The development of effective AI models is crucial in deep learning research, but finding optimal model architectures remains challenging and costly. Traditional manual and automated approaches often fail to expand design possibilities beyond basic architectures like Transformers or hybrids, and the high cost of exploring a comprehensive search space limits model improvement. Manual optimization demands significant expertise and resources, while automated methods are often restricted by narrow search spaces, hindering substantial progress across tasks. To address these challenges, Liquid AIs latest research offers a practical solution.To address these challenges, Liquid AI has developed STAR (Synthesis of Tailored Architectures), a framework aimed at automatically evolving model architectures to enhance efficiency and performance. STAR reimagines the model-building process by creating a novel search space for architectures based on the theory of linear input-varying systems (LIVs). Unlike traditional methods that iterate on a limited set of known patterns, STAR provides a new approach to representing model structures, enabling exploration at different hierarchical levels through what they term STAR genomes.These genomes serve as a numerical encoding of architecture designs, which STAR evolves using principles from evolutionary optimization. By compiling and evaluating these genomes iteratively, STAR allows for recombination and mutation, resulting in continuous refinements. The core idea is to treat model architectures as dynamic entities that can evolve over generations, optimizing for metrics like quality, efficiency, size, and inference cacheall key components of modern AI applications.Technical Insights: STARs Architecture and BenefitsThe technical foundation of STAR lies in its representation of model architectures as hierarchical numeric sequencesgenomesthat define computational units and their interconnections. The search space is inspired by LIV systems, which generalize many common components of deep learning architectures, such as convolutional layers, attention mechanisms, and recurrent units. The STAR genome is composed of several levels of abstraction, including the backbone, operator, and featurizer genomes, which together determine the structure and properties of the computational units used in a model.STAR optimizes these genomes through a combination of evolutionary algorithms. The process involves a series of operations: assessment, recombination, and mutation, which refine the population of architectures over time. Each architecture in the population is evaluated based on its performance on specific metrics, and the best-performing ones are recombined and mutated to form a new generation of architectures.This approach enables STAR to generate diverse architectural designs. By breaking down architectures into manageable components and systematically optimizing them, STAR is capable of designing models that are efficient in terms of both computational requirements and quality. For instance, the STAR-generated architectures have shown improvements over manually tuned models such as Transformers and hybrid designs, especially when evaluated on parameters like size, efficiency, and inference cache requirements.The implications of STAR are notable, especially given the challenges of scaling AI models while balancing efficiency and quality. Liquid AIs results show that when optimizing for both quality and parameter size, STAR-evolved architectures consistently outperformed Transformer++ and hybrid models on downstream benchmarks. Specifically, STAR achieved a 13% reduction in parameter counts while maintaining or improving overall quality, measured by perplexity, across a variety of metrics and tasks.The reduction in cache size is another important feature of STARs capabilities. When optimizing for quality and inference cache size, STAR-evolved models were found to have cache sizes up to 90% smaller than those of Transformer architectures while matching or surpassing them in quality. These improvements suggest that STARs approach of using evolutionary algorithms to synthesize architecture designs is viable and effective, particularly when optimizing for multiple metrics simultaneously.Furthermore, STARs ability