Hermes Paketversand: Gericht verbietet zu hohe Kosten für Service-Rufnummmer
Der Paketversender Hermes hat vor Gericht verloren. Das Unternehmen hatte zu hohe Gebühren für Anrufe bei der Hotline erhoben. (Hermes, Verbraucherschutz)
Quelle: Golem
Circuitmess Spencer im Test: Der Sprachassistent für Bastler
Spencer ist eine kleine Box mit Lautsprecher, Display und Sprachassistenten. Wir haben ihn zusammengebaut und das spielerische Coding ausprobiert. Ein Test von Tobias Költzsch (C++, Spracherkennung)
Quelle: Golem
Anzeige: Microsoft-365-Einsatz in Firmen absichern
Die Cloud-Umgebung von Microsoft 365 birgt – bei aller Nutzerfreundlichkeit – eine Reihe von Sicherheitsrisiken. Im Online-Workshop der Golem Akademie lernen Admins, den Betrieb der Office-Suite wirkungsvoll abzusichern. (Golem Akademie, Microsoft)
Quelle: Golem
Quartalszahlen: Intels Server-Gewinn bricht weiter ein
Der Gesamtumsatz bleibt dank Desktop/Laptop-Verkäufen zwar stabil, die Xeon-Sparte von Intel weist aber einen fast gedrittelten Gewinn aus. (Intel, Prozessor)
Quelle: Golem
Apple-ID: Nutzer verklagt Apple wegen Sperrung seines Kontos
Matthew Price hat fast 25.000 US-Dollar für Content ausgegeben, an den er nach der Sperrung seines Apple-Kontos nicht mehr herankommt. (Apple, Verbraucherschutz)
Quelle: Golem
Automating ingest data processing with data pipelines
With the amount of data today growing ever faster—from sources ranging from device edge to offsite facilities and public and private clouds—organizations must somehow keep pace with that growth as they complete their digital-transformation journeys.
Quelle: CloudForms
Better protect your web apps and APIs against threats and fraud with Google Cloud
With web applications and public APIs becoming increasingly important to how organizations interface with their customers and partners, many are turning to dedicated tools that can help protect these assets. As research firm Gartner notes in its 2020 report “Defining Cloud Web Application and API Protection Services,” “By 2023, more than 30% of public-facing web applications will be protected by cloud web application and API protection (WAAP) services that combine DDoS protection, bot mitigation, API protection and web application firewalls (WAFs). This is an increase from fewer than 10% today.”1 Currently, most of these services come in the form of different point solutions for different types of threats. This leads to gaps in protection and increased acquisition and operational costs. To tackle these challenges, Google Cloud has launched a security solution, Web App and API Protection (WAAP), which provides comprehensive threat protection for your web applications and APIs. Google Cloud WAAP is based on the same technology Google uses to protect its public-facing services against web application exploits, DDoS attacks, fraudulent bot activity, and API targeted threats. It represents a shift from siloed to unified application protection, and can deliver improved threat prevention, greater operational efficiencies, and consolidated visibility and telemetry. It also provides protection across clouds and on-premises environments.Google Cloud WAAP combines three leading products to provide comprehensive protection against threats and fraud: Google Cloud Armor, which is part of Google Cloud’s global load balancing infrastructure, provides WAF and anti-DDoS capabilities, protecting applications against the Open Web Application Security Project (OWASP) Top 10, sophisticated application exploits, and both volumetric and layer 7 availability attacks. Apigee, Google Cloud’s API management platform, provides API lifecycle management capabilities, with a heavy focus on security. The solution verifies API keys, generates and validates OAuth access tokens, rate limits traffic, enforces quotas, and provides analytics on API trends. reCAPTCHA Enterprise provides transparent protection from fraudulent activity, spam, and abuse like scraping, credential stuffing, automated account creation, and exploits from automated bots.Google Cloud WAAP solution high-level architecture“I’ve seen our customers benefit greatly from each part of Google Cloud WAAP, and now that it’s a packaged solution, we can bring a more comprehensive security solution to a broader set of clients much faster.” said Miles Ward, CTO of SADA Systems. “SADA is excited to partner with Google to bring this outstanding security solution to our customers’ mission critical projects.”How WAAP is helping customers today The following two scenarios showcase how a bank and an airline are using Google Cloud’s WAAP solution to address their heightened security needs. Balancing security requirements with ease of useA bank is launching a new microservices based payment app and, due to the architecture of the application, it exposes several APIs which need to be protected. Three different teams are involved and have different priorities that need to be balanced.Google Cloud’s WAAP solution allows different teams at the bank to collaborate closely to fulfil their requirements using one solution and one vendor. Managing OWASP Top 10 Web Application Security RisksAn airline needs to protect its reservation website from OWASP Top 10 Web Application Security Risks. Preventing attackers from utilizing leaked or stolen email addresses and passwords to gain unauthorized access (credential stuffing) is a priority. Their APIs are used by 3rd party travel sites for making reservations, therefore the