da Agency

Bloganuary: A Resounding Success!

Even though you can build any type of website on WordPress.com, from an eCommerce store to a photography portfolio, blogs still make up the majority of our 60 million plus sites. To improve interaction and connection with these bloggers, we tried something new: Bloganuary, a writing challenge throughout the month of January, where we provided daily prompts to inspire people to publish blog posts.

Never having run a month long blogging challenge before, we didn’t know what to expect. Would bloggers join in? Would the community appreciate this? 

But the results were incredible! Thousands of participants joined in from around the world, blogging in different languages. Perhaps what warmed our hearts the most, though, was we got to see first-hand how close our community of global bloggers really is. People liked and commented on shared posts, watched their audiences grow, and followed new sites they didn’t previously know about. 

But don’t just take our word for it. Here’s what some of Bloganuary’s participants had to say (some grammar edits were made for clarity purposes):

An excellent initiative. So much variety. I think, “what will I say?” and then come up with something unexpected. Have been on hiatus with my account through some of [the] lockdown. What a great way to get back into the swing of things. Thank you – Storyteller, artandidioms.com

The #Bloganuary blogging challenge has been interesting! I have been writing a different kind of post from the usual – more personal posts. At first I was a little uninspired but have grown into it and am enjoying it (also meeting a diverse group of bloggers!) @wordpressdotcom— Emma Lewis (@Petchary) January 24, 2022

#bloganuary was a chance for me to actually live in a community where we write, we read what others have to say and perhaps share our stories with each other. Every individual has a distinctive power through which he communicates with others, some by painting, others sing and we…WRITE. The spark of this whole challenge was how one topic can cause ripples in many ways and how many unique perspectives there are in a single topic.– SaniaDiary, saniadiary.wordpress.com

@wordpressdotcom Thank you for #Bloganuary as it's gotten me back into the groove of writing my blog. I was stagnant and struggling bit your daily prompts have me, once again, excited about writing! pic.twitter.com/m8PsHJai3D— Fiona (@daddiesgrl45) January 27, 2022

This is a real challenge, something I have never done before. I normally write a blog every few months but starting in February, I think it will be weekly. I have thoroughly enjoyed #bloganuary so far and intend to go all the way. – johnarthurbetts

With such a great response to Bloganuary, we’re working to find new ways to engage with our WordPress.com community, so keep an eye out for some new and exciting challenges this year!

And if blogging publicly isn’t your preferred way to write, consider the Day One app, which allows you to journal privately.
Quelle: RedHat Stack

da Agency

Strengthening our European data sovereignty offerings with Assured Workloads for EU