to identify recurring architecture motifspatterns that emerge during the evolution processprovides valuable insights into the design principles that underlie the improvements observed. This analytical capability could serve as a tool for researchers looking to understand why certain architectures perform better, ultimately driving future innovation in AI model design.ConclusionSTAR represents an important advancement in how we approach designing AI architectures. By leveraging evolutionary principles and a well-defined search space, Liquid AI has created a tool that can automatically generate tailored architectures optimized for specific needs. This framework is particularly valuable for addressing the need for efficient yet high-quality models capable of handling the diverse demands of real-world AI applications. As AI systems continue to grow in complexity, STARs approach offers a promising path forwardone that combines automation, adaptability, and insight to push the boundaries of AI model design.Check out the Paper and Details. All credit for this research goes to the researchers of this project. Also,dont forget to follow us onTwitter and join ourTelegram Channel andLinkedIn Group. If you like our work, you will love ournewsletter.. Dont Forget to join our60k+ ML SubReddit. Asif RazzaqAsif Razzaq is the CEO of Marktechpost Media Inc.. As a visionary entrepreneur and engineer, Asif is committed to harnessing the potential of Artificial Intelligence for social good. His most recent endeavor is the launch of an Artificial Intelligence Media Platform, Marktechpost, which stands out for its in-depth coverage of machine learning and deep learning news that is both technically sound and easily understandable by a wide audience. The platform boasts of over 2 million monthly views, illustrating its popularity among audiences. FREE AI WEBINAR: 'Fast-Track Your LLM Apps with deepset & Haystack'(Promoted)

Like a Dragon: Infinite Wealth (PS5)See it at AmazonWhat We Said In Our ReviewIn the 9/10 Like A Dragon: Infinite Wealth review, Tristan Ogilvie wrote: "Like a Dragon: Infinite Wealths overhauled combat system injects some welcome flexibility and flash into every turn, its difficulty curve has been pruned of nasty spikes to remove the need for repetitive grinding we endured in the last turn-based game, and its spectacular Hawaiian setting is crammed with enough enjoyable activities to overload even the most ambitious of holiday itineraries. A compelling, country-hopping crime story kept me on the hook like a freshly lured barracuda for the 50 hours it took to complete, and the vibrant new job classes and unique combat arenas ensured that the fighting continued to feel fresh. Sprawling, enthralling, and packed with dynamic brawling, Like a Dragon: Infinite Wealth isnt just the best turn-based Like a Dragon game, its one of the greatest games in the entire series."PlayWere still tracking major outlets, so check out the best Walmart deals and our hub of great Amazon deals still available. If you've been looking to score a great gaming PC deal, Cyber Monday is one of the best times to shop for them, and we've gathered a ton from AlienWare, HP, and more to help you out. You can also grab a deal on a PS5 now if you still need one, or get an Xbox Series 1TB expansion card for the lowest price ever, too. As Cyber Monday deals come to a close, no deal is guaranteed to last past Dec 2. so be sure (and fast) to check out the Best PS5 Game Deals.Elden Ring Metaphor: ReFantazioStar Wars OutlawsFinal Fantasy: I-VI Collection Anniversary EditionDragon's Dogma 2Alan Wake 2 Deluxe EditionDragon Age: The VeilguardPrince of Persia: The Lost CrownTomb Raider I-III RemasteredFinal Fantasy XVINBA 2K25God of War: RagnarokMetal Gear Solid:Metal Gear Solid: The Master Collection Vol.1Visions of ManaCrisis Core: Final Fantasy VII ReunionWhat Deals Are Still Left?There are still some fantastic deals available on PS5 consoles (including PSVR2) and controllers, video games for all platforms, AirPods Pro, and tons more. Brian Barnett writes reviews, guides, features, & more for IGN, GameSpot, & Kotaku. You can get more than your fair share of him on Bluesky & Backloggd, & enjoy his absurd video game talk show, The Platformers, on Spotify &Apple Podcasts.