airline also needs to be able to manage authentication and authorization of their public APIs.The airline uses the Google Cloud WAAP solution, implementing Cloud Armor as a WAF, Apigee as the API management layer, and reCAPTCHA Enterprise to defend against credential stuffing.Google Cloud WAAP solution workflowLet’s take a look at the workflow of this request with the Google Cloud WAAP solution.The first point of contact on the WAAP solution is Cloud Armor. Cloud Armor protects against OWASP Top 10 vulnerabilities like cross-site scripting (XSS), SQL Injection (SQLi) etc and also provides protection against L3, L4, and L7 DDoS attacks. If none of the above rules are triggered on the Cloud Armor policies, a request is sent to the reCAPTCHA Enterprise API to evaluate whether the incoming traffic is a legitimate request or not [Machine bot vs. Human]. If it is a legitimate request, then the request is forwarded to the airline’s backend. If the request is not a legitimate one, then Cloud Armor has the ability to deny the request by sending a 403 response code to the user. Further, Cloud Armor can take more intelligent actions like redirecting to a different page or forwarding the request to a honeypot. For any API requests, once the Cloud Armor OWASP rules and DDoS protection has been evaluated, the request is then forwarded to Apigee to check the validity of the API request. Apigee is now able to determine if the API keys or access tokens used in the request are valid and that the consumer has access to the API or not. If Apigee determines the request to be a non-legitimate one, Apigee can serve a 403 response code to the end user otherwise, Apigee will forward the request to the Airline’s backend.For all requests being made to the airline’s reservation website, the WAAP solution is the first point of contact and can detect and mitigate bad actors at the edge before the request even reaches the airline’s backend.As more and more organizations accelerate their digital transformation journey, and as business processes and commerce rely more on digital interactions, the need for heightened levels of security and protection has risen significantly. Moving to a unified application protection like Google Cloud’s WAAP solution can help organizations deliver improved threat prevention, greater operational efficiencies, and consolidated visibility and telemetry, in record time. Get started using WAAP today For more details on how Google Cloud can help with comprehensive web app and API protection, check out our WAAP solution page, watch our on-demand webinar on App Modernization and Protection, and read our whitepaper written by Enterprise Strategy Group on Meeting the challenges of securing modern web applications with WAAP.1. Gartner, Defining Cloud Web Application and API Protection Services, Jeremy D’Hoinne and Adam Hils, Refreshed 20 May 2020.Related ArticleMulti-layer API security with Apigee and Google Cloud ArmorHow Apigee X with Google Cloud Armor provides robust API management and multi-layer security.Read Article
Quelle: Google Cloud Platform
3 keys to multicloud success you’ll find in Anthos 1.7
Most organizations choose to work with multiple cloud providers, for a host of different reasons. In a recent Gartner survey of public cloud users, 81% of respondents said they are working with two or more providers. And as well you should! It’s completely reasonable to use the capabilities from multiple cloud providers to achieve your desired business outcomes. Beyond simply letting you run apps in on-prem and in different clouds, we’ve noticed that successful multicloud implementations share characteristics that enable higher-level benefits for both developers and operators. To do multicloud right, you need to: Establish a strong “anchor” to a single cloud provider Create a consistent operator experienceStandardize software deployment for developers We recently released Anthos 1.7, our run-anywhere Kubernetes platform that’s connected to Google Cloud, delivering an array of capabilities that make multicloud more accessible and sustainable. Let’s take a look at how our latest Anthos release tracks to a successful multicloud deployment. 1. Create an anchor in the cloudYour cloud journey should be anchored to a single cloud. Is that controversial? At Google Cloud, we think that instead of dragging your current state to the desired location, you bring characteristics of your desired state to your current location. And instead of re-creating foundational behaviors in each cloud, you anchor on a single cloud, and use those practices everywhere else.Let’s be specific. Cloud Logging is our scalable, high-performing service for infrastructure and application logs. In addition to sending logs from on-premises Anthos environments, you can now send logs and metrics from Anthos on AWS to Cloud Logging and Cloud Monitoring. Use one powerful logging system that all your environments feed into, and retire your on-prem logging infrastructure.When all your clusters are attached to Google Cloud, you can also simplify management. With the new Connect gateway, you can interact with any cluster, anywhere, all from Google Cloud. Deploy workloads to a cluster on-prem. Read logs from a workload running inside an AWS VPC. By using Google Cloud and Anthos as your multicloud anchor, you can centralize activities and reduce the toil of per-cloud management.Letting the public cloud manage more things allows you to focus on what