Download free C1000-100 Free PDF with free pdf and dumps

killexams.com C1000-100 study guide contains a Complete Pool of C1000-100 Questions and Answers and dump checked and substantial including references and clarifications (where material). Our objective to rehearse the C1000-100 Questions and Answers is not just to breeze through the IBM Cloud Solution Architect v4 test at first endeavor yet Really Improve Your Knowledge about the C1000-100 test subjects.

Exam Code: C1000-100 Practice test 2022 by Killexams.com team
IBM Cloud Solution Architect v4
IBM Architect learner
Killexams : IBM Architect learner - BingNews https://killexams.com/pass4sure/exam-detail/C1000-100 Search results Killexams : IBM Architect learner - BingNews https://killexams.com/pass4sure/exam-detail/C1000-100 https://killexams.com/exam_list/IBM Killexams : IBM: Tech trends that continue to play a crucial role in 2023 No result found, try new keyword!What does 2023 hold for tech? IBM and IDC reveal the tech trends, top concerns and opportunities for leaders in APAC. Tue, 06 Dec 2022 11:21:00 -0600 https://techwireasia.com/2022/12/ibm-tech-continues-to-play-a-crucial-role-in-2023/ Killexams : IBM Sentinel for Epic Healthcare and SAP HANA

IBM recently announced a new offering in their cyber resiliency portfolio. Spectrum Sentinel is a solution designed to simplify the deployment and operation of cyber resilient backup and DR for Epic EHR (Cache or IRIS) and SAP HANA environments. Until now, customers wanting to protect these environments from ransomware and cyberattacks would have to manually create processes that integrated multiple tools. Spectrum Sentinel is a unified solution that integrates the IBM Security and Storage cyber-resiliency offerings into a single product.

Cyberattacks are becoming more advanced every day and continue to evolve to work around modern cyber resiliency strategies. One example of this is the use of delayed action malware that will sit dormant for 90 days or more to ensure that even long-term backups have been infected prior to going active. Many companies would prefer to pay the ransom than attempt to restore three-month-old data. It is clear that the best way to fight against this type of attack is to detect the malicious activity as early as possible.

How it works

The two ingredients required for an effective cyber resiliency strategy are early detection and fast recovery of the data. IBM FlashSystem storage features the ability to take instant, immutable copies of production data on primary storage – this allows production data to be restored from a latest snapshot with no data copy delay. Because the snapshots are immutable, this creates a virtual air-gapped backup that cannot be affected by the initial malware attack. This process provides application-consistent snapshots via IBM's Copy Data Management snapshot orchestration solution.

However, being able to rapidly recover data from an immutable snapshot is only useful if the attack is detected quickly and action is taken in real time. IBM's Cyber Vault architecture incorporates IBM's QRadar SIEM Security offering that can detect signs of data corruption as they happen. Once any malicious activity is detected, the Cyber Vault solution can initiate immutable snapshots across the environment. Using machine learning, the solution can identify what data has been affected and quickly isolate any infected backups so that only known good snapshots will be used for restoration. And the solution quickly adapts to new threats due to QRadar's threat intelligence, which actively pulls in feeds via multiple open source standards.

What makes Sentinel different?

IBM Spectrum Sentinel takes this architecture one step further by integrating and tuning the solution for specific enterprise workloads. The analysis engine inspects inside files and databases for metadata and content changes, and finds corruption with up to 99.5% confidence. In the event of a threat detection, it can automatically generate detailed forensic reports for later analysis. It is currently available for Epic Iris, Cache, and SAP HANA environments, with future announcements for additional enterprise workloads planned for 2023, such as VMware, Oracle, and MS SQL.

The primary goal of Spectrum Sentinel is to simplify the ordering and deployment of a pre-integrated cyber resiliency solution for mission critical enterprise workloads. This also helps to eliminate gaps in functionality that occur when customers are forced to create piecemeal solutions. IBM has key agreements with Epic and SAP that allows for tight integration for current and future releases, making this a truly unique solution for enterprise customers.

Explore IBM Sentinel

WWT is an IBM-designated global and regional systems integrator (SI) and solution provider, and we know how important data protection is for modern companies. We encourage your organization to take a holistic approach to data resilience.

