Organisations increasingly rely on cloud services to drive innovation and operational efficiency, and as more artificial intelligence (AI) workloads use public cloud-based AI acceleration, organisations’ AI strategies are linked to the security and availability of these services.
However, as John Bruce, chief information security officer (CISO) at Quorum Cyber, points out, CISOs face the persistent challenge of figuring out how to map a cloud provider’s service level agreement (SLA), which does not align with the enterprise’s security and availability requirements (see box: A strategic framework for SLA gap management).
Aditya Sood, vice-president of security engineering and AI strategy at Aryaka, says that while SLAs typically cover metrics like uptime, support response times and service performance, they often overlook critical elements such as data protection, breach response and regulatory compliance.
This, he says, creates a responsibility gap, where assumptions about who is accountable can lead to serious blind spots. For instance, a customer might assume that the cloud provider’s SLA guarantees data protection, only to realise that their own misconfigurations or weak identity management practices have led to a data breach.
“Organisations may mistakenly believe their provider handles more than it does, increasing the risk of non-compliance, security incidents and operational disruptions,” he says.
Sood recommends that IT decision-makers ensure they take into account the nuances between SLA commitments and shared security responsibilities. He believes this is vital for organisations to make the most of cloud services without undermining resilience or regulatory obligations.
In Bruce’s experience, misalignment of an SLA with corporate IT requirements is more common than many leaders realise. “Whether it’s a cutting-edge AI platform from a startup, specialised software as a service (SaaS) with limited security guarantees, or even established cloud providers whose standard SLAs fall short of regulatory requirements, the gap between what providers offer and what enterprises need can be substantial,” he says.
According to Bruce, the modern cloud ecosystem presents a complex landscape. He says: “While major cloud providers like AWS [Amazon Web Services], [Microsoft] Azure and Google Cloud have matured their security offerings and SLAs considerably, the broader ecosystem includes thousands of specialised providers.”
Bruce notes that while many offer innovative capabilities that can provide significant competitive advantages, their SLAs often reflect their size, maturity, or focus areas rather than enterprise security requirements.
For instance, IT decision-makers can face an innovation paradox. This occurs, says Bruce, if a promising AI or machine learning (ML) platform offers breakthrough capabilities but provides only basic security guarantees and 99.5% uptime commitments when the organisation requires 99.99% availability.
While an SLA guarantees the cloud provider’s commitment to “the security of the cloud”, ensuring the underlying infrastructure’s uptime, resilience and core security, in Sood’s experience, it explicitly does not cover the customer’s responsibilities for security in the cloud.
He says that even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages, effectively nullifying the perceived security and uptime benefits of the provider’s SLA.
Even if a provider’s SLA promises 99.99% uptime for its infrastructure, a customer’s misconfigurations, weak identity management or unpatched applications can still lead to data breaches or service outages
Another factor to consider is what Bruce calls the “compliance gap”. This is when the SaaS provider offers essential functionality, but its data residency, encryption or audit logging capabilities do not meet the regulatory requirements of the organisation.
Then there is the case of a service provider’s inability to scale to meet certain requirements needed by enterprise IT. This “scale mismatch”, as Bruce calls it, occurs in a situation where the specialised software house provides unique industry-specific tools, but its incident response procedures and security monitoring do not meet enterprise standards.
Sood recommends using a shared responsibility model (SRM), which plays a central role in defining how security and operational duties are split between cloud providers and their customers. The SRM directly impacts the adequate security and availability experienced by the enterprise, making diligent customer-side security practices crucial for realising the full value of any cloud SLA.
Public cloud lock-in
Beyond managing how responsibility for IT security is coordinated, IT leaders should also be wary of the extent to which they use the value-added services provided in a public cloud platform.
For instance, egress fees to transfer data out of a public provider’s datacentre are opaque. McCluggage says that egress fees combined with proprietary application programming interfaces (APIs) and binding enterprise agreements often make the cost of switching public cloud providers too high.
“Beyond just stifling competition, this lock-in also undermines the UK government’s ambition to become an AI powerhouse. With AI workloads increasingly dependent on high-performance cloud infrastructure, continuing to rely on just two dominant hyperscalers risks concentrating capability, control and innovation in the hands of a few,” he says.
According to McCluggage, customers using certain public cloud services can face “economic entrapment”. As an example, Microsoft’s recent Office 365 Personal and Family subscriptions price increase in the UK – from £59.99 to £84.99 – was justified by the addition of AI-powered Copilot features.
“Customers can avoid the hike by choosing the ‘Classic’ subscription,” says McCluggage, pointing out that Microsoft has made this subscription much harder for people to find. “Most individuals – and organisations – won’t know they have a choice until it’s too late. This isn’t value creation,” he adds.