matters: your software. In this release, we enabled a preview of our managed control plane forAnthos Service Mesh on Google Cloud. This gives you an Istio-powered mesh with the data plane in your cluster, but with us scaling, patching, and operating the control plane itself. You can even use this for your virtual machine workloads. Take advantage of the cloud’s innovation and add your Compute Engine workloads into Anthos Service Mesh. The reality is that most enterprise compute resources are still in VMs and many will remain there for a long time to come. This way, all of your VM-based workloads can have the same mesh functionality as your container-based workloads—even if the operating system is in Managed Instance Group (MIG). You can also use Anthos Service Mesh to apply Common Vulnerabilities and Exposures (CVEs) updates, for better lifecycle management.2. Create a consistent experience for operatorsNo multicloud solution can eliminate all per-cloud management for operations teams. There will always be some level of direct management of each cloud. Can we reduce the amount so that operations teams don’t waste so much time with bespoke configurations? Yes, we can. Anthos normalizes a significant portion of your operational effort, regardless of where your Kubernetes cluster resides. And we’re working to bring more and more consistency to the Anthos experience on each of its target platforms. This helps operators learn something once, and apply it everywhere.In Anthos 1.7, we delivered Windows container support for vSphere environments, as well as support for our own container-optimized OS. That brings Anthos to parity with what we offer in GKE on Google Cloud. We also GA-ed the CSI driver for vSphere, giving on-prem clusters the same experience with storage volumes as Google Cloud customers.Then there’s Anthos Config Management (ACM), which delivers a powerful, declarative way to define desired state and keep your environment in that state. That means defining and deploying security policies, reference data, and required agents with source-controlled configuration files. And in Anthos 1.7, we’re extending ACM to a wider range of supported cluster types (besides GKE) including EKS 1.19, AKS 1.19, OpenShift 4.6, KIND 0.10 and Rancher 1.2.4. Whether you’re deploying GKE clusters with Anthos, or attaching your existing Kubernetes clusters running in other environments, components like ACM and Connect gateway give you a consistent operational experience.3. Establish a secure, familiar deployment target for developersFrom what I’ve observed, the main beneficiaries of multicloud are developers—and by extension, the end users of the software those developers create. With multicloud, developers can use the best services from each cloud and run each workload in the right place. The hard part? Creating some level of repeatability across all these environments. How a developer deploys to a hypervisor or container environment on-prem is very different from how they deploy to an app-centric platform in the cloud. There are different requirements for how to package up the software, different deployment tools, and different handoffs or automated integrations to expose the application for use. Can we normalize it a bit? Indeed we can, by creating a consistent dev experience for the inner loop, and a standard deployment API for every environment.To that end, the Google Cloud Code team have added extensions to your favorite IDEs to make it easier to build YAML for use in any Anthos environment. Create standard Kubernetes deployment manifests, a Cloud Build definition, or even a configuration that represents a first-party cloud managed service. And with local emulators for things like Kubernetes and Cloud Run, you can build and test locally before packaging up your software for deployment to Anthos.Speaking of builds, with the new Connect gateway, you can create Cloud Build definitions that deploy to any Anthos-connected cluster. Cloud Build is a powerful service for packaging and deploying software, and the ability to use it to deploy anywhere is a big deal.There’s more. How should developers securely access cloud services from their apps? You don’t want something unique for each environment. In Google Cloud, Workload Identity is used to map Kubernetes services accounts to IAM accounts so that you never need to stash credentials in the environment. With Anthos 1.7, we’ve made our Workload Identity capability available on-premises, and in AWS. Just build your apps, and at runtime they can securely talk to managed services with appropriate permissions.Don’t just take our word for itMulticloud is an idea whose time has come, and the new features and capabilities that we’re building into Anthos are rapidly translating into industry recognition and successful customer deployments.When it comes to analyst firms, Forrester recently named Google Cloud a“Leader” in Multicloud Container Development Platforms, citing Anthos’ automated cluster lifecycle operations, control plane management, logging, and policy-driven security features.When it comes to customers, we’re working with global enterprises across a number of industries who want to modernize their application portfolios for agility and drive cost savings. Here are three recent customers Anthos customers: Major League Baseball uses Anthos to run applications like Statcast that need to run in the ballpark for best performance and low latency. Anthos on bare metal also