Thu, 01 Dec 2022 16:00:00 -0600 en text/html https://www.wwt.com/article/ibm-sentinel-for-epic-healthcare-and-sap-hana
Killexams : Why the future of AI is flexible, reusable foundation models

Content provided by IBM and TNW

When learning a different language, the easiest way to get started is with fill in the blank exercises. “It’s raining cats and …”

By making mistakes and correcting them, your brain (which linguists agree is hardwired for language learning) starts discovering patterns in grammar, vocabulary, and word sequence — which can not only be applied to filling in blanks, but also to convey meaning to other humans (or computers, dogs, etc.).

Greetings, humanoids

Subscribe to our newsletter now for a weekly recap of our favorite AI stories in your inbox.

That last bit is important when talking about so-called ‘foundation models,’ one of the hottest (but underreported) subjects in artificial intelligence right now.

According to a review paper from 2021, foundation models are, “trained on broad data (generally using self-supervision at scale) that can be adapted to a wide range of downstream tasks.”

In non-academic language, much like studying fill in the blank exercises, foundation models learn things in a way that can later be applied to other tasks, making them more flexible than current AI models.

Why are foundation models different?

The way foundation models are trained solves one of the biggest bottlenecks in AI: labeling data.

When (to prove you’re not a robot) a website asks you to select “all the pictures containing a boat,” you’re essentially labeling. This label can then be used to feed images of boats to an algorithm so it can, at some point, reliably recognize boats on its own. This is traditionally how AI models are trained; using data labeled by humans. It’s a time-consuming process and requires many humans to label data.

Foundation models don’t need this type of labeling. Instead of relying on human annotation, they use the fill in the blanks method and self-generated feedback to continuously learn and Excellerate performance, without the need for human supervision.

This makes foundation models more accessible for industries that don’t already have a wide-range of data available. In fact, according to Dakshi Agrawal, IBM Fellow and CTO at IBM AI, depending on the domain you’re training a foundation model in, a few gigabytes of data can suffice.

These complex models might sound far removed from a user like you, but you’ve almost certainly seen a foundation model at work at some point online. Some of the more famous ones are the GPT-3 language model, which, after being fed works by famous writers, can produce remarkable imitations, or DALL-E, which produces stunning images based on users’ prompts.

But foundation models are not limited to human language.

Beyond creating new entertainment, the flexibility that foundation models bring could help accelerate groundbreaking medical research, scientific advances, engineering, architecture, and even programming.

Emergent properties

Foundation models are characterized by two very interesting properties: emergence and homogenization.

Emergence means new unexpected properties that models show which were not available in previous generations. It typically happens when model sizes grow. A language model doing basic arithmetic reasoning is an example of an emergent property of a model which is somewhat unexpected.

Homogenization is a complicated term for a model that’s trained to understand and use the English language to perform different tasks. This could include summarizing a piece of text, outputting a poem in the style of a famous writer or interpreting a command given by a human (the GPT-3 language model is a good example of this).

But foundation models are not limited to human language. In essence, what we’re teaching a computer to do is to find patterns in processes or phenomena that it can then replicate given a certain condition.

Let’s unpack that with an example. Take molecules. Physics and chemistry dictate that molecules can exist only in certain configurations. The next step would be to define a use for molecules, such as medicines. A foundation model can then be trained, using reams of medical data, to understand how different molecules (i.e. drugs) interact with the human body when treating diseases.

Of course, models like these can also generate controversy.

This understanding can then be used to ‘fine tune’ the foundation model so it can make suggestions as to which molecule might work in a certain situation. This can speed up medical research significantly, allowing professionals to simply ask the model to come up with molecules that might have certain antibacterial properties, or might work as a drug against a certain virus.

However, as mentioned, this can at times produce unexpected results. Recently, a group of scientists using an AI foundation model to discover cures for rare diseases found that the same model could also be used to discover the most potent chemical weapons known to humankind.

Foundational worries

One small indication of what a sea change these models can bring has been the sprouting of companies offering ‘prompt generators’, which use humans to come up with prompts for models like Midjourney or DALL-E that reliably output interesting or accurate images.

Of course, models like these generate controversy. Lately, a number of artists have spoken out against the use of their artwork for training image generating models.

There’s also a case to be made about the energy use needed to train a large-scale model. Add to that the fact that the significant computing resources needed to create a foundation model mean that only the world’s largest tech companies can afford to train them.

Then again, as Agrawal explained, increasing efficiency in the training and use of these models means that they’re becoming more accessible to more people at an ever-increasing pace –– bringing down both energy consumption and costs.