The Apple Music year-in-review montage for 2024 is now available. View yours now at replay.music.apple.com for Apple Music subscribers.While Apple Music Replay continuously tracks the music you are listening to all year round with monthly playlists, at the end of the year it also debuts a yearly recap. The Replay 24 carousel includes features showing how many minutes of music you listened to on the service this year, across how many artists, and what genres. It will also show you if you are a super-fan of a particular artist with Top x% callouts. You can also see exactly when you crossed listening milestones across the year. There are also comparisons of things like your Top Artists to 2023, to see how your stats and listening habits have changed.Unfortunately, Apple Music Replay continues to be exclusively available through a web browser, rather than a more integrated native affair. The Apple Music app will likely promote the replay site through the app soon, kicking users out to Safari to access the replay online. However, as always, you can access the Replay playlist directly through the Apple Music Home tab, and add it to to your library. Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The Vision Pro is getting close to a year of life, and Apples next software update has some big changes in store that could alter usage patterns. Mac Virtual Display, one of the best Vision Pro features, is getting three upgrades in visionOS 2.2 that provide a huge boost to spatial computing.Wide and Ultrawide display modesEver since launch, Mac Virtual Display has been among the Vision Pros best features. But it hasnt truly taken advantage of the Vision Pros unique strengths until visionOS 2.2.The current Mac Virtual Display feature lets you mirror your Macs screen in a spatial visionOS window. But its only available in a very constricted rectangular shape. You can make that rectangle larger or smaller, but its still the same basic shape.In visionOS 2.2, there are two new display modesWide and Ultrawidethat tap into the unique advantages of spatial computing.Both new modes offer a much wider canvas to run all your Mac apps on. Since the space around you isnt limited to the dimensions of an average MacBook Air or MacBook Pro, it didnt make sense to limit Mac Virtual Display to the traditional rectangular shape.Having more options for your Macs virtual display means you can better utilize the width of your environment and do a lot more with your Vision Pro at once.High quality display resolutionAnother key change ensures that no matter which display mode youre using, the Vision Pro will make macOS crisp and clear.Display resolution with Mac Virtual Display is now better than ever. The high-res upgrade is a welcome change for users who feel like the existing resolution doesnt quite cut it. visionOS 2.2 closes the resolution gap between content rendered in a native visionOS app experience and what youll find in a mirrored macOS app via Mac Virtual Display.Routing audio to the right placeFinally, visionOS 2.2 also corrects an odd behavior thats existed ever since the Vision Pro debuted. Previously, audio for your mirrored Mac would be routed through the Mac itselfnot the Vision Pro.There were workarounds for this issue, such as connecting AirPods Pro or another pair of Bluetooth headphones to your Mac. But that still wasnt a proper solution since Mac Virtual Display and your other visionOS apps would send audio through different outputs.Now, Mac Virtual Display audio gets routed through the Vision Pro itself. So whether youre using the built-in speakers or AirPods, you can get a consistent audio experience across all your spatial computing.Next-gen computing: Wrap-upIt would be great if Mac Virtual Display didnt actually require a Mac. Some day maybe that will be the case. But for now, the upgraded Mac Virtual Display experience in visionOS 2.2 provides a computing experience you cant get anywhere else. It feels like next-gen computing, which perhaps is what spatial computing is all about.Have you tried the upgraded Mac Virtual Display feature in visionOS 2.2? Let us know in the comments.Best Apple discounts Cyber MondayAirPods Pro 2 for only $154(discounted from $249)Apple Watch SE for only $149(discounted from $249)Beats Pill Bluetooth speaker for only $99(discounted from $149)Apple Watch Series 10 for only $329(discounted from $399)Apple Watch Ultra 2 for only $699 w/ coupon(discounted from $799)Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Something's up.Magnetic TornadoesResearchers have observed mysterious "dark ovals," each roughly the size of the Earth, appearing on the polar regions of Jupiter on the ultraviolet spectrum.The gas giant, whose Great Red Spot has already puzzled astronomers for centuries, has an extremely powerful magnetic field which scientists say could be behind the odd phenomenon.As detailed in a new paper published in the journal Nature Astronomy, a NASA-supported group of scientists concluded that disturbances high in the planet's atmosphere may cause these dark spots to appear in ultraviolet observations.While the ovals were first spotted in Hubble observations in the late 1990s, the team says it may have found the reason for why they appear: they suggest that "magnetic tornadoes" in the upper atmosphere could be stirring up stratospheric haze, causing these unusual features to form near both Jupiter's north and south poles.Jupiter HazeThese ovals appear dark in UV observations taken by NASA's Hubble Space Telescope, as part of the Outer Planet Atmospheres Legacy (OPAL) project, because they absorb more