makes it easier for them to swap out a server in the event of a hardware failure. PKO Bank Polski, the largest bank in Poland, uses Anthos to scale its services up dynamically when peaks occur unexpectedly. Marcin Dzienniak, PKO’s Chief Product Owner of the Cloud Center of Excellence, said “using Anthos, we’ll be able to speed up our development and deliver new services faster.” Finally, the Wellcome Sanger Institute, one of the world’s leading centers for genomic science, uses Anthos to improve the stability of their research IT infrastructure. Anthos deployment was a quick and easy process: the team had JupyterHub, an open-source research collaboration tool, up and running in just five days, including all notebooks and secure researcher access.With the launch of Anthos 1.7, we hope to continue delivering exceptional experience for even more Anthos customers.Next stepsDownload the Forrester Total Economic Impact study today to hear directly from enterprise engineering leaders and dive deep into the economic impact Anthos can deliver your organization. For a complete guide to using Anthos clusters on AWS, including cluster setup and administration, refer to setting up Anthos on other public clouds. To learn more about Anthos on bare metal, read about one Developer Advocate’s experience getting hands-on with Anthos on bare metal and then, to try it yourself, check out the Anthos Developer Sandbox.Related ArticleIntroducing the Anthos Developer Sandbox—free with a Google accountThe new Anthos Developer Sandbox spins up all the tools you need to learn how to develop for the Anthos platform.Read Article
Quelle: Google Cloud Platform
Part 2: Hackathons aren’t just for programmers anymore
As we discussed in our recently published article, no-code hackathons are a great way to empower line-of-business workers and encourage innovation, but they sometimes require different planning steps than traditional hackathons aimed at coders. In this article, we take a look at three questions you should ask yourself to refine the event’s goals, as well as a four-step planning framework and best practices we’ve seen adopted by users of AppSheet, Google Cloud’s no-code application development platform. One thing to keep in mind: just like a no-code, custom business app, the beauty of a hackathon lies in the fact that each one is a customized effort based on your specific goals. Once you refine your goals, use the framework to build your hackathon. And once you’ve successfully managed your hackathon event, you can use that experience to inform the next one.Three questions to refine your goals for a hackathonThe hackathon will be many employees’ introduction to the concept and promise of no-code programs, so before any planning for the event itself can occur, enterprises need a refined sense of what the program should achieve and how it will fit into existing operations. 1. What does innovation look like for your organization? Innovation can mean a number of different things–removing manual processes, improving efficiency in the field, digitizing workflows, and more. Identifying what kind of innovation you hope to spur is important to introducing a no-code platform, and its potential, to the workforce. That said, it is important not to over-prescribe goals: one benefit of democratizing the tools of innovation is that employees often discover and solve challenges that had previously gone unacknowledged. 2. What types of organizational and governance structures will support the no-code program?It’s obviously powerful to extend app building to more employees, but businesses still need to ensure that no-code efforts don’t redundantly overlap with IT projects. Likewise, they need to avoid Shadow IT problems in which IT lacks visibility into no-code projects, and they need to apply security protections to the corporate digital assets leveraged for no-code apps. All of this means governance and organizational models are important to a successful no-code rollout. In an IT-centralized model, IT teams create nearly all of the applications to address an organization’s needs. In an IT-decentralized program, the broader organization develops the applications within the governance framework provided by IT. Both can encourage non-technical employees to become no-code citizen developers, but they do so in different ways. For example, in an IT-centralized model, business users might use the no-code platforms to build prototypes, the final versions of which are built by IT. In an IT-decentralized model, non-technical employees throughout the organization might build their own solutions according to governance guardrails set by IT. 3. Beyond hackathons, how will you encourage citizen development?A hackathon is a great way to drive engagement and hands-on learning, but it’s not the only way to inspire the workforce–and even after a successful hackathon, organizations still need educational and community-building resources to maintain momentum. Many such resources are available, such as AppSheet’s Creator Community. It’s important to look for resources that already exist outside the company, but many successful no-code programs have also invested in internal resources, such as recurring office hours with experts or onboarding programs specific to the company’s goals. Four key steps for planning a successful no-code hackathon The preceding questions are a starting point for defining the no-code program’s intentions–but planning and holding a hackathon involves a few more steps. This four-part framework offers some best practices to ensure the event is organized based on your organization’s unique needs. 