Organisations increasingly rely on cloud services to drive innovation and operational efficiency, and as more artificial intelligence (AI) workloads use public cloud-based AI acceleration, organisations’ AI strategies are linked to the security and availability of these services.
However, as John Bruce, chief information security officer (CISO) at Quorum Cyber, points out, CISOs face the persistent challenge of figuring out how to map a cloud provider’s service level agreement (SLA), which does not align with the enterprise’s security and availability requirements (see box: A strategic framework for SLA gap management).
Aditya Sood, vice-president of security engineering and AI strategy at Aryaka, says that while SLAs typically cover metrics like uptime, support response times and service performance, they often overlook critical elements such as data protection, breach response and regulatory compliance.
This, he says, creates a responsibility gap, where assumptions about who is accountable can lead to serious blind spots. For instance, a customer might assume that the cloud provider’s SLA guarantees data protection, only to realise that their own misconfigurations or weak identity management practices have led to a data breach.
“Organisations may mistakenly believe their provider handles more than it does, increasing the risk of non-compliance, security incidents and operational disruptions,” he says.
Sood recommends that IT decision-makers ensure they take into account the nuances between SLA commitments and shared security responsibilities. He believes this is vital for organisations to make the most of cloud services without undermining resilience or regulatory obligations.
In Bruce’s experience, misalignment of an SLA with corporate IT requirements is more common than many leaders realise. “Whether it’s a cutting-edge AI platform from a startup, specialised software as a service (SaaS) with limited security guarantees, or even established cloud providers whose standard SLAs fall short of regulatory requirements, the gap between what providers offer and what enterprises need can be substantial,” he says.
According to Bruce, the modern cloud ecosystem presents a complex landscape. He says: “While major cloud providers like AWS [Amazon Web Services], [Microsoft] Azure and Google Cloud have matured their security offerings and SLAs considerably, the broader ecosystem includes thousands of specialised providers.”
Bruce notes that while many offer innovative capabilities that can provide significant competitive advantages, their SLAs often reflect their size, maturity, or focus areas rather than enterprise security requirements.
For instance, IT decision-makers can face an innovation paradox. This occurs, says Bruce, if a promising AI or machine learning (ML) platform offers breakthrough capabilities but provides only basic security guarantees and 99.5% uptime commitments when the organisation requires 99.99% availability.
While an SLA guarantees the cloud provider’s commitment to “the security of the cloud”, ensuring the underlying infrastructure’s uptime, resilience and core security, in Sood’s experience, it explicitly does not cover the customer’s responsibilities for security in the cloud.
He says that even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages, effectively nullifying the perceived security and uptime benefits of the provider’s SLA.
Even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages
Another factor to consider is what Bruce calls the “compliance gap”. This is when the SaaS provider offers essential functionality, but its data residency, encryption or audit logging capabilities do not meet the regulatory requirements of the organisation.
Then there is the case of a service provider’s inability to scale to meet certain requirements needed by enterprise IT. This “scale mismatch”, as Bruce calls it, occurs in a situation where the specialised software house provides unique industry-specific tools, but its incident response procedures and security monitoring do not meet enterprise standards.
Sood recommends using a shared responsibility model (SRM), which plays a central role in defining how security and operational duties are split between cloud providers and their customers. The SRM directly impacts the adequate security and availability experienced by the enterprise, making diligent customer-side security practices crucial for realising the full value of any cloud SLA.
Public cloud lock-in
Beyond managing how responsibility for IT security is coordinated, IT leaders should also be wary of the extent to which they use the value-added services provided in a public cloud platform.
For instance, egress fees to transfer data out of a public provider’s datacentre are opaque. McCluggage says that egress fees combined with proprietary application programming interfaces (APIs) and binding enterprise agreements often make the cost of switching public cloud providers too high.
“Beyond just stifling competition, this lock-in also undermines the UK government’s ambition to become an AI powerhouse. With AI workloads increasingly dependent on high-performance cloud infrastructure, continuing to rely on just two dominant hyperscalers risks concentrating capability, control and innovation in the hands of a few,” he says.
According to McCluggage, customers using certain public cloud services can face “economic entrapment”. As an example, Microsoft’s recent Office 365 Personal and Family subscriptions price increase in the UK – from £59.99 to £84.99 – was justified by the addition of AI-powered Copilot features.
“Customers can avoid the hike by choosing the ‘Classic’ subscription,” says McCluggage, pointing out that Microsoft has made this subscription much harder for people to find. “Most individuals – and organisations – won’t know they have a choice until it’s too late. This isn’t value creation,” he adds.
Being realistic about contract terms
The cloud ecosystem will continue to evolve, with new providers offering compelling capabilities alongside varying security guarantees. Quorum Cyber’s Bruce warns that attempting to eliminate all SLA gaps would mean forgoing potentially transformative technologies. Instead, he says, successful CISOs need to develop frameworks for making informed risk decisions that enable innovation while maintaining appropriate controls.