European organizations, both public and private, are migrating their operations and data to the cloud in increasing numbers. In doing so, they need confidence they can meet their unique needs for security, privacy, and digital sovereignty. Key requirements include the ability to store data within a European geographic region, to ensure that support is provided by EU personnel, and the ability to control administrative access to their customer data and encryption keys used to protect that data. To help meet these needs for customers using Google Cloud Platform, we are pleased to announce the general availability of Assured Workloads for EU. As covered in detail in our introductory blog post, this product allows GCP customers to create and maintain workloads with:Data residency in their choice of EU Google Cloud regionsPersonnel access and customer support restricted to EU persons located in the EUCryptographic control over data access, including customer managed encryption keysLet’s look at how to configure a cloud workload with these controls using the Google Cloud Console: Configuring Assured Workloads for EUAssured Workloads functions at the folder level of an organization, allowing for specific controls to be applied to and enforced selectively for cloud workloads with sovereignty requirements. The first step in creating an Assured Workloads folder is to choose where data will be stored:Selecting the European Union option provides access to two different types of Assured Workloads controls:EU Regions and Support: This option, now in General Availability, allows customers to restrict storage of their data to the EU, in addition to restricting support and access to EU persons. EU Regions and Support with sovereignty controls: This option, now in Public Preview, builds on the capabilities of EU Regions and Support, and provides additional levels of sovereign control by encrypting customer data with externally stored and managed keys from Cloud External Key Manager (EKM) and signing Access Approval requests with those same external keys.Signed Access Approval is a new feature that adds a layer of assurance for actions authorized through Access Approval, a platform control which requires explicit customer consent before administrative access to customer data or configurations is permitted. It signs approvals you grant via Access Approval with an external key from your External Key Manager, helping to verify that an access request was approved by an outside party. Signed Access Approval is currently available for customer configurations that use Thales external key management systems and is coming soon to other external key management systems that integrate with EKM. Customers can apply either option for Assured Workloads for EU at the folder level, allowing flexibility to selectively run workloads using EU Regions and Support, and applying the additional cryptographic controls to workloads that require a higher level of data sovereignty. In either case, Assured Workloads configures and enforces the chosen controls automatically.Customer choices for digital sovereigntyAssured Workloads for EU is the latest in a series of offerings from Google Cloud that deliver what we call Software Defined Community Clouds — cloud infrastructure provisioned for exclusive use by a specific set of organizations with controls tailored to their specific jurisdictional needs. Assured Workloads includes offerings for customer groups in the United States, Canada (in Preview), and now in the European Union, while continuing to expand to other regions around the world.  Customers may have additional operational sovereignty needs focused on the independent operation and verification of these controls. This is why as part of our ‘Cloud. On Europe’s Terms.’ initiative, we’ve announced sovereign cloud solutions powered by Google Cloud to be offered through trusted partners like T-Systems in Germany, Thales in France, and Minsait in Spain. For many organizations, however, the ability to meet data sovereignty requirements for specific workloads will be a meaningful step forward in their digital sovereignty journey.Take the next stepAssured Workloads EU Regions and Support is now generally available for Google Compute Engine, Persistent Disk, BigQuery, Google Cloud Storage, and Cloud KMS (EKM), with EU Regions and Support with sovereignty controls now available in Preview for the same services. Read more about both offerings in our documentation. To learn more, please contact Google Cloud Sales.Related ArticleHelping build the digital future. On Europe’s terms.Cloud computing is globally recognized as the single most effective, agile and scalable path to digitally transform and drive value creat…Read Article
Quelle: Google Cloud Platform

da Agency

Announcing the public preview of Microsoft Azure Payment HSM service

This blog post has been co-authored by May Chen, Product Manager, Azure Security.

The growing trend for running payment workloads in the cloud

Momentum is building as financial institutions move some or all their payment applications to the cloud. This entails a migration from the legacy on-premises applications and hardware security modules (HSM) to a cloud-based infrastructure that is not generally under their direct control. Often it means a subscription service rather than perpetual ownership of physical equipment and software. Corporate initiatives for efficiency and a scaled-down physical presence are the drivers for this. Conversely, with cloud-native organizations, the adoption of cloud-first without any on-premises presence is their fundamental business model. End-users of a cloud-based payment infrastructure expect reduced IT complexity, streamlined security compliance, and flexibility to scale their solution seamlessly as their business grows.

Potential challenges

Cloud offers significant benefits. Yet, there are challenges when migrating a legacy on-premises payment application (involving payment HSM) to the cloud that must be addressed. Some of these are:

Shared responsibility and trust—what potential loss of control in some areas is acceptable?
Latency—how can an efficient, high-performance link between the application and HSM be achieved?
Performing everything remotely—what existing processes and procedures may need to be adapted?
Security certifications and audit compliance—how will current stringent requirements be fulfilled?

The Azure Payment HSM service addresses these challenges and delivers a compelling value proposition to the users of the service.

Introducing the Microsoft Azure Payment HSM

Today, we are excited to announce that Azure Payment HSM is in preview in East US and North Europe.

The Azure Payment HSM is a “BareMetal” service delivered using Thales payShield 10K payment HSMs to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud. Azure Payment HSM is designed specifically to help a service provider and an individual financial institution accelerate their payment system’s digital transformation strategy and adopt the public cloud. It meets stringent security, audit compliance, low latency, and high-performance requirements by the Payment Card Industry (PCI).