1. Define your objective This may seem obvious, but an organization is unlikely to succeed if it holds a hackathon just for the sake of holding an event, without clear goals and intentions. With digital fatigue running rampant, employees aren’t always primed to accept new technical solutions–so to cut through the noise and inspire the workforce, it’s critical to define what the event should achieve. The goal might be to align your organization’s goals with actions individual citizen developers or teams of citizen developers can take. It might be identifying manual tasks that could be automated or potential long-tail solutions. There is no single approach, but often, successful no-code hackathons focus either on functionality or use cases. When a hackathon focuses on functionality, they are often more open-ended but also more likely to produce novel ideas or call attention to challenges that are familiar to line-of-business workers but unknown to leaders. Hackathons built around a specific use case or challenge can be more targeted, but they can also be overwhelming to new citizen developers who are still learning how the no-code platform lets them harness different kinds of functionality. For example, let’s say my objective is to focus on removing paper from my company’s business processes. The key is not to tell hackathon participants what kind of app to build because I don’t know all the issues they might be struggling with. But every app must digitize something that is now being executed manually. That will be my main criteria for any hackathon app. Of course, I will need to develop a list of questions whose answers will ensure that my objective is being met. These questions will also help my new citizen developers formulate an app building plan and for the most part should focus on the following areas:Problem. Describe the manual process you want to digitize as well as the paper you want to remove from your process and how it applies to the stated objective.Scope. Describe what areas of business the problem impacts—is it within an individual scope, or a department, or cross-departmental?Data. Describe the underlying data you want to digitally capture, where it resides today (in a filing cabinet, transposed to a doc or spreadsheet) and where it should reside electronically.Solution. Describe how you plan on resolving the problem—how is the app you propose to build going to address the problem? What capabilities does the app need? What features on the app building platform will you be using?Success metrics. How do you measure success? An increase in productivity measured by a decrease in time spent? Reduction of paper measured by amount digitized?Recommended best practices: This may seem like a lot of information to collect early in the hackathon process but it provides a structured way to look at an ongoing problem and resolve it. Most citizen developers are new to app building and this type of methodology teaches them how to approach an app building project. This type of approach also serves as a way for departments to identify process issues that may be known or unknown—those long tail applications that provide incremental value and when taken together, may exceed the value of larger, more complex applications. Finally, consider building an app on your no-code platform to collect this information. This signals two things: an overall commitment to digitization as well as a commitment to the platform as the digitization vehicle.2. Cultivate executive buy-in Hackathons are usually more successful when company leaders advocate for them. Employees may be uncertain about new technology platforms and tools if the intentions behind and benefits of those resources have not been clearly communicated. Similarly, employees accustomed to existing processes may not adopt new ones if incentives and goals have not been refreshed. These efforts require executive leadership, and when businesses successfully navigate large shifts in technology, the CTO or even CEO is often involved. Recommended Best Practices: Successful hackathons rely on participation and support from the leadership team as well as IT and line of business management. This participation indicates that citizen development is part of the corporate culture and has the support of the entire company. One member may be designated as the owner or multiple members may be given roles—the more active the support, the more likely it is for employees to get involved. There should be active involvement from the leadership team to promote all hackathon aspects:Encourage participation. Promoting the hackathon throughout the company via all forms of communication, including email, company and LOB meetings, newsletters, collaboration apps like Google Chat, Slack, or Microsoft Teams, etc.Acknowledge milestones. Provide snapshots of the hackathon as it progresses, including number of teams participating, number of departments, number of apps being built, first app to be tested, etc. Along with normal forms of communication, consider setting up a Hackathon community page and actively post to it.Formalize the effort. Host a company-wide event to acknowledge and reward participants. Perhaps the hackathon is a success metrics contest where the winners and runner up receive a prize but make sure that