Organisations increasingly rely on cloud services to drive innovation and operational efficiency, and as more artificial intelligence (AI) workloads use public cloud-based AI acceleration, organisations’ AI strategies are linked to the security and availability of these services.
However, as John Bruce, chief information security officer (CISO) at Quorum Cyber, points out, CISOs face the persistent challenge of figuring out how to map a cloud provider’s service level agreement (SLA), which does not align with the enterprise’s security and availability requirements (see box: A strategic framework for SLA gap management).
Aditya Sood, vice-president of security engineering and AI strategy at Aryaka, says that while SLAs typically cover metrics like uptime, support response times and service performance, they often overlook critical elements such as data protection, breach response and regulatory compliance.
This, he says, creates a responsibility gap, where assumptions about who is accountable can lead to serious blind spots. For instance, a customer might assume that the cloud provider’s SLA guarantees data protection, only to realise that their own misconfigurations or weak identity management practices have led to a data breach.
“Organisations may mistakenly believe their provider handles more than it does, increasing the risk of non-compliance, security incidents and operational disruptions,” he says.
Sood recommends that IT decision-makers ensure they take into account the nuances between SLA commitments and shared security responsibilities. He believes this is vital for organisations to make the most of cloud services without undermining resilience or regulatory obligations.
In Bruce’s experience, misalignment of an SLA with corporate IT requirements is more common than many leaders realise. “Whether it’s a cutting-edge AI platform from a startup, specialised software as a service (SaaS) with limited security guarantees, or even established cloud providers whose standard SLAs fall short of regulatory requirements, the gap between what providers offer and what enterprises need can be substantial,” he says.
According to Bruce, the modern cloud ecosystem presents a complex landscape. He says: “While major cloud providers like AWS [Amazon Web Services], [Microsoft] Azure and Google Cloud have matured their security offerings and SLAs considerably, the broader ecosystem includes thousands of specialised providers.”
Bruce notes that while many offer innovative capabilities that can provide significant competitive advantages, their SLAs often reflect their size, maturity, or focus areas rather than enterprise security requirements.
For instance, IT decision-makers can face an innovation paradox. This occurs, says Bruce, if a promising AI or machine learning (ML) platform offers breakthrough capabilities but provides only basic security guarantees and 99.5% uptime commitments when the organisation requires 99.99% availability.
While an SLA guarantees the cloud provider’s commitment to “the security of the cloud”, ensuring the underlying infrastructure’s uptime, resilience and core security, in Sood’s experience, it explicitly does not cover the customer’s responsibilities for security in the cloud.
He says that even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages, effectively nullifying the perceived security and uptime benefits of the provider’s SLA.
Even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages
Another factor to consider is what Bruce calls the “compliance gap”. This is when the SaaS provider offers essential functionality, but its data residency, encryption or audit logging capabilities do not meet the regulatory requirements of the organisation.
Then there is the case of a service provider’s inability to scale to meet certain requirements needed by enterprise IT. This “scale mismatch”, as Bruce calls it, occurs in a situation where the specialised software house provides unique industry-specific tools, but its incident response procedures and security monitoring do not meet enterprise standards.
Sood recommends using a shared responsibility model (SRM), which plays a central role in defining how security and operational duties are split between cloud providers and their customers. The SRM directly impacts the adequate security and availability experienced by the enterprise, making diligent customer-side security practices crucial for realising the full value of any cloud SLA.
Public cloud lock-in
Beyond managing how responsibility for IT security is coordinated, IT leaders should also be wary of the extent to which they use the value-added services provided in a public cloud platform.
For instance, egress fees to transfer data out of a public provider’s datacentre are opaque. McCluggage says that egress fees combined with proprietary application programming interfaces (APIs) and binding enterprise agreements often make the cost of switching public cloud providers too high.
“Beyond just stifling competition, this lock-in also undermines the UK government’s ambition to become an AI powerhouse. With AI workloads increasingly dependent on high-performance cloud infrastructure, continuing to rely on just two dominant hyperscalers risks concentrating capability, control and innovation in the hands of a few,” he says.
According to McCluggage, customers using certain public cloud services can face “economic entrapment”. As an example, Microsoft’s recent Office 365 Personal and Family subscriptions price increase in the UK – from £59.99 to £84.99 – was justified by the addition of AI-powered Copilot features.
“Customers can avoid the hike by choosing the ‘Classic’ subscription,” says McCluggage, pointing out that Microsoft has made this subscription much harder for people to find. “Most individuals – and organisations – won’t know they have a choice until it’s too late. This isn’t value creation,” he adds.
Being realistic about contract terms
The cloud ecosystem will continue to evolve, with new providers offering compelling capabilities alongside varying security guarantees. Quorum Cyber’s Bruce warns that attempting to eliminate all SLA gaps would mean forgoing potentially transformative technologies. Instead, he says, successful CISOs need to develop frameworks for making informed risk decisions that enable innovation while maintaining appropriate controls.