Being realistic about contract terms
The cloud ecosystem will continue to evolve, with new providers offering compelling capabilities alongside varying security guarantees. Quorum Cyber’s Bruce warns that attempting to eliminate all SLA gaps would mean forgoing potentially transformative technologies. Instead, he says, successful CISOs need to develop frameworks for making informed risk decisions that enable innovation while maintaining appropriate controls.
“By taking a structured approach to SLA gap management, organisations can access innovative cloud services while maintaining strong security postures and regulatory compliance,” says Bruce, for whom the key is moving beyond simple accept/reject decisions to sophisticated risk management that enables business objectives while protecting against genuine threats.
Organisations that develop mature approaches to SLA gap management will be best positioned to take advantage of these innovations while maintaining appropriate risk management standards.
Every technology decision involves risk trade-offs. Should IT make the most of new cloud and AI innovation, even if it may not fully meet corporate IT standards, or go with established public cloud providers where there is the potential of being locked in and facing the opaque egress fees that McCluggage refers to.
Aryaka’s Sood urges IT decision-makers to adopt proactive governance, risk and compliance (GRC) by updating the organisation’s internal security policies and procedures to account for the new cloud service and its specific risk profile. “Map the provider’s security controls and your compensating controls directly to relevant regulatory requirements,” he says.
Sood also suggests that IT leaders should ensure documentation of the organisation’s risk assessments, mitigation strategies and any formal risk acceptance decisions are meticulously managed.
By adopting these strategies, IT and security leaders can confidently embrace innovative cloud technologies, minimising inherent risks and ensuring a strong compliance posture, even when faced with SLAs that don’t initially meet all desired criteria.
With such measures and policies in place, IT decision-makers understand the risk and their mitigation strategies, which should put them in a better place to select the best AI and cloud innovations for their organisations. “The question isn’t whether to accept risk, but how to manage it intelligently in pursuit of business objectives,” says Bruce.
You probably already know it’s dangerous to open files from sources you can’t necessarily trust. If you’re an activist or journalist—or anyone who occasionally depends on anonymous tips to do their jobs—you might run into a situation where potentially useful information is inside a Microsoft Word document or PDF file that you can’t exactly vouch for. Wouldn’t it be nice if you could open those files and read them without exposing your device to potential security risks?
Dangerzone is a free and open source tool built for this purpose. Originally built by journalist and security engineer Micah Lee, this application opens files in a sandbox environment with no internet access, then converts the file to an image-based PDF with no scripting enabled. The resulting PDF has any malicious code stripped out and should be safe to open—at least, as safe as anything can be.
“You can think of it like printing a document and then rescanning it to remove anything sketchy, except all done in software,” explains the about page, which includes a lot of fascinating details about how the application works.
To get started, download and install Dangerzone. There are downloads for Windows, macOS, and various Linux systems. The first time you run it there will be a brief setup, after which you can simply drag files to the window.
Photograph: Justin Pot
The application can open and convert PDF, Word, Excel, PowerPoint, Open Office, EPUB, and image files. You can drag and drop multiple documents at once, if you’d like.
After adding documents you will be asked a few questions: where you’d like the resulting files to end up, whether they should open after the conversion is done, and whether you’d like to use optical character recognition (OCR) in order to make the document searchable. You can also move the original, potentially unsafe documents into a subfolder named “unsafe,” helping ensure you don’t confuse them with the newly made safe ones.
I always tell people that the best thing I’ve ever tested for my job here on the WIRED Reviews team is my automatic litter box from Litter-Robot. I recommend every cat owner invest in an automatic litter box. If they can swing it, the Litter-Robot is the best one to invest in. You’ll be able to say goodbye to the days of scooping and smells while this nifty machine does the grunt work for you.
Litter-Robot is the OG automatic litter box, and the name itself has become synonymous with the concept. And that’s not by accident, as the brand makes incredibly well-made, ergonomic products to help the lives of pet parents everywhere. Along with their famous automatic litter boxes, they also make a super sleek automatic pet feeder that I’ve also tested (and loved). These gadgets are an investment, and can be pricey, but we here at WIRED love the brand so much that we’ve rounded up some of the best Litter-Robot promo codes, coupons, and deals to make these life-changing pet machines more affordable. Because your pet (and you) deserve it.
Get $150 Off Litter-Robot Bundles This Month: No Promo Code Needed
One of the best ways to save big without needing a Litter-Robot promo code is to buy in a bundle. Litter-Robot has several bundles that give you all the essentials you’ll need to get started using your automatic litter box, like a litter trapping mat, replacement waste bags, odor eliminators, litter, and more. A bundle is a great way to save money on the purchases you’ll already have to make, without needing a Litter-Robot coupon. You can get $150 off several different bundles, including Litter-Robot 4 models, as well as the newly released Litter-Robot 5 and Litter-Robot EVO models.