all participants are recognized for their valuable contributions.2. Anticipate hackathon participants’ needs, andWhether a professional or citizen developer, the principles of application development are the same. While no-code application development requires significantly less technical knowledge than traditional application development, it will require training, both during and outside of a hackathon. The more you anticipate, and provide, the necessary training, the more successful your hackathon will be.Recommended best practices: We’ve seen successful programs that bring in outside experts to guide non-technical workers, others that appoint internal experts, others still that focus on self-learning modules–and some that combine all three. All of these approaches are generally more productive when combined with community-building efforts. For example, throughout last year, our Creator Community created incredible apps and made them available to fellow community members. COVID-19 Community Support App is one such great example, and the app has now been translated into over 100 languages by creators around the world. Similarly, we saw a number of citizen developers rally around each other during a global hackathon to build COVID-19 support apps, relying on self-guided resources and community support. We’ve also seen companiessuch as Globe Telecom invest not only in hackathons but also in making experts available for weekly office hours. Many organizations have successfully built citizen developer ecosystems by creating spaces where questions can be posed and discussed. Programs that include specific examples of no-code apps are usually more powerful. In designing training programs, it can be easy to overlook that hackathon participants need assurances that it is okay to make mistakes–which reinforces the importance of governance. It can also be easy to neglect the data management training that can help citizen developers more easily adopt a no-code platform. Measures of success are another important training component. Are no-code apps meant to be deployed across the entire organization, to be used by select teams, or to serve as foundations for future proposals? Is a no-code app’s success quantified by hours saved working on a process, number of users for a specific app, or some other metric? 4. Ensure you don’t miss the final ingredients There are three components, often overlooked, that will determine the overall success of a hackathon:Make it fun. Gamification can be a terrific way to generate enthusiasm. When an organization incentivizes budding citizen developers with recognition or awards, interest in the no-code program often skyrockets.Build awareness. No hackathon will succeed if employees aren’t aware of it, so organizers and the leadership team need to get people excited by marketing the event. Galvanize participation. Will hackathon participants operate as individuals or as members of a team? Most likely, this decision will depend on a number of factors specific to your company with the end result being more employee participation. Recommended best practices: Gamifying a hackathon cannot only generate enthusiasm but also serve as a way to attract more participants. But don’t just focus on the awards aspect for the winners and runner ups. Think of ways to make it fun for all participants. For example, hackathon T-Shirts, trophies, or plaques for everyone. Or fun award categories for best app idea, first deployed app, etc.With or without prizes, no hackathon will succeed if employees aren’t aware of it, so organizers and the leadership team need to get people excited by building awareness through marketing the event. The promotions could range from newsletter blurbs to advertisements on internal sites to references during all-hands meetings– but whatever the venue, this is your chance to communicate both the ways no-code can be empowering as well as any competitions or rewards that the event will entail. Additionally, one can neither devise gamification strategies nor advertise the event without determining whether hackathon participants will work individually or in teams. Which approach works best may depend on a range of factors, such as whether the organization uses an IT-centralized or IT-decentralized model. But generally, individual participants tend to focus on specific goals whereas teams, by virtue of including more perspectives, can promote community and exploration. If you choose to go with teams, we recommend that you solicit cross-departmental teams or teams from different departments, as this is likely to diversify the solutions and conversations that the hackathon facilitates. Finally, don’t forget the closing ceremonies! Whether it’s a live judging panel or simply distribution of awards, find a way to celebrate everyone that participated. This goes a really long way in helping the program to gain traction. Keep the momentum going!With the preceding questions, framework, and best practices, you’re well on your way to holding a no-code hackathon. Congratulations! But what comes next? Here are four ways to keep the momentum going: Hold a post-mortem with your team. What are your main takeaways from this event? Should you host another event in the future? Are there any additional goals you need to consider for future events? What would you change for the next one?Measure your success. Did you meet your objective? Was participation in line with expectations? Did you require