Another, more foundational (sorry) problem with these models is that any biases or mistakes in the original model can be transferred to tools built with them. So if racist language is used as training data for a language model, it can lead to some offensive outputs and even lawsuits against the company in question.

One way to avoid this is by manually weeding out unwanted training data, but another, more futuristic method is through the use of so-called synthetic data. Synthetic data is essential fake data that’s generated by an AI model to mimic the real thing, but in a more controlled way. This can be useful for ensuring a foundation model doesn’t intake any offensive or privacy-sensitive data during the learning process.

Will more advanced AI models take our jobs?

Well, yes and no.

The way most AI researchers see these models is as a tool. Just like an electric screwdriver meant less hours were needed to put together a wooden structure, a person was still needed to wield the electric screwdriver.

Take IBM’s foundation model Ansible Wisdom. In a quest to find out whether computers can be taught to program computers, researchers fine-tuned a model to generate Ansible code snippets that previously had to be manually written. With it, developers can use natural language to ask the model to e.g. suggest the ansible automation to deploy a new web server.

Agrawal thinks this will completely revolutionize programmer’s jobs.

The whole innovation cycle will accelerate thanks to AI. For example, if you look at code, by using foundation models, coding becomes much faster using the first generation of foundation models. I’m sure it will double productivity in just a few years.

The company is releasing the model as an open source project in collaboration with Red Hat, most famous for distribution and maintenance of the open source operating system Linux.

This use is similar to the electric screwdriver. It takes a mundane task and uses a tool to automate parts of it for the task to be performed more efficiently, saving developers time which they can then use for more creative endeavors.

“It can take over activities that humans are doing today, and humans will just move on to some other activity. I think 80% of the US population used to be in farming. Less than 2% are now (according to the USDA ERS – Ag and Food Sectors and the Economy) –– humans moved on to other activities and, along with that, our quality of living has improved,” Agrawal said.

Foundation models have the potential to change many processes which are now tedious or repetitive for humans. They also offer the possibility for creating radical and unpredicted solutions to some of the hardest problems we’re facing. In effect, foundation models could mean a complete paradigm shift in how knowledge is created and applied. The key will be ensuring that these models are made accessible to the wider public, with the right safeguards in place.

Tue, 29 Nov 2022 05:42:00 -0600 en text/html https://thenextweb.com/news/why-the-future-of-ai-is-flexible-reusable-foundation-models
Killexams : Essential digitalisation trends for reducing business costs

The event, which took place in conjunction with IDC, discussed the top tech trends for regional businesses in 2023. Sandra Ng, group vice president and general manager for IDC APJ Research said, “We are getting into this new era as a result of three years of digital acceleration around the world, and the defining characteristics of this new digital era are contextualisation and real-time at scale.”

More than 60 per cent of total spending is coming from digital transformation technologies, Ng added: "When we think about projects that organisations can delay, it would only have to be projected with very low digital business impact.”

Ng shared several predictions at the seminar. By 2027, 80 per cent of organisations will accurately quantify the value of their digital capabilities/assets (data, algorithms, and software code) and significantly Excellerate their market valuation. By 2024, 30 per cent of organisations will have a business continuity crisis management strategy that includes continuous intelligence and enables an agile reaction to future economic shocks and disruptions.

In addition, spending on digital technology by organisations will grow at 3.5 times the economy next year, establishing a foundation for operational excellence, competitive differentiation, and long-term growth, Ng said.

Five trends stood out at the panel event to keep an eye on in 2023.

Pervasive and embedded automation

Organisations are investing tremendously in automation. According to Ng, some AI and automation projects have not delivered up to expectations because “these technologies have been applied, predominantly, in silos.”

She contends that technology has always been a deflator, as organisations use technologies to drive automation, indirectly reducing inflationary pressures.

According to Paul Burton, general manager at IBM Asia-Pacific, automation is becoming increasingly imperative for businesses. "The people entering the workforce don’t have the necessary skills to drive digital transformation forward. That's why automation is imperative," he said.

Burton highlighted business velocity as the key point for 2023. “All CEOs want increased business velocity, which means they need to execute their business processes faster with less variation. That leads back to automation because automation is the only way they can do that,” he said.

Trust in data

AI, analytics, and big data technologies in Asia-Pacific are growing at 20 per cent on year. However, according to Burton, the only way organisations can keep up with the data deluge is to deploy AI. The successful companies today are those that adapt to their environment the quickest, learn, and then evolve, and that is 100 per cent based on data interpreting and learning from data, he said.