HSMs are provisioned and connected directly to users’ virtual network, and HSMs are under users’ sole administration control. HSMs can be easily provisioned as a pair of devices and configured for high availability. Users of the service utilize Thales payShield Manager for secure remote access to the HSMs as part of their Azure subscription. Multiple subscription options are available to satisfy a broad range of performance and multiple application requirements that can be upgraded quickly in line with end-user business growth. Azure Payment HSM offers the highest performance level 2,500 CPS.

Enhanced security and compliance

End-users of the service can leverage Microsoft security and compliance investments to increase their security posture. Microsoft maintains PCI DSS and PCI 3DS compliant Azure data centers, including those which house Azure Payment HSM solutions. The Azure Payment HSM can be deployed as part of a validated PCI P2PE and PCI PIN component or solution, helping to simplify ongoing security audit compliance. Thales payShield 10K HSMs deployed in the security infrastructure are certified to FIPS 140-2 Level 3 and PCI HSM v3.

*The Azure Payment HSM service is currently undergoing PCI DSS and PCI 3DS audit assessment.

Manage your Payment HSM in Azure

The Azure Payment HSM service offers complete administrative control of the HSMs to the customer. This includes exclusive access to the HSMs. The customer could be a payment service provider acting on behalf of multiple financial institutions or a financial institution that wishes to directly access the Azure Payment HSM. Once the HSM is allocated to a customer, Microsoft has no access to customer data. Likewise, when the HSM is no longer required, customer data is zeroized and erased as soon as the HSM is released to Microsoft to maintain complete privacy and security. The customer is responsible for deploying and configuring HSMs for high availability, backup and disaster recovery requirements, and to achieve the same performance available on their on-premises HSMs.

Accelerate digital transformation and innovation in cloud

The Azure Payment HSM solution offers native access to a payment HSM in Azure for ‘lift and shift’ with low latency. The solution offers high-performance transactions for mission-critical payment applications. Thales payShield customers can utilize their existing remote management solutions (payShield Manager and payShield TMD together) to work with the Azure Payment HSM service. Customers new to payShield can source the hardware accessories from Thales or one of its partners before deploying their Payment HSM.

Typical use cases

With benefits including low latency and the ability to quickly add more HSM capacity as required, the cloud service is a perfect fit for a broad range of use cases which include:

Payment processing:

Card and mobile payment authorization
PIN and EMV cryptogram validation
3D-Secure authentication

Payment credential issuing:

Cards
Mobile secure elements
Wearables
Connected devices
Host card emulation (HCE) applications

Securing keys and authentication data:

POS, mPOS, and SPOC key management
Remote key loading (for ATM, POS, and mPOS devices)
PIN generation and printing
PIN routing

Sensitive data protection:

Point to point encryption (P2PE)
Security tokenization (for PCI DSS compliance)
EMV payment tokenisation

Suitable for both existing and new payment HSM users

The solution provides clear benefits for both payment HSM users with a legacy on-premises  HSM footprint, and those new payment ecosystem entrants with no legacy infrastructure to support and who may choose a cloud-native approach from the outset.

Benefits for existing on-premises HSM users:

Requires no modifications to payment applications or HSM software to migrate existing applications to the Azure solution.
Enables more flexibility and efficiency in HSM utilization.
Simplifies HSM sharing between multiple teams geographically dispersed.
Reduces physical HSM footprint in their legacy data centers.
Improves cash flow for new projects.

Benefits for new payment participants:

Avoids introduction of on-premises HSM infrastructure.
Lowers upfront investment via the Azure subscription model.
Offers access to the latest certified hardware and software on-demand.

Learn more about the service:

Azure Payment HSM
Azure Payment HSM documentation
Thales payShield 10K
Thales payShield Manager
Thales payShield Trusted Management Device

Quelle: Azure