Get the Best Deals on the Litter-Robot 4
I’ve tested well over a dozen models of automatic litter boxes from different brands, including several models from Litter-Robot. The one I keep coming back to is my personal favorite, the Litter-Robot 4. Even though the 5 is the newest model (I’ve tested it and I’m in the process of writing the review now), I just can’t quit you, Litter-Robot 4! I still think it’s one of the best automatic litter boxes you can buy: it has a user-friendly, intuitive connected app that isn’t overcrowded or confusing, the drawer is easy to pull out to remove waste, it has buttons on the top to manually change, and it doesn’t take up a large footprint on the floor. Plus, with a variety of discounted bundles to choose from, you won’t even need a Litter-Robot promo code.
Litter-Robot 5 Pro Insights Bundle Discount: $150 Off
As previously mentioned, I just tested the Litter-Robot 5 Pro, part of Litter-Robot’s recently released line of brand new models. I was seriously impressed with this model, which looks super similar to the Litter-Robot 4, but has a built-in camera to see what’s going on inside and outside of the box. The newest model isn’t cheap, but right now, the Litter-Robot 5 Pro Insights Bundle is only $999 ($152 off). This bundle includes the newest Litter-Robot 5 Pro with built-in camera, plus a litter tracking mat and waste drawer liners to get you started. And as an added bonus, Litter-Robot has a 90-day in-home trial, one-year warranty, and free shipping to the lower 48.
Take $50 Off the Litter-Robot EVO Starter Bundle
The Litter-Robot EVO is another newly released model from Litter-Robot, but this one is a more pared-down, basic version that’s streamlined and compact. I personally love the simpler models (hence my paragraph-long love letter to the Litter-Robot 4 above). If you’re someone who doesn’t need to watch a camera feed of your cat peeing and pooing, the EVO is a more affordable, basic option that gets the job done efficiently. Right now, the Litter-Robot EVO Starter Bundle is $782 ($50 off), and has everything you need to get settled with your new auto box, including waste drawer liners, a litter trap mat, a bag of litter, and odor traps to keep things smelling fresh.
Save 35% on Cat Essentials With a Litter-Robot Discount Code
If you live in a big city like me, there’s nothing worse than carrying heavy litter down icy streets or in hot, packed subway cars. Autoshipping my (often heavy) cat essentials has been a game-changer. If you choose autoship, you’ll save 35% on cat essentials like litter, waste drawer liners, odor traps, filters, and more with this Litter-Robot discount code.
{Get 35% Off Litter-Robot Accessories
I love my Litter-Robot 4, but I highly encourage everyone to spring for the Litter-Robot-branded accessories to accompany the device. This automatic litter box works excellently as is, but things like a ramp for senior cats, filter replacements, and odor traps will keep the device running like new for longer. Keep your investment in tip-top shape for way less with discounted accessories and bundles, for up to 35% off.
If your TV isn’t as smart as you hoped, or you just hate its built-in interface for some reason, there are a variety of other options for dedicated streaming. For households that watch a lot of shows and movies on Prime Video or use Alexa for their smart home management, we recommend checking out the Fire TV Stick 4K Max. The latest generation is currently marked down to just $35 for the Amazon Big Spring Sale, a $25 discount from its usual price.
Amazon
Fire TV Stick 4K Max (2nd Generation)
While the Fire TV Stick is a good choice for Prime Video, it plays well with basically all of the major streaming services you’d expect, including Netflix, Disney+, and HBO Max. The previous generation had just 8 GB of storage, but the new model’s upgraded 16 GB means you won’t have to choose which apps to keep and which to delete. If you have a compatible controller and an Xbox Game Pass subscription, you can even stream games directly to the Fire TV Stick right from the cloud. With some help from Wi-Fi 6E, apps will download faster and stream at higher quality with less buffering, as long as your router supports it.
One of the standout features is the Fire TV Stick’s integration with Alexa smart home systems. While watching your shows, you can easily pull up a picture-in-picture of any security feeds, and there are options to control other smart devices, like lights, right from your television. The remote even doubles as an Alexa with its built-in microphone, letting you find shows or ask questions without getting off the couch. With a built-in gallery mode, the TV can slowly rotate through photos and paintings like a screensaver, and you can ask the remote to quickly find out what you’re looking at.
.png)
Politics7 days ago
Sports7 days ago
Entertainment7 days ago
Tech7 days ago
Fashion7 days ago