ultraviolet light than their surroundings.The phenomenon may not be limited to the upper reaches of the gas giant's atmosphere. The ovals' existence suggests there are strong forces at work deep into the planet's atmosphere, the researchers posit."In the first two months, we realized these OPAL images were like a gold mine, in some sense, and I very quickly was able to construct this analysis pipeline and send all the images through to see what we get," said undergraduate UC Berkeley student and coauthor Troy Tsubota in a statement.Tsubota and his collaborators suggest that the deepest point of these vortices within the planet's ionosphere may be stirring up Jupiter's hazy atmosphere and sending it upwards much like a tornado, causing these ovals to form over roughly a month before dissipating."The haze in the dark ovals is 50 times thicker than the typical concentration," said coauthor and UC Santa Cruz planetary science professor Xi Zhang in the statement, "which suggests it likely forms due to swirling vortex dynamics rather than chemical reactions triggered by high-energy particles from the upper atmosphere."The team hopes to shed more light on how atmospheric dynamics differ between the Earth and Jupiter."Studying connections between different atmospheric layers is very important for all planets, whether its an exoplanet, Jupiter or Earth," senior author and UC Berkeley associate research astronomer Michael Wong added."To me, discoveries like this are significant and interesting not only because its something new in the cosmos, but also because they give us fresh ways to think about our atmospheres on Earth," Zhang argued in a separate statement."For instance, one of the big uncertainties in predicting climate change is understanding how aerosols tiny particles in the atmosphere form and behave," Zhang added. "Jupiter offers a completely different perspective, where magnetic fields and atmospheric layers interact in ways we dont experience here."More on Jupiter: James Webb Observes Mysterious Structures Above Jupiter's Great Red SpotShare This Article

Dec 02, 2024Ravie LakshmananMobile Security / Financial FraudOver a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs."These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which can lead to extortion, harassment, and financial loss," security researcher Fernando Ruiz said in an analysis published last week.The newly discovered apps purport to offer quick loans with minimal requirements to attract unsuspecting users in Mexico, Colombia, Senegal, Thailand, Indonesia, Vietnam, Tanzania, Peru, and Chile.The 15 predatory loan apps are listed below. Five of these apps that are still available for download from the official app store are said to have made changes to comply with Google Play policies.Prstamo Seguro-Rpido, seguro (com.prestamoseguro.ss )Prstamo Rpido-Credit Easy (com.voscp.rapido)- (com.uang.belanja)RupiahKilat-Dana cair (com.rupiahkilat.best) (com.gotoloan.cash) (com.hm.happy.money)KreditKu-Uang Online (com.kreditku.kuindo)Dana Kilat-Pinjaman kecil (com.winner.rupiahcl)Cash Loan-Vay tin (com.vay.cashloan.cash)RapidFinance (com.restrict.bright.cowboy)PrtPourVous (com.credit.orange.enespeces.mtn.ouest.wave.argent.tresor.payer.pret)Huayna Money Prstamo Rpido (com.huaynamoney.prestamos.creditos.peru.loan.credit)IPrstamos: Rpido Crdito (com.credito.iprestamos.dinero.en.linea.chile)ConseguirSol-Dinero Rpido (com.conseguir.sol.pe)coPrt Prt En Ligne (com.pret.loan.ligne.personnel)Some of these apps have been promoted through posts on social media platforms like Facebook, indicating the various methods threat actors are using to trick predictive victims into installing them.SpyLoan is a repeat offender that dates back to 2020, with a report from ESET in December 2023 uncovering another set of 18 apps that sought to defraud users by offering them high-interest-rate loans, while stealthily also collecting their personal and financial information.The end goal of the financial scheme is to collect as much information as possible from infected devices, which could then be used to extort users by coercing them into paying the loans back at higher interest rates, and in some cases, for delayed payments or intimidating them with stolen personal photos."Ultimately, rather than providing genuine financial assistance, these apps can lead users into a cycle of debt and privacy violations," Ruiz said.Despite differences in the targeting, the apps have been found to share a common framework to encrypt and exfiltrate data from a victim's device to a command-and-control (C2) server. They also follow a similar user experience and onboarding process to apply for the loan.Furthermore, the apps request for a number of intrusive permissions that allow them to harvest system information, camera, call logs, contact lists, coarse location, and SMS messages. The data collection is justified by claiming it's required as part of user identification and anti-fraud measures.Users who register for the service are validated via a one-time password (OTP) to ensure they have a phone number from the target region. They are also urged to provide supplementary identification documents, bank accounts, and employee information, all of which are subsequently exfiltrated to the C2 server in encrypted format using AES-128.To mitigate the risks posed by such apps, it's essential to review app permissions, scrutinize app reviews, and confirm the legitimacy of the app developer before downloading them."The threat of Android apps like SpyLoan is a global issue that exploits users' trust and financial desperation," Ruiz said. "Despite law enforcement actions to capture multiple groups linked to the operation of SpyLoan apps, new operators and cybercriminals continue to exploit these fraud activities.""SpyLoan apps operate with similar code at app and C2 level across different continents. This suggests the presence of a common developer or a shared framework that is being sold to cybercriminals. This modular approach allows these developers to quickly distribute malicious apps tailored to various markets, exploiting local vulnerabilities while maintaining a consistent model for scamming users."