“My advice to any company in any industry, in any country, is to get good data architecture and make sure that you have ubiquitous access to all data in the enterprise so that you can report on it and have a baseline of what your current performance is. And then, as you're making decisions, look to see how those metrics move, and you're either improving or not improving, and you can steer accordingly.”

In 2023, organisations must focus on trust in data. According to IDC’s Ng, at some level, organisations must accommodate data and their training data sets to ensure that it represents society or groups appropriately. “I think there's an issue of policy here and an issue of how we appropriately use technology to ensure inclusion for everybody," she said.

Embedded cybersecurity

The number of online and mobile scams has recently increased throughout the region. All banks have invested significantly in their processes, technology, and people to manage security and comply with the region's regulations. As the public sector and government increase their online and mobile touchpoints with their citizens and the country's residents, there will also be more exposure.

There are several approaches organisations need to focus on in 2023, says Burton of IBM. "Cybersecurity education for employees across organisations is critical. This has to be a continuous process," he said. "Second would be vulnerability assessment, and the only way to keep up with that is through AI or automation. Deploying AI contributes to understanding what anomalies are taking place to inspect the anomaly and deal with it."

In addition, a zero-trust security strategy can help organisations increase their cyber resiliency and manage the risks of a disconnected business environment. “You've got to have threat management, you've got to have identity management, and of course, you've got to have data security. The only way you can keep up with it is through AI or automation,” he added.

"Some top points for 2023 are business velocity (to execute their business processes faster with less variation), cost reduction (to calm severe inflationary pressure down), and resilience based on technology architecture to quickly evolve and adapt to the world," said Paul Burton.

Sustainability is a business mandate

Technologies like automation allow organisations to consume fewer inputs to produce whatever they're selling. Burton said this ripples back to the beginning of the supply chain and energy consumption. As fewer inputs are needed for a unit of output, less energy is used and, hence, fewer greenhouse gases.

"Organisations won’t know their sustainability performance unless they can measure it," Burton said. "IBM today brings solutions like Envizi to help organisations automate the collection and consolidation of hundreds of data types under major, internationally recognised reporting frameworks."

Companies today that do not have good data foundations cannot integrate all data from the enterprise into an application or a capability that will produce a scorecard for environmental, social, and governance criteria and so they are disadvantaged. "The fundamental issue is data and digital transformation generally,” said Burton.

Digital employees

Fewer people are entering the workforce, and of the people doing so, fewer have the skills necessary to drive digital transformation. This has occurred over the past 10-15 years, which is why automation is important because it allows companies to automate some repeated work.

"Organisations need to increase and intensify the skills training of their existing employees who already know the culture and processes of their organisations," Burton said.

Sandra Ng of IDC added, “Automation will help cope with talent gaps. In 2023, automation will be an approach where organisations will take their talent gaps within their own entity. We will see the rise of digital employees who rely on the latest AI and automation technologies to collaborate with knowledge workers and automate mundane tasks to enhance their decision-making capabilities."

According to Burton, future jobs will be consumed by those who learn to collaborate with computers. “IBM is taking an active interest in providing relevant real-time education for students that want to get into the field and gain the relevant skills," he said.

"We have to be positive about the reality – that we expect automation not to lead to those job cuts, but rather to augment the capabilities of humans. The jobs of the future will be taken on by those who learn how to collaborate with computers. Data continues to increase exponentially, and humans just can't keep up with it. The only way that you can keep up with the data is to deploy AI.”

Wed, 07 Dec 2022 11:00:00 -0600 en-US text/html https://vir.com.vn/essential-digitalisation-trends-for-reducing-business-costs-98339.html
Killexams : IBM Cloud Supply Chain Vulnerability Showcases New Threat Class

A vulnerability in IBM Cloud databases for PostgreSQL could have allowed attackers to launch a supply chain attack on cloud customers by breaching internal IBM Cloud services and disrupting the hosted system's internal image-building process.

Security researchers from Wiz discovered the flaw, which they dubbed "Hell's Keychain." It included a chain of three exposed secrets paired with overly permissive network access to internal build servers, the researchers revealed in a blog post published Dec. 1. 

While now patched, the vulnerability is significant in that it represents a rare supply-chain attack vector impacting the infrastructure of a cloud service provider (CSP), Wiz CTO Ami Luttwak tells Dark Reading. The discovery also uncovers a class of PostgreSQL vulnerabilities affecting most cloud vendors, including Microsoft Azure and Google Cloud Platform.