“By taking a structured approach to SLA gap management, organisations can access innovative cloud services while maintaining strong security postures and regulatory compliance,” says Bruce, for whom the key is moving beyond simple accept/reject decisions to sophisticated risk management that enables business objectives while protecting against genuine threats.
Organisations that develop mature approaches to SLA gap management will be best positioned to take advantage of these innovations while maintaining appropriate risk management standards.
Every technology decision involves risk trade-offs. Should IT make the most of new cloud and AI innovation, even if it may not fully meet corporate IT standards, or go with established public cloud providers where there is the potential of being locked in and facing the opaque egress fees that McCluggage refers to.
Aryaka’s Sood urges IT decision-makers to adopt proactive governance, risk and compliance (GRC) by updating the organisation’s internal security policies and procedures to account for the new cloud service and its specific risk profile. “Map the provider’s security controls and your compensating controls directly to relevant regulatory requirements,” he says.
Sood also suggests that IT leaders should ensure documentation of the organisation’s risk assessments, mitigation strategies and any formal risk acceptance decisions are meticulously managed.
By adopting these strategies, IT and security leaders can confidently embrace innovative cloud technologies, minimising inherent risks and ensuring a strong compliance posture, even when faced with SLAs that don’t initially meet all desired criteria.
With such measures and policies in place, IT decision-makers understand the risk and their mitigation strategies, which should put them in a better place to select the best AI and cloud innovations for their organisations. “The question isn’t whether to accept risk, but how to manage it intelligently in pursuit of business objectives,” says Bruce.
Credit: Communications of the ACM (2025). DOI: 10.1145/3737696
As the C language, which forms the basis of critical global software like operating systems, faces security limitations, KAIST’s research team is pioneering core original technology research for the accurate automatic conversion to Rust to replace it. By proving the mathematical correctness of the conversion, a limitation of existing artificial intelligence (LLM) methods, and solving C language security issues through automatic conversion to Rust, they presented a new direction and vision for future software security research.
The paper by Professor Sukyoung Ryu’s research team from the School of Computing was published in the November issue of Communications of the ACM and was selected as the cover story.
The C language has been widely used in the industry since the 1970s, but its structural limitations have continuously caused severe bugs and security vulnerabilities. Rust, on the other hand, is a secure programming language developed since 2015, used in the development of operating systems and web browsers, and has the characteristic of being able to detect and prevent bugs before program execution.
The U.S. White House recommended discontinuing the use of C language in a technology report released in February 2024, and the Defense Advanced Research Projects Agency (DARPA) also explicitly stated that Rust is the core alternative for resolving C language security issues by promoting a project to develop technology for the automatic conversion of C code to Rust.
Professor Ryu’s research team proactively raised the issues of C language safety and the importance of automatic conversion even before these movements began in earnest, and they have continuously developed core related technologies.
In May 2023, the research team presented the Mutex conversion technology (necessary for program synchronization) at ICSE (International Conference on Software Eng). In June 2024, they presented the Output Parameter conversion technology (used for result delivery) at PLDI (Programming Language Design and Implementation), and in October of the same year, they presented the Union conversion technology (for storing diverse data together) at ASE (Automated Software Eng).
Dr. Jaemin Hong stated, “The conversion technology we developed is an original technology based on programming language theory, and its biggest strength is that we can logically prove the ‘correctness’ of the conversion.” He added, “While most research relies on large language models (LLMs), our technology can mathematically guarantee the correctness of the conversion.”
Dr. Hong is scheduled to be appointed as an assistant professor in the Computer Science Department at UNIST starting in March 2025.
In addition, Professor Ryu’s research team has four papers, including C→Rust conversion technology, accepted for presentation at ASE 2025 held in Seoul, South Korea, Nov. 16–20.
These papers, in addition to automatic conversion technology, cover various cutting-edge software engineering fields. They include: technology to verify whether quantum computer programs operate correctly, “WEST” technology that automatically checks the correctness of WebAssembly programs (technology for fast and efficient program execution on the web) and creates tests for them, and technology that automatically simplifies complex WebAssembly code to quickly find errors. Among these, the WEST paper received the Distinguished Paper Award.
More information:
Jaemin Hong et al, Automatically Translating C to Rust, Communications of the ACM (2025). DOI: 10.1145/3737696
Citation:
Automatic C to Rust translation technology provides accuracy beyond AI (2025, November 11)
retrieved 11 November 2025
from https://techxplore.com/news/2025-11-automatic-rust-technology-accuracy-ai.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
1Password has long been one of our favorite password managers. It’s our upgrade pick for all the extra features it offers compared to other password managers. 1Password has apps that work just about everywhere, including on macOS, iOS, Android, Windows, Linux, and ChromeOS. There are plug-ins for your favorite web browser too, which makes it easy to generate and edit new passwords on the fly.
What Are the Benefits of 1Password?