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and November 2024, INTERPOL said."The effects of cyber-enabled crime can be devastating people losing their life savings, businesses crippled, and trust in digital and financial systems undermined," INTERPOL Secretary General Valdecy Urquiza said in a statement."The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation supported by INTERPOL shows what results can be achieved when countries work together. It's only through united efforts that we can make the real and digital worlds safer."As part of HAECHI-V, INTERPOL said Korean and Beijing authorities jointly dismantled a widespread voice phishing syndicate responsible for financial losses totaling $1.1 billion and affecting over 1,900 victims.The fraudulent operation entailed the e-crime gang masquerading as law enforcement officials and using counterfeit identification. At least 27 members of the organized criminal group behind the scheme have been arrested, with 19 individuals subsequently indicted.INTERPOL has also issued a purple notice, warning of an emerging cryptocurrency fraud practice called the USDT Token Approval Scam that allows bad actors to drain victims' wallets by leveraging romance-themed baits to trick them into buying popular Tether stablecoins (USDT tokens) and investing them."Once the scammers have gained their trust, the victims are provided with a phishing link claiming to allow them to set up their investment account," the agency said. "In reality, by clicking they authorize full access to the scammers, who can then transfer funds out of their wallet without the victim's knowledge."News of HAECHI-V comes nearly a year after INTERPOL said it arrested nearly 3,500 individuals and made seizures worth $300 million across 34 countries following a six-month operation.It also follows the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks to tackle cybercrime in the continent.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

In the early days of cloud, confusion around the shared responsibility model abounded. It was common for customers to simply assume that putting their data in the cloud meant that data was secure with no effort on their end. Today, that misconception, while not entirely erased, is much less likely to trip enterprises up.Migration to the cloud continues and cloud maturity varies depending on the enterprise. Misconfigurations happen, as do breaches. In fact, the majority of breaches (82%) involved data in the cloud, according to IBMs Cost of a Data Breach Report 2023.As organizations increasingly embrace their use of multiple cloud services, threat actors will continue to target it. Understanding how cloud providers are responsible for the security of the cloud and how customers are responsible for security in the cloud can help enterprises avoid potential missteps.Who Is Responsible for What?The broad definition of the shared responsibility model means cloud service providers (CSPs) are in charge of securing the underlying infrastructure of the cloud. Data centers and physical networks are their responsibility. Customers are responsible for securing their environment and their data in the cloud.While that broad definition is widely accepted, there is room for nuance among the various CSPs. They view it the same broadly, and then, they view it differently when you get into specific services, Randy Armknecht, managing director, global cloud advisory at global consulting firm Protiviti, tells InformationWeek.Related:And CSPs offer a lot of different services. We have over 200 services so that bar of the customer side and AWS side does shift a little bit on a couple of the services, Clarke Rodgers, director of enterprise strategy at cloud computing company Amazon Web Services (AWS), says.Enterprise leaders need to dig into the documentation for each cloud service they use to understand their organizational responsibilities and to avoid potential gaps and misunderstandings.While there is a definite division of responsibilities, CSPs typically position themselves as partners eager to help their customers uphold their part of cloud security. The cloud service providers are very interested and invested in their customers understanding the model, says Armknecht.Google, for one, opts to refer to the shared responsibility model as one of shared fate. We step over that shared responsibility boundary, partner with our customers, and provide much more prescriptive guidance and capabilities and services and teams like mine, for example, to help them with that part of that responsibility model, explains Nick Godfrey, senior director and global head, office of the CISO at Google Cloud, Googles suite of cloud computing services.Related:Customer success is a common mantra among cloud providers, although the exact wording may be different. Cloud is just not a technology. Its ultimately a partnership for the enterprise with the provider, says Nataraj Nagaratnam, CTO for cloud security at technology company IBM.When