Tag: compliance

  • Talk: VCF + Tanzu Platform = The Private Cloud Enterprises Actually Needs – June 25th, 2026

    I’m doing a Global VMUG session with Oren Penso this Thursday, June 25th, 5:40pm CEST. Virtual, free. Title: “VCF + Tanzu Platform = The Private Cloud Enterprises Actually Needs.” The abstract: VMware Cloud Foundation 9 brings modern infrastructure to your private cloud. Tanzu Platform layers on as the application platform layer – giving developers PaaS…

    Read more

  • Illustration from

    Headless AI, Evals as Levers, and Spaghetti Topped With Spaghetti – Related to your interests, Monday

    Also: Cloudflare’s wholesale memory, custom Claude Code, and Google Cloud math From The Edge Not Taken. Related to your interests Headless everything for personal AI – What if we go back and o the command line? // DOS was good enough for our grandparents, it’s good enough for us. The Harness Is the Lever: Why…

    Read more

  • As we continue to accelerate the pace of digital innovation across our global operations in an uncertain world, maintaining control over data locality and security is paramount,” said Daniele Tonella, Chief Technology Officer, ING. “VMware Cloud Foundation 9 will provide us with the unified, enterprise-grade private cloud platform necessary to achieve multi-region consistency, enhance workload…

    Read more

  • 🤖 DoD Unveils CSRMC: Automating Continuous Compliance for Cyber Risk at Operational Speed

    Summarized by AI. The article explores how defense and enterprise organizations are evolving from traditional, static compliance frameworks toward continuous, automated, and intelligence-driven security models. It traces the U.S. Department of Defense’s (DoD) cybersecurity governance evolution–from DITSCAP in 1997 to the newly announced Cyber Security Risk Management Construct (CSRMC) in 2025–and argues that this shift…

    Read more

  • Cloud sovereignty strategy advice

    ”Prioritize sovereignty where it matters most. Not every workload requires sovereign infrastructure — and overengineering can be costly and inefficient. Focus on areas where sovereignty is critical: AI workloads, sensitive data, and operations in regulated industries. Use edge computing to process data locally and reduce compliance risks. Localized cloud options, including sovereign clouds and regional…

    Read more

  • Sensitive Information Disclosure in LLMs: Privacy and Compliance in Generative AI – Sensitive information in, sensitive information out. Also, make sure to have access control to your models.

    Read more

  • Continuous Authorization to Operate (cATO) needs a DevSecOps platform – This is written in US Federal government speak, but the same benefits apply to commercial enterprises. If you use a centralized PaaS for your apps instead of customized infrastructure per each app, you can certify the layers below the application as compliant to use. Then…

    Read more

  • A few thoughts on the Apple DOJ antitrust case, from someone who isn’t riding his first rodeo – “In organisations that are under antitrust pressure, ideas that might get put forward are held back, because people would rather not spend the time having them checked through legal and compliance teams. Acquisitions which a company might…

    Read more

  • 3 Multi-cloud Motivations

    3 Multi-cloud Motivations

    This is an excerpt from my upcoming blog series analyzing our 2023 State of Kubernetes survey. Multi-cloud for flexibility, sovereign cloud, and because it’s just there This year, our survey found several motivators for doing multi-cloud. Let’s look at some of them plus some that I hear about a lot that aren’t in the chart.…

    Read more

  • Link: CI/CD is possible

    “By deploying applications to cloud.gov, agencies can take care of 269 of the 325 controls required by a moderate-impact system, significantly reducing the compliance burden and the time it takes to receive an ATO.” Original source: CI/CD is possible

    Read more