"This is a first-of-a-kind supply-chain attack vector, showing how attackers might be able to leverage mistakes in the build process to take over the entire cloud environment," he says.

Specifically, researchers uncovered "major risk caused by improper sanitation of build secrets from container images, allowing for an attacker to gain write access to the central container image repository," Luttwak says. This would have allowed the actor to run malicious code in customers’ environments and modify the data stored in the database.

"Modifications to the PostgreSQL engine effectively introduced new vulnerabilities to the service," the researchers wrote in their post. "These vulnerabilities could have been exploited by a malicious actor as part of an extensive exploit chain culminating in a supply-chain attack on the platform."

As mentioned, the ability to use PostgreSQL to breach IBM Cloud is not unique to the service provider, researchers said. Wiz already has found similar vulnerabilities in other CSP environments, which they plan to disclose soon and which highlight a broader issue of cloud misconfigurations that pose a supply chain threat to enterprise customers.

The existence of the flaw also highlights how improper management of secrets — or long-lived authentication tokens for cloud APIs or other enterprise systems — can impose a high risk of unwanted intrusion by attackers on an organization using a cloud provider, Luttwak says.

"Finding and utilizing exposed secrets is the No. 1 method for lateral movement in cloud environments," he says.

For now, the researchers said they worked with IBM to remedy the issue in IBM Cloud and no customer mitigation action is required.

Uncovering the Chain

Researchers were doing a typical audit of IBM Cloud's PostgreSQL-as-a-service to find out if they could escalate privileges to become a "superuser," which would allow them to execute arbitrary code on the underlying virtual machine and continue challenging internal security boundaries from there.

Based on their experience, they said the ability to carry out a supply chain attack on a CSP lies in two key factors: the forbidden link and the keychain.

"The forbidden link represents network access — specifically, it is the link between a production environment and its build environment," the researchers wrote. "The keychain, on the other hand, symbolizes the collection of one or more scattered secrets the attacker finds throughout the target environment."

On its own, either scenario is "unhygienic," but not critically dangerous. However, "they form a fatal compound when combined," the researchers said.

Hell’s Keychain held three specific secrets: a Kubernetes service account token, a private container registry password, and continuous integration and delivery (CI/CD) server credentials.

Combining this chain with the so-called forbidden link between Wiz's personal PostgreSQL instance and IBM Cloud databases’ build environment allowed researchers to enter IBM Cloud’s internal build servers and manipulate their artifacts, the researchers said.

Implications for Cloud Security

The scenario presented in Hell's Keychain represents a broader problem within the cloud security community that demands attention and remediation, the researchers said. To wit: scattered plaintext credentials that are found across cloud environments that impose a huge risk on an organization, impairing service integrity and tenant isolation, they said.

For this reason, secret scanning at all stages of the pipeline is crucial, including in CI/CD, code repo, container registries, and within the cloud, Luttwak says.

"Furthermore, lockdown of privileged credentials to the container registry is crucial, as these credentials are often overlooked but are actually the keys to the kingdom," he adds.

CSP customers also should consider image signing verification via admission controllers to ensure these sort of attacks are prevented entirely, Luttwak says.

Hell's Keychain also highlights a common misconfiguration in the use of the popular Kubernetes API for container management within the cloud — pod access, ''which can lead to unrestricted container registry exposure," he says.

Another best practice the researchers recommend is any organization — CSP or otherwise — deploying a cloud environment can take is to impose strict network controls between the Internet-facing environment and the organization's internal network in the production environment, so attackers can't gain a deeper foothold and maintain persistence if they do manage to breach it.

Thu, 01 Dec 2022 04:18:00 -0600 en text/html https://www.darkreading.com/cloud/ibm-cloud-supply-chain-vulnerability-showcases-new-threat-class
Killexams : IBM makes more software products available via AWS Marketplace

IBM Corp. today announced that it’s making more products from its software portfolio available through Amazon Web Services Inc.’s AWS Marketplace.

AWS Marketplace provides access to a catalog of software products from the cloud giant’s partners. Companies can install the products in their AWS environments with less effort than the task would otherwise require. Additionally, companies have access to other offerings besides software, including consulting services and datasets.

IBM in May partnered with AWS to bring more of its applications to the AWS Marketplace. As part of the partnership, IBM has made more than 50 software products available to AWS Marketplace users. Today, the company announced that it will enable customers to purchase four more of its applications through the AWS Marketplace with software-as-a-service pricing. 

