workflow that does not require code changes. Anthos also includes technologies like Binary Authorization to help you secure your software supply chain, ensuring that the code you built is the code you deploy. With policy-based security, developers can focus on building products and features, not updating code for ever changing governance and compliance standards.Proactive reliability testingCI/CD lets you focus on issue prevention during development and test, rather than having to mitigate problems in production (otherwise known as a shift-left approach), with checks made by automation tools. Our approach to CI/CD supports automated rollouts and rollbacks, and thanks to having a consistent Anthos platform, your test and development environments more closely resemble production so you can find compatibility issues before they make it to production.  CI/CD users and toolsWhen you think about the makeup of a modern CI/CD pipeline, consider three roles within your organization: developers, operators, and security administrators. Let’s take a look at the tools that are available to each and how they interact with each other:Developers can use a git repository for source code management that provides storage for application and configuration code and allows for review of code changes. They can also employ a continuous integration (CI) tool such as Gitlab. This service tests and validates source code, and builds artifacts (container images, for Kubernetes) that can be consumed in the deployment environment. Lastly your developers can use a container registry, which stores the artifacts (container images) built during CI.Operators can also use a git repository where they can store the instructions for how applications will be deployed. Working with a configuration management tool such as Kustomize or Anthos Config Management, they can package together the artifacts created by CI and the deployment instructions. This allows for the reusability and extension of configuration primitives or blueprints. Finally, operators can use a service for continuous delivery (CD), which defines the rollout process of code across environments, facilitates the process between staging and production, and provides easy rollback for failed changes.Security administrators utilize a git repository to store the policies that are applied to your infrastructure (clusters). They work with a policy management service, which is also provided by Anthos Config Management, to provide a mechanism to enforce policies on their clusters (for example: role-based access control, quotas, etc). These clusters can be managed using Anthos GKE to provide container orchestration, run the artifacts built during CI, and provide scaling, health checking and rollout methodologies for workloads. Administrators review and approve changes to policies before they are merged into production clusters.All of these tools are designed to work within your Anthos environment so you can incorporate other Anthos capabilities such as Anthos Service Mesh, which gives you deep visibility into your services and how they are functioning contributing to better resiliency. With an overview of modern CI/CD practices, let’s take a look at how this would be implemented in conjunction with Anthos.CI/CD in an Anthos deploymentFor reasons such as business continuity, regulatory compliance, scalability, proximity to development teams or customers, and more, your software development and delivery process will most likely take place across more than one environment, whether that’s on-prem and cloud, multiple regions, or even across multiple clouds. Let’s take a look at how you can use Anthos to implement CI/CD across two regions where the first region is used for development, testing, and production, and the second region is also used for production:In this example architecture, Anthos Config Management keeps your cluster states in sync and helps security admins ensure that all deployments by application operators adhere to org policies (1). Development clusters are provisioned with Anthos GKE for developers to work on their applications before they enter the deployment process (2). Anthos Service Mesh provides service management capabilities across all clusters in your environment so operators know where they can deploy applications (3). Artifact Registry stores the container images built during the CI phase (4). And finally, applications are deployed uniformly and consistently across all environments by application operators (5). This is how you can harness the power of Anthos to deploy code quickly to production environments anywhere.Partnering for more optionsPart of what makes Google Cloud successful is an ecosystem of partners. GitLab provides CI/CD tooling that is used by more than 100,000 organizations with an active community of more than 2,200 contributors. In the example above, we used GitLab’s CI service to facilitate the process between staging and production. This commitment to partners and open source is core to Google Cloud’s value of avoiding vendor lock in. “Enterprises all over the world use our CI/CD tools to transform and improve their application development and delivery. We’ve partnered with Anthos because it provides a flexible application modernization platform for creating and delivering secure apps across hybrid and multi-cloud environments.” – Brandon Jung, VP of Alliances at GitLabGetting startedThe need to innovate faster has seldom been more critical than it is today. If your organization needs to move faster and you’re interested in getting started with Anthos, please reach out to your account team or fill out this form.  We will set up time with you to discuss how Anthos can help your developers reduce the time they spend on non-coding activities by 23% to 38%1, improve the productivity of your operations teams by 40% to 55%1 and improve productivity for security tasks by 60% to 96%1.1. Total Economic Impact report
Quelle: Google Cloud Platform

da Agency

DockerCon LIVE 2020: Captains on Deck!

This is a guest post from Docker Captain Bret Fisher, a long-time DevOps sysadmin and speaker who teaches container skills with his popular Docker Mastery courses Docker Mastery, Kubernetes Mastery, Docker for Node.js, and Swarm Mastery, weekly YouTube Live shows. Bret also consults with companies adopting Docker. Join Bret and other Docker Captains at DockerCon LIVE 2020 on May 28th, where they’ll be live all day hanging out, answering questions and having fun. 

When Docker announced in December that it was continuing its DockerCon tradition, albeit virtually, I was super excited and disappointed at the same time. It may sound cliché but truly, my favorite part of attending conferences is seeing old friends and fellow Captains, meeting new people, making new friends, and seeing my students in real life. 

Can a virtual event live up to its in-person version? My friend Phil Estes was honest about his experience on Twitter and I agree… it’s not the same. Online events shouldn’t be one-way information dissemination. As attendees, we should be able to *do* something, not just watch.

Well, challenge accepted. We’ve been working hard for months to pull together a great event for you – and this was before #quarantinelife and knowing ALL events would go virtual this year. Honestly, the more we get into the planning for DockerCon LIVE, the more excited I get. The reach of a virtual event is much broader, and for many, this will be the first DockerCon they will attend.

DockerCon LIVE’s format is a 1-day online event with 3+ simultaneous streams for you to choose from, and it’s not all session talks. Best of all, it’s free for everyone. As of the time I’m writing this, there are more than 36,000 people signed up! 

As part of the jam-packed line-up, I’ll be hosting Captains On Deck, one of the three co-streaming Channels, where we’ll rotate Docker Captains — 2 per hour — and we’ll hang out, talk tech, and answer your questions real-time. At past DockerCons, Captains frequently hosted very popular Hallway Tracks, and we took what we loved about those events – meeting members of the community, talking shop, answering questions and having a lot of laughs. Captains on Deck was designed to virtualize that experience and make it last all day.

My friend and fellow Captain, Nirmal Mehta agrees. He said, “One thing I’m super looking forward to since it’s a virtual event, is connecting folks that would not have had a chance to speak or interact with the captains if it was a physical conference.”

One thing I can assure you… we’ll have fun! When you’re in the Captains On Deck channel, you’ll see us unscripted, and I’m hoping we’ll get to do some hacking, create some things, troubleshoot stuff, and learn a whole lot with you! It’ll be a similar format to my DevOps and Docker Talk YouTube Live show on Thursdays, except you’ll be driving the show from chat! Every hour we’ll rotate our guests on the stream and take your questions and requests. 

No IRL conference provides the kind of access to speakers and Captains like we’re able to do with DockerCon LIVE. Come join me and the Captains for a fun day of learning together. Hop around between the Captains’ channel and the other channels streaming simultaneously:

theCUBE, where you’ll experience live interviews with industry expert speakers

Sessions, where you can attend recorded sessions and chat live with the speakers.

Register for DockerCon and add the Captains on Deck to your calendar. See you on the 28th!
The post DockerCon LIVE 2020: Captains on Deck! appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/