“By taking a structured approach to SLA gap management, organisations can access innovative cloud services while maintaining strong security postures and regulatory compliance,” says Bruce, for whom the key is moving beyond simple accept/reject decisions to sophisticated risk management that enables business objectives while protecting against genuine threats.
Organisations that develop mature approaches to SLA gap management will be best positioned to take advantage of these innovations while maintaining appropriate risk management standards.
Every technology decision involves risk trade-offs. Should IT make the most of new cloud and AI innovation, even if it may not fully meet corporate IT standards, or go with established public cloud providers where there is the potential of being locked in and facing the opaque egress fees that McCluggage refers to.
Aryaka’s Sood urges IT decision-makers to adopt proactive governance, risk and compliance (GRC) by updating the organisation’s internal security policies and procedures to account for the new cloud service and its specific risk profile. “Map the provider’s security controls and your compensating controls directly to relevant regulatory requirements,” he says.
Sood also suggests that IT leaders should ensure documentation of the organisation’s risk assessments, mitigation strategies and any formal risk acceptance decisions are meticulously managed.
By adopting these strategies, IT and security leaders can confidently embrace innovative cloud technologies, minimising inherent risks and ensuring a strong compliance posture, even when faced with SLAs that don’t initially meet all desired criteria.
With such measures and policies in place, IT decision-makers understand the risk and their mitigation strategies, which should put them in a better place to select the best AI and cloud innovations for their organisations. “The question isn’t whether to accept risk, but how to manage it intelligently in pursuit of business objectives,” says Bruce.
After-Christmas deals are an excellent way to redeem any gift cards or cash you got for Christmas. You can purchase something you actually want, and you can do it for less money than usual. I’ve scoured the Internet for truly good after-Christmas deals on the gear that we’ve hand-tested on the WIRED Reviews team. Many of these sales will end this weekend, so keep that in mind while you’re shopping. Find all the highlights below.
We love this beefy power bank. Its 25,000-mAh capacity is more than enough for fully charging your iPhone between 4 and 6 times, and it can deliver up to 165 watts to two devices meaning that you can charge your laptop, gaming console, or anything else you fancy. The built-in USB-C cable doubles as a carrying loop. There’s also a nifty display that’ll give you at-a-glance information on remaining battery, temperature, charging speeds, and more. It has pass-through charging support and only takes about two hours to fully recharge. This deal price matches what we saw on Black Friday.
Google Pixel 10 for $599 ($200 off)
Photograph: Julian Chokkattu
Photograph: Julian Chokkattu
Photograph: Julian Chokkattu
Google
Pixel 10, Pixel 10 Pro, and Pixel 10 Pro XL
There was an on-page coupon (PIXEL10) that had the best price we’ve tracked for any of the phones in the Google Pixel 10 lineup. That coupon is not available as of Saturday morning, but it may be back—clip it if you see it. This is still a good deal on the smartest Android phones you can buy, with fantastic cameras, snappy processors, gorgeous displays, and more AI integration than the average person needs. Check out our dedicated buying guide to figure out which Google Pixel 10 is right for you. If you’re in the market for an upgrade, now is a good time to buy considering that we’ve never seen any phone in this flagship lineup sell for less.
Bruvi BV-01 Brewer Bundle for $228 ($120 off)—Clip the Coupon
Photograph: Louryn Strampe
I’ve tested a lot of pod coffee makers, and the Bruvi BV-01 is my favorite. This deal price is the best we see outside of special events like Black Friday and Cyber Monday. The brewer is cute and looks great on a counter, with a large reservoir, an intuitive touchscreen display, and a built-in wastebin that collects used pods for you. The best part are the proprietary B-Pods, which are designed to biodegrade in a landfill. The bundle gets you the machine plus an assortment of bestselling coffee and espresso pods to get you started.
Fitbit Charge 6 for $100 ($60 off)
The Fitbit Charge 6 has been at the top of our fitness tracker buying guide since we first tested it. It’s attractive, affordable, accessible, and on sale for a match of the best deal we’ve seen. It’ll play well with iOS and Android, and it has a solid suite of features that’ll cover almost anyone’s needs—including skin temperature, heart rate readings, ECGs, activity and workout tracking, and more. The battery lasts for at least a week on a single charge. This deal comes with a six-month subscription to Fitbit Premium, which normally costs $10 per month.