The four offerings are IBM Envizi ESG Suite, IBM Planning Analytics with Watson, IBM Content Services and IBM App Connect Enterprise. They’re available under a software-as-a-service pricing model, which means that software and infrastructure fees are bundled into a single price. 

Envizi ESG Suite, the first of the four products that IBM is bringing to the AWS Marketplace, helps companies measure the performance of their environmental, social and governance initiatives. IBM says that the software can collect more than 500 types of data about a company’s ESG initiatives. It visualizes the data in dashboards to ease analysis. 

Planning Analytics with Watson, the second offering that IBM is making available via the AWS Marketplace, is a business planning application. It enables companies to track key metrics such as revenue and forecast how those metrics are likely to change in the future. According to IBM, executives can use the data provided by the application to inform their business decisions.

IBM Content Services, in turn, is a set of tools for managing business content such as documents. It stores files in a centralized repository that users can navigate with the help of a search bar. According to IBM, a built-in data governance tool enables companies to regulate how users access important business records. 

The fourth product IBM is making available on a software-as-a-service basis through the AWS Marketplace is IBM App Connect Enterprise. It’s a platform for building integrations that allow applications to share data with one another. A retailer, for example, could use the platform to build an integration that syncs sales data from its store management software to a revenue forecasting application.

Alongside the four software products, IBM is bringing its IBM Z and Cloud Modernization Stack to the AWS Marketplace. The latter offering is designed to help companies modernize mainframe applications. The offering also eases a number of related tasks, such as sending data from a mainframe workload to an application deployed on AWS.

IBM’s software portfolio wasn’t the only focus of the updates the company announced today. The company also debuted a new consulting offering, IBM Consulting Platform Services on AWS, that promises to help enterprises more easily manage their cloud applications. IBM stated that it will use software with artificial intelligence to carry out certain maintenance tasks.

IBM’s new consulting offering and software updates made their debut today at AWS re:Invent 2022 in Las Vegas. During the event, the company also announced enhancements to its partner strategy.

Companies can now buy IBM software products that are listed on the AWS Marketplace from IBM resellers and use AWS committed spend to finance such purchases. Committed spend is the term for a budget that a company has allocated in advance to its AWS environment. Third-party software makers, in turn, can now more easily embed IBM software into their products as well as receive access to technical assistance, sales support and funding from the company.

Photo: IBM

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Wed, 30 Nov 2022 15:31:00 -0600 en-US text/html https://siliconangle.com/2022/11/30/ibm-makes-software-products-available-via-aws-marketplace/
Killexams : Global Federated Learning Market Report 2022 to 2028: Players Include IBM, Microsoft, Intel, Google and Cloudera - ResearchAndMarkets.com No result found, try new keyword!The "Global Federated Learning Market Size, Share & Industry Trends Analysis Report By Application, By Vertical, By Regional Outlook and Forecast, 2022 - 2028" report has been added to ... Sun, 27 Nov 2022 22:49:00 -0600 https://markets.buffalonews.com/buffnews/article/bizwire-2022-11-28-global-federated-learning-market-report-2022-to-2028-players-include-ibm-microsoft-intel-google-and-cloudera-researchandmarketscom Killexams : Researchers found security pitfalls in IBM’s cloud infrastructure

Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure.

Developed by researchers from security firm Wiz, the attack combined a privilege escalation vulnerability in the IBM Cloud Databases for PostgreSQL service with plaintext credentials scattered around the environment and overly permissive internal network access controls that allowed for lateral movement inside the infrastructure.

PostgreSQL is an appealing target in cloud environments

Wiz’ audit of the IBM Cloud Databases for PostgreSQL was part of a larger research project that analyzed PostgreSQL deployments across major cloud providers who offer this database engine as part of their managed database-as-a-service solutions. Earlier this year, the Wiz researchers also found and disclosed vulnerabilities in the PostgreSQL implementations of Microsoft Azure and the Google Cloud Platform (GCP).

The open-source PostgreSQL relational database engine has been in development for over 30 years with an emphasis on stability, high-availability and scalability. However, this complex piece of software was not designed with a permission model suitable for multi-tenant cloud environments where database instances need to be isolated from each other and from the underlying infrastructure.