a wait list for the event or is the entire organization now trained? What areas can you focus on for your next hackathon? Double down on citizen development across your organization. After you’ve held your first hackathon event, there will be buzz around all that was accomplished. Those who were not able to participate in the first will likely want to attend the next. If you haven’t already marked your calendar for the next one, determine what date makes the most sense. Keep a channel open for support. One of the most exciting parts about no-code hackathons is that citizen developers feel empowered to tackle new and bigger problems. In order to achieve this, they need outlets for support. We highly recommend either creating an internal channel for conversation, such as a citizen developer chat room, or pointing them towards a citizen developer community. We hope you will take this framework and convert it into something that not only meets the unique needs of your organization, but also helps propel you toward a more innovative future. Whether this is just the beginning of your organization’s citizen development journey or the next step in an ongoing digital transformation, the possibilities are endless, and we’re excited to see what you build. Click here to learn more about AppSheet, and jumpstart your no-code journey with our library of sample apps.Related ArticlePart 1: Hackathons aren’t just for programmers anymoreHow no-code hackathons encourage citizen developers to innovate.Read Article
Quelle: Google Cloud Platform
Earning customer trust through a pandemic: delivering our 2020 CCAG pooled audit
At Google Cloud, we work closely with customers who want to assess and verify the security of our platform. Take as an example our recent collaboration with the Collaborative Cloud Audit Group (CCAG). As our customers increased their use of cloud services to meet the demands of teleworking andaid in COVID-19 recovery, we’ve worked hard to meet our commitment to being the industry’s most trusted cloud, despite the global pandemic. That’s why we are proud to announce that Google Cloud completed an annual pooled audit with the CCAG in a completely remote setting, and was the only cloud service provider to do so in 2020. The CCAG is a syndicate of 39 leading European financial institutions and insurance companies who depend on cloud infrastructure and technologies to deliver innovative solutions and experiences for their customers. For these institutions, managing the risks associated with outsourcing material workloads and satisfying strict national and EU regulatory obligations is of critical importance. Carrying out cloud audits at scale is resource intensive, and CCAG members exercise their audit rights by combining the audit scope and fieldwork into one unified annual engagement. Pooled audits of cloud service providers, as stipulated in the European Banking Authority’s Guidelines on outsourcing arrangements, help streamline the audit process and decrease the organisational burden on both the CCAG members and their providers, like Google.Hamidou Dia, vice president for Solutions Engineering at Google Cloud, whose team spearheaded the audit, reflected on how initiatives such as pooled audits can bolster customer trust: “The financial services industry is rapidly changing to meet rising customer expectations and growing regulatory compliance requirements,” Dia said. “We offer verifiable transparency to our customers, so they can confidently and securely leverage Google’s innovative cloud technologies to digitally transform their business and the industry as a whole. We are pleased to partner with CCAG, who are emerging as global leaders in setting the framework for efficient and effective pooled audit assessments.”The COVID-19 pandemic required CCAG and Google to re-imagine the 2020 audit process, which is traditionally performed via onsite meetings and inspections. We instead relied on the security and collaboration capabilities of Google Drive and Google Meet to store and access evidence exhibits, and to meet with subject matter experts. During each phase of the approximately six-month engagement period, the audit teams worked openly and transparently through both offline and interactive sessions to validate Google Cloud’s policies, processes, and technologies. “This is the first time we worked completely remotely and we all learned a lot. We were able to complete the audit fieldwork and Google offered CCAG extensive transparency into their processes and live systems,” said Christina Hepp, divisional head IT, Operations & Sourcing Group Audit, Commerzbank. “Regulators consider a cloud provider’s controls as part of our internal control system and expect us to audit these as such. We were able to verify documentation, reviewed samples, and interviewed subject matter experts to reasonably satisfy the CCAG participating members’ individual risk assessments.”Our annual pooled audits provide the necessary risk assessments and assurances for CCAG members to accelerate their digitization efforts and journey onto the cloud. To help build that trust, we must provide verifiable transparency and remove challenges to security and compliance. We are committed to being a dedicated digital transformation partner and continue to evolve with our customers to meet their regulatory obligations. To learn more about Google Cloud Trust & Compliance, visit our Compliance resource center.
Quelle: Google Cloud Platform