Hydro Flask Standard Mouth Water Bottle for $30 ($10 off)
Photograph: Dick’s Sporting Goods
Hydro Flask
Standard Mouth Water Bottle
This budget-friendly deal gets you a steal on the best reusable water bottle. Hydro Flask bottles are durable, portable, and easy to cover in all the stickers you’ve been hoarding. The handle is flexible, the bottle is leakproof, and every component is dishwasher safe (though you may want to opt for hand-washing if you do end up plastering it in stickers). A few different colors are on sale at this price.
Beats Powerbeats Pro 2 for $200 ($50 off)
If hitting the gym is one of your New Year’s resolutions for 2026, the Beats Powerbeats Pro 2 are worth considering. They’re the best workout headphones we’ve tested thanks to their comfortable and ergonomic fit, noise cancelation, spatial audio, a heart rate monitor, and the fact that they play well with both iOS and Android phones. The sound is solid, the battery life is good, and they’re water-resistant. This deal price comes within $20 of the best we’ve seen. Every color—orange, lavender, grey, and black—is on sale.
The most immediately striking difference is that Hyperkin’s product swaps the typical Xbox approach of asymmetric thumbsticks for the PlayStation’s horizontal layout. It also separates the D-pad (it’s one piece inside the pad, but splits its cardinal directions so each appears to be its own button), while the ABXY face buttons are spaced slightly further apart. Where the DualSense’s touchpad would sit, we have the Xbox home, menu, view, and share buttons, all blended in rather smartly. An LED ring around the home button just about echoes the lights running the periphery of the DualSense’s touchpad, although it’s really more of an inversion of the regular Xbox controller, where the home button itself lights up.
The Competitor’s thumbsticks come equipped with thumbcaps that mirror the PS5’s, an outer ring with a convex central point, but a pair of Xbox-standard concave caps are included. These easily pop on and off, and can be mixed and matched, if you were so (strangely) inclined.
There are two areas where this departs from both the standard Xbox and PlayStation controllers in terms of inputs. The first is the presence of two programmable rear buttons, M1 and M2. By default, these duplicate the input of the A and B buttons, but holding down the Mode button between them lets you remap them. There are also physical button locks to prevent their use entirely. The other is that while the Competitor boasts a 3.5-mm headphone jack like Microsoft’s official pad, it adds a built-in audio mute button, hidden in the black between the thumbsticks—a nice little upgrade.
Oddly Familiar
In use, the Competitor feels … well, a lot like a PS5 pad. The slightly wider grip fits in the hand comfortably, all inputs are accessible, and those symmetrical thumbsticks sit nicely in reach for all but the smallest hands. A microtextured underside provides a solid grip that, when coupled with its 232-gram weight, makes the Competitor feel particularly suited to longer play periods. It’s all very familiar if you’re already a multiformat gamer, to the extent that it sometimes slightly threw my muscle memory off, reaching a thumb out to do a PlayStation touchpad function and finding only the Xbox system buttons.
When US president Donald Trump launched his own meme cryptocurrency on January 17, days before his return to the White House, I was halfway up a Swiss alp, attending a crypto conference in the town of St. Moritz.
Over lunch on the second day of the conference, beneath the ornate stucco ceiling and golden chandeliers of the venue’s dining hall, I located a table designated for a conversation about memecoins. Whereas other tables were half full, the memecoin workshop was oversubscribed; latecomers pulled up chairs to create two full rows.
The discussion was led by Nagendra Bharatula, founder of investment firm G-20 Group. Bharatula had recently coauthored a paper arguing that memecoins, despite their juvenile spirit, had a place in professional investors’ portfolios. In the six months prior, a basket of 25 “bluechip memecoins”—an oxymoron if ever there was one—had outperformed bitcoin by 150 percent, he pointed out. Some of the attendees murmured their approval.
Since then, the shine has come off the memecoin market. The paper value of Trump’s coin, which climbed to a peak of $14 billion two days after its launch, has cratered to roughly $1 billion. Hundreds of thousands of small investors lost their shirts. Pump.Fun’s daily revenue, a proxy for the overall appetite for memecoin trading, is barely more than a tenth of what it was in January. The memecoin gold rush has spawned a raft of litigation.
Next up: the stablecoin. If memecoins are symbolic of reckless abandon and unflinching profiteering in cryptoland, stablecoins are a symbol of the industry’s search for purpose and respectability. Designed to hold a steady $1 valuation, stablecoins are pitched by proponents as a faster and cheaper way to make everyday payments and international money transfers.
Though stablecoins have been around since 2014, they have predominantly been used by crypto traders as a safe harbor during bouts of market volatility, not by regular people. The concept has also faced resistance from regulators skeptical of a new form of money; Diem, a stablecoin venture incubated at Meta, famously shuttered in 2022 in the face of broad-based opposition.
.png){kind=tracking}
-Reviewer-Photo-SOURCE-Ryan-Waniata.jpg)
Entertainment1 week ago
Entertainment1 week ago
Tech1 week ago
Fashion1 week ago