PostgreSQL has powerful features through which administrators can alter the server file system and even execute code through database queries, but these operations are unsafe and need to be restricted in shared cloud environments. Meanwhile, other admin operations such as database replication, creating checkpoints, installing extensions and event triggers need to be available to customers for the service to be functional. That’s why cloud service providers (CSPs) had to come up with workarounds and make modifications to PostgreSQL’s permission model to enable these capabilities even when customers only operate with limited accounts.

Privilege escalation through SQL injection

While analyzing IBM Cloud’s PostgreSQL implementation, the Wiz researchers looked at the Logical Replication mechanism that’s available to users. This feature was implemented using several database functions, including one called create_subscription that is owned and executed by a database superuser called ibm.

Copyright © 2022 IDG Communications, Inc.

Thu, 01 Dec 2022 04:59:00 -0600 en text/html https://www.csoonline.com/article/3681450/researchers-found-security-pitfalls-in-ibm-s-cloud-infrastructure.html
Killexams : AWS-IBM Enhance ‘Remarkable’ Partnership At AWS re:Invent

Cloud News

Mark Haranas

‘It just really shows how IBM sees the value of working with AWS for our joint customers. And absolutely, AWS sees the value of working with IBM and taking these important solutions and putting them in the cloud to support our customers transformations,’ AWS’ global channel chief Ruba Borno tells CRN.

 ARTICLE TITLE HERE

Amazon Web Services and IBM are doubling down on their strategic partnership by launching a new set of capabilities and SaaS offerings on AWS and the AWS Marketplace that hundreds-of-thousands of AWS and IBM partners can take advantage of today.

“This AWS-IBM strategic agreement creates an enormous amount of opportunities for partners like us to think differently about how customers can run on AWS,” said Justin Copie, CEO of Innovative Solutions. “We’ve never seen anything like it before.”

Earlier this year, IBM and AWS formed a strategic collaboration agreement to eventually make available dozens of IBM’s bestselling software products on AWS, including IBM API Connect, IBM Db2, IBM Maximo Application Suite, IBM Security Verify, and IBM Watson Orchestrate.

At AWS re:Invent 2022 today, IBM added IBM Envizi ESG Suite, IBM Planning Analytics with Watson, IBM Content Services and IBM App Connect Enterprise running as-a-service on AWS that both IBM and AWS partners can sell on the AWS Marketplace.

[Related: Adam Selipsky: Why Partners Should Pick AWS Vs. Cloud Rivals]

IBM’s Kate Woolley On AWS Partnership

These new additions offer AWS and IBM partners enhanced data, planning and analytics for use across industries to address customer challenges—from sustainability to financial planning, said IBM’s channel chief Kate Woolley.

“As we think about where we want to meet our clients and where we’re going to add the most value to them, we want to really lean into this AWS relationship,” Woolley told CRN.

“As we put more SaaS products and more software products onto the AWS Marketplace, it’s also about where our clients want to buy and where they want to consume their products,” said Woolley. “That’s also why, as we evolved how our resellers can also use the AWS Marketplace, it’s all about meeting our clients where they want and how they want to buy. We want to continue to evolve this partnership to be around our clients and what they need.”

At AWS re:Invent 2022 today, IBM and AWS also expanded these offering to independent software vendors (ISVs) who for the first time can now obtain IBM software from the AWS Marketplace with the same benefits they have always received as IBM partners.

One key to the partnership is that customers can use their cloud commitment spending with AWS on IBM products.

“Now with the AWS Marketplace, our resell partners are able to take their clients committed spend with AWS against the IBM products that are with the AWS Marketplace,” Woolley said.

‘Remarkable’ IBM, Red Hat And AWS Opportunity

Innovative Solutions CEO Copie said customers now have the ability to modernize their infrastructure using best-in-class software from IBM and Red Hat, while leveraging best-in-class cloud infrastructure from AWS.

“It’s remarkable to see the trifecta of IBM, AWS and Innovative be able to deliver these customer outcomes together in ways that were never before possible,” said Copie.

For example, through the relationship between Innovative Solutions and IBM, Copie said his West Henrietta, N.Y.-based company will now be an able to help customers modernize and secure their software and infrastructure on AWS using solutions from Red Hat and IBM.

“This has never been done before and we are excited to be the first solution integrator to do so,” said Copie. “IBM has always been a leader in enterprise software, and with our experience working with small to midsized businesses, we can now bring the power of both IBM and AWS together—everyone wins.”