Misunderstandings HappenBoth parties, customer and provider, have their security responsibilities, but misunderstandings can still arise. In the early days of cloud, the incorrect assumption of automatic security was one of the most common misconceptions enterprise leaders had around cloud. Cloud providers secure the cloud, so any data plunked in the cloud was automatically safe, right? Wrong.Once that customer decides to sign up for an account, start using AWS services, start putting data in there, it is their responsibility how they choose to configure our services to meet their specific security, compliance, and privacy needs, Rodgers explains.Cloud customers might also mistakenly make assumptions about compliance with regulations like PCI or HIPAA. Microsoft and AWS and others have all of the configuration settings available and services available to be PCI compliant, but simply [putting] your data there does not make you compliant. You have to deliberately configure things to be compliant, says Armknecht.Related:Today, CSPs are much less likely to run into customers who make these kinds of assumptions. Over time, that misconception has definitely [been] reduced, but unfortunately, it has not gone away, says Nagaratnam.Even if customers fully understand their responsibilities, they may make mistakes when trying to fulfill them. Misconfigurations are a potential outcome for customers navigating cloud security. It is also possible for misconfigurations to occur on the cloud provider side.The CIA triad: confidentiality, integrity, and availability. Essentially a misconfiguration or a lack of configuration is going to put one of those things at risk, says Armknecht. Misconfigurations might result in issues like system outages or exploitable vulnerabilities.Cloud providers recognize that potential risk and aim help customers avoid that pitfall. We look really hard at providing layers of defense and multiple controls so that there is massively reduced likelihood of one misconfiguration causing that sort of nightmare scenario, says Godfrey.But misconfigurations do still happen. Where we find people having that misunderstanding is when it gets to the per service level, and I typically think it's a result of IT and development teams moving [too] fast, says Armknecht. They didn't go validate their assumption of the shared responsibility model for each service.Talking Shared ResponsibilityHow should customers talk to their CSPs about shared responsibility?I would absolutely look at the nature of the support and services that the CSP provides to the customer. I would ask questions around their philosophy and approach to secure [by] default and secure by design principles, says Godfrey. I would ask about the support in terms of providing foundations and blueprints and guidance to enable the customer to not have to figure everything out themselves.Conversations around expectations and available support can provide enterprise customers with more clarity. Once armed with that knowledge, enterprise teams -- often led by the coordinated efforts of the CIO, CTO, and CISO -- need to put in the internal work of upholding their cloud security responsibilities.There's often a tendency to assume that the relationship between the CISO and the CTO or the CIO is adversarial or challenged because they want different things, says Godfrey. We actually think they probably want exactly the same things, which is a secure and resilient cloud that enables the business to do business of the speed it wants to do it with all of the agility that the cloud has the potential to offer.Depending on the maturity of the organization, it may or may not have those roles filled or the resources to properly manage the shared responsibilities associated with the cloud.Not all customers are the same. They don't have the same resources. They don't have the same staffing or skill sets internally, says Rodgers. Customers might onboard an MSSP [managed security service provider] and use them while they're upskilling their own staff and then eventually sort of wean off the MSSP as they gain more familiarity and functionality inside of AWS.Multi-Cloud ComplexityAs enterprises increasingly leverage the benefits of the cloud, they may find it advantageous to work with different providers and adopt different services to support a variety of business functions. The majority of the customers that I meet with are using more than one cloud, or they're using SaaS services, Rodgers shares.Maintaining their half of the shared responsibility model can become more complicated for customers like that. Enterprise teams need to understand how their responsibilities shift, depending on the provider and the specific service. So, the team just has more to do; it's going to take longer, says Armknecht. He also points out that teams may understand one cloud environment but struggle with another. Maybe they misstep up on which controls are needed to meet their shared responsibility.While the complexities of multi-cloud and hybrid environments abound, there are some ways in which managing shared responsibility could become easier. Those responsibilities can be made much more addressable using technologies like AI and automation, Nagaratnam points out.As technology and risk continue to change, what will that mean for the shared responsibility model?I think the definitions of where the ... delineation actually technically sits will continue to evolve as cloud products continue to evolve, says Godfrey. But I don't think the shared responsibility model in that sort of contractual and legal delineation will go away.