There are also some very nice features in 1Password that you won’t find elsewhere. If you frequently travel across national borders, you’ll appreciate Travel Mode. This mode lets you delete any sensitive data from your devices before you travel and then restore it with a click after you’ve crossed a border. This prevents anyone, including law enforcement at international borders, from accessing your complete password vault. In addition to being a password manager, 1Password can act as an authentication app like Google Authenticator, and for added security it creates a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key.
1Password also offers tight integration with other mobile apps. Rather than needing to copy and paste passwords from your password manager to other apps (which puts your password on the clipboard at least for a moment), 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted.
You can get savings on the company’s suite of products with our 1Password coupons and deals.
How Much Is a 1Password Password Manager Plan?
The price of a 1Password Password manager plan varies by plan, with the annual plan discounted up to 28% off for committing yearly. The plans vary, with an individual plan at $3 per month, family plan at $5 per month, the Teams starter pack (with up to 10 users a month) at $20 per month, and business at $8 per month per user.
If you don’t want to commit to a yearly plan—and score massive savings—those plans are a bit more expensive. Monthly individual plans are $4 per month, family is $7 per month, Teams starter pack (with up to 10 users a month) is $25 per month, and business is $10 per month, per user.
Best Password Manager 2025
1Password just may be the best password manager of 2025. We named it the “best upgrade,” because of its impressive and comprehensive suite of additional security features, like Secret Key and secure travel mode. There are tons of features included that are similar to Bitwarden, Dashlane, Lastpass, NordPass, RoboForm, Enpass, KeePass, and YubiKey. But unlike others, 1Password password manager includes additional security features like a Secret Key for additional protection and a more secure travel mode. We also love 1Password’s intuitive interface which makes it simple for families to choose and share logins across devices.
Enjoy a 14-Day 1Password Free Trial
Not sure if 1Password is right for you? Try it free for 14 days! No credit card required, you get full access to premium features and cancel anytime. Free trials are available for Teams Starter Pack, Business, and Individual & Families plans.
I’ve been hooked on smoothies in an almost superstitious way ever since college: A fruit smoothie is like a good luck charm, promising the health you feel you deserve despite all your other bad decisions. But in my more recent adult life, a good blender is the passport to taqueria salsas, Oaxacan-style mole, and all the delicate emulsions I once had to buy at restaurants and in jars.
Well, Vitamix crushes the blender game, but usually comes with a price tag to match. Luckily Vitamix promo codes crop up at various points during the year, and we’re here to help you stay up to date on those discounts.
Vitamix New Ascent X5 With Stainless Steel Container
Vitmix’s top-of-the-line blender model, Ascent X5, is now constructed with a stainless steel container. The 48-ounce stainless steel container is not only huge and hygienic, the machine itself combines an intuitive touch interface with a refined, timeless design. The non-reactive stainless steel material resists stains, odors, and corrosion, and expertly handles hot, cold, and acidic ingredients. This futuristic gadget also has an automatic self-cleaning program and ten blending programs for popular items like smoothies, soups, frozen cocktails and more for a precise blend, every time.
Get a $25 Vitamix Promo Code Plus Free Shipping
Vitamix has tons of ways to save on these handy kitchen gear items, including $25 off when you register your email. All you have to do is input your email on Vitamix’s website, and you’ll get a discount of up to $25 sent straight to your inbox. Plus, you’ll get free shipping on orders of $100 or more.
Does Vitamix Offer Free Shipping?
Glad you asked. Vitamix is offering free standard shipping for orders above $99. This pretty much means that ground shipping is free for blenders at the current discounts. Priority shipping is not free, however.
The WIRED Gear Team’s Favorite Vitamix Blenders
WIRED has long been singing the praises of the classic Vitamix 5200. The model made a blender convert out of contributing reviewer Joe Ray after he realized that the “model of preference for blender aficionados around the world” was also his key to home mole and Oaxacan-style cookery.
A similar road-to-Damascus moment beset WIRED contributing reviewer Heather Arndt Anderson when she tested the Vitamix Ascent X2, also currently on a $50 promo discount. “The more I thought about it,” she wrote, “the more I realized that maybe I’ve never been a blender person because I never had a good blender.” Anderson also made a big batch of mole and avoided passing out from chile fumes, then moved on to homemade masa and a Georgian walnut spread. She regretted only that the blender wasn’t easier to clean.
After testing through a number of brands’ blenders, WIRED contributing reviewer Emily Peck marveled that even the basic Vitamix Explorian E310 churned almonds frictionlessly into butter without even need of a presoak.
Additional Vitamix Deals and Sales in 2025
Vitamix tends to offer a number of other deals and sales throughout the year, like Presidents Day, but the next one won’t crop up till Mother’s Day. Other deals to expect crop up during the summer, alongside the eternal Black Friday and Cyber Monday Deals.
Entertainment1 week ago
Tech1 week ago
Politics1 week ago
Sports1 week ago
Politics1 week ago
Entertainment1 week ago
Fashion1 week ago