AWS Channel Chief On IBM Partnership ‘Speed’

AWS Worldwide Channel Chief Ruba Borno said she’s “excited” about “the speed that we are operating and working on together as a team” with IBM.

“It just really shows how IBM sees the value of working with AWS for our joint customers,” said Borno, vice president of worldwide channel and alliances. “And absolutely, AWS sees the value of working with IBM and taking these important solutions and putting them in the cloud to support our customers transformations.”

Borno said the two technology giants are already working on joint go-to-market and joint account planning across multiple verticals and use cases.

For Copie, Innovative Solutions is full steam ahead with IBM and AWS.

“We couldn’t be more thrilled to see Ruba Borno and Kate Woolley listening to both partners and customers, and taking immediate action to enable this level of collaboration,” said Copie. “I’ve never seen anything like it in my 20-plus years in the industry.”

Mark Haranas

Mark Haranas is an assistant news editor and longtime journalist now covering cloud, multicloud, software, SaaS and channel partners at CRN. He speaks with world-renown CEOs and IT experts as well as covering breaking news and live events while also managing several CRN reporters. He can be reached at mharanas@thechannelcompany.com.

Wed, 30 Nov 2022 04:00:00 -0600 en text/html https://www.crn.com/news/cloud/aws-ibm-enhance-remarkable-partnership-at-aws-re-invent
Killexams : IBM puts new focus on sustainability

IBM Thailand, a local operating unit of the global technology firm, has emphasised the importance of sustainability among businesses that can be powered by hybrid cloud and artificial intelligence (AI) for growth.

"We are now in the era of sustainable business that can be underpinned by AI and hybrid cloud," Sawat Asdaron, managing director of IBM Thailand, said at an event to mark the local unit's 70th anniversary.

There are three pillars that can support sustainable business, he said.

The first lies in various technologies that can help businesses reduce pain points, such as hybrid cloud, AI, blockchain, quantum computing and cybersecurity. These technologies can help businesses become more automated and transform into data-driven predictive outcome organisations.

The second involves ecosystem partnerships, where businesses can drive their sustainable growth and leverage innovation provided by global partners.

The third pillar concerns talent and workforce. Mr Sawat said IBM is committed to its plan to provide 30 million people globally with new skills by 2030.

IBM Thailand has worked with various educational institutes in Thailand to enhance people's skills, which can help create job opportunities, narrow the digital skills gap and cultivate a new young workforce, he said.

The company attaches great importance to sustainability, said Mr Sawat. IBM aims to achieve net-zero greenhouse gas emissions by 2030.

"Sustainability is the future of IBM and S-curve businesses," he said.

"We also see opportunities for technology to help customers achieve their sustainability goal."

Citing an annual study by IBM, which surveyed more than 3,000 chief executives worldwide, Mr Sawat said nearly half of them rank sustainability as a top priority for their organisations, an increase of 37% from 2021.

However, more than half (51%) also cite sustainability as one of their greatest challenges over the next 2-3 years, alongside lack of data insights, unclear returns on investment, and technology barriers.

Some 95% of chief executives report being at least in the pilot stage of implementing their sustainability strategy, while under a quarter (23%) say they are implementing their sustainability strategy across their entire organisation.

IBM last year completed the separation of its managed infrastructure services business to Kyndryl, said Surarit Wuwong, technology leader at IBM Thailand.

The company has two core businesses, consisting of IBM consulting and IBM technology.

"We increased our resource client engineers and customer success managers to support our customers," Mr Surarit said. "We will drive support of hybrid cloud and AI, working with customers and partners to build innovation. We will continue to invest in R&D and strategic acquisitions."

The use of hybrid cloud and AI will drive the speed of project delivery to days or hours, instead of years or months, he said.

Some 80% of large enterprises have already deployed hybrid cloud, said Mr Surarit.

AI can serve businesses in many areas, such as supporting automated workflows and maximising insight from a large volume of data, he said.

According to IBM's Global AI Adoption Index 2022 survey, which gauged the opinions of 7,502 senior management respondents, 35% of the companies leverage AI in their business, up from 13% in 2021.

Mr Surarit said over the past seven decades, IBM Thailand has played a part in supporting millions of financial transactions, developing various national platforms, enabling AI intelligent power, building future talent and providing sustainability-linked technology.

Wed, 30 Nov 2022 14:00:00 -0600 en text/html https://www.bangkokpost.com/tech/2450402/ibm-puts-new-focus-on-sustainability
C1000-100 exam dump and training guide direct download
Training Exams List