Venkata Nedunoori, Associate Director, Dentsu InternationalDecember 2, 20244 Min ReadAleksia via Alamy StockCloud computing has revolutionized the way businesses operate, offering scalability, flexibility, and cost-efficiency. However, with this rapid adoption comes a new wave of challenges and most notably, the risk posed by cloud misconfigurations. These subtle yet significant errors can open doors to costly data breaches and compliance failures, often leaving businesses blindsided. Understanding the impact of cloud misconfigurations and implementing effective prevention strategies are crucial steps for organizations aiming to secure their cloud environments.The Growing Need for Cloud SecurityThe allure of cloud technology is undeniable, but its very design being an agile and adaptable infrastructure can also make it susceptible to human error. As more businesses transition to cloud-based services, the attack surface expands, increasing the risk of exposure due to misconfigured resources. A simple oversight, such as improperly set permissions or public-facing resources, can make sensitive data accessible to unauthorized users.Misconfigurations are not just minor slip-ups; they are often critical vulnerabilities that attackers seek out. According to industry reports, cloud misconfigurations account for a significant portion of data breaches. Gartner predicts that through 2025, 99% of cloud security failures will be the customers fault, primarily due to misconfigurations.Related:In 2017, there was a data breach involving a large US credit reporting agency. The breach, caused by a failure to patch a known vulnerability and improper cloud security settings, led to the exposure of personal information belonging to over 145 million consumers. The fallout included fines, lawsuits, and a significant loss of consumer trust.In June 2023, Toyota Motor Corporation disclosed that a cloud misconfiguration exposed vehicle data and customer information for over eight years, affecting approximately 260,000 customers.Similarly, a 2023 report by the Cloud Security Alliance highlighted that misconfigurations are a leading cause of cloud security incidents, with 75% of security failures resulting from inadequate management of identities, access, and privileges.These incidents demonstrate that cloud misconfigurations are not isolated events but a widespread issue with the potential to disrupt businesses across various industries.Prevention Techniques: Best Practices for Secure Cloud ConfigurationsTo mitigate the risk of cloud misconfigurations, businesses must adopt an energetic approach rooted in strong security practices. Below are key strategies to help organizations bolster their cloud security posture:Related:Adopt the principle of least privilege: One of the most fundamental security principles is limiting access to data and systems based on user roles. Implement role-based access controls (RBAC) to ensure that employees only have access to the resources they need to perform their job functions.Continuous monitoring and auditing: The dynamic nature of cloud environments requires ongoing vigilance. Utilize monitoring tools to track changes and audit logs for unusual activity. This real-time awareness can help detect misconfigurations before they are exploited.Automated configuration management: Manual configuration processes are prone to human error. Automation tools such as infrastructure as dode (IaC) solutions, like Terraform and Ansible, can help standardize and automate cloud configurations, minimizing the likelihood of mistakes.Security training and awareness: Equip the IT and security teams with regular training on cloud security best practices. The landscape of threats is constantly evolving, and up-to-date knowledge is essential for staying ahead of potential vulnerabilities.Encryption and data masking: Sensitive data should be encrypted both in transit and at rest. Implement data masking techniques where possible to reduce the risk associated with data exposure due to misconfigurations.Regular compliance checks: Ensure that the cloud environment aligns with industry standards such as CIS Benchmarks and frameworks like NIST and ISO 27001. Regular compliance checks can help identify gaps and fortify your security posture.Related:Tools to Strengthen Cloud SecurityLeveraging the right tools is essential for preventing cloud misconfigurations. Here are some notable options:Cloud security posture management (CSPM) Tools: CSPM solutions like Prisma Cloud and AWS Config help organizations monitor and remediate misconfigurations in real-time.Cloud workload protection platforms (CWPP): Tools such as Lacework and CrowdStrike Falcon offer comprehensive visibility into cloud workloads, allowing for better threat detection and response.IaC scanning tools: Solutions like Checkov and KICS scan IaC templates for security issues, ensuring that vulnerabilities are caught before deployment.Threat detection services: AWS GuardDuty and Azure Security Center provide advanced threat intelligence and automated alerts, enabling faster response to potential security incidents.Moving Forward: A Culture of SecurityPreventing cloud misconfigurations requires more than just technology. it mandates a culture of security within an organization. This means fostering cross-functional collaboration between IT, security, and development teams, emphasizing the importance of secure coding practices and adherence to security protocols.Cloud security is a shared responsibility. While cloud providers offer robust infrastructure and built-in tools to help secure data, the onus ultimately lies with businesses to configure and manage their environments properly. By implementing best practices, employing effective tools, and nurturing a security-first mindset, organizations can significantly reduce the risk of cloud misconfigurations and the costly repercussions that come with them.The era of cloud computing is here to stay. To thrive in this new landscape, businesses must remain vigilant and committed to safeguarding their digital assets against the silent threat of misconfigurations.About the AuthorVenkata NedunooriAssociate Director, Dentsu InternationalVenkata Nedunoori is a seasoned technology leader and IEEE Senior Member with experience across industries such as insurance, securities, airlines, and media. He specializes in designing and implementing advanced cloud-based solutions, focusing on scalable, secure, and cost-efficient platforms. A recognized speaker, Venkata is passionate about the intersection of cloud security and artificial intelligence, continually exploring ways to strengthen digital landscapes.See more from Venkata NedunooriNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeReportsMore Reports

About the Program:Every year, Ideate Labs sponsors 2 UX interns to join our 4-Month Live UX cohort that takes place in the fall and spring seasons. Our UX interns join our cohort and work through the end-to-end UX design and UX research process for a startup idea of their choice that will help them attract hiring managers in that topic space or industry. Interns take our program for free and receive 1:1 mentorship throughout the 4-month program, as well as 1:1 UX career coaching support for up to 3 months after the program ends. Alumni UX interns go on to make between $85,000 -$150,000 in UX design, product design, UX research, or service design roles after they complete the program. Ideate Labs is committed to helping women, immigrants and POC break into tech and land 6-figure UX jobs. We help you land 6-figure UX jobs or coach you till you get it.UX Internship Requirements:This internship program is open to new grads and UX career changers alike! Here are some internship requirements to keep in mind before applying:Interested in UX career paths in UX research, UX design, product design or service designWilling to commit 5-10 hours of work per week to complete program deliverablesWilling to attend 2-3 hour weekend lectures to learn the end-to-end design processOpen to feedback from UX mentors and demonstrates a willingness to revise design workUX Internship Program Learnings:Build digital products and services 0-1Lead end-to-end design process for a startup idea or topic of your choiceLead product scoping and feature scoping, as well as entire project managementIdentify target market for product and position product for launch successDevelop a business model for the product or service and demonstrate how the product/service will scale as the business model scalesLead discovery research by managing user recruitment, creating research plans, writing interview guides, leading 8-16 discovery interviews, and synthesizing interview insightsDeliver a compelling UX design and business pitch for your startup idea, showcasing both qualitative and quantitative data to justify the problem space and the solutionTell a compelling story about users by showcasing user types, personas, stakeholder maps, journey maps, process maps, service blueprints, ideation matrixes, sketches, wireframes, UX workflows, prototypes and other visual deliverablesLead user testing of wireframes and prototypes to improve product/service usability and constantly iterate on your startup ideaDesign a unqiue design system for your solution from scratch, creating components, a style guide, and branding for your solutionAnalyze direct and indirect competitors to clearly articulate your solution's differentiators and why your solution is innovative and more likely to succeed over competing optionsHow to Apply:After applying online, you will receive UX tips and challenges via email to help you with your transition into UX and will be contacted by Ideate Labs if you are being considered for the apprentice program. Once contacted, you will go through a brief interview process before joining the cohort. We accept apprentices on a rolling basis so please apply to this only once.RequirementsWe especially consider folks with a curious, empathetic, learning mindset for this program.