More evidence – as if it were needed – that Alibaba is serious about taking its cloud arm into new geographies: the company has announced compliance accreditation with Germany’s federal office for information security.

The C5 attestation – so called because its full natty title is the Cloud Computing Compliance Controls Catalogue – with additional requirements covers Alibaba’s elastic compute service, relational database, object storage, CDN, load balancer, virtual private cloud and security offerings.

The German federal office, the Bundesamt für Sicherheit in der Informationstechnik (BSI), outlines the C5 criteria thus (pdf), noting already established standards such as the ISO/IEC 27001 and 27017: “Among security experts and cloud service providers exists an informal consensus about the requirements that have to be met for secure cloud computing. A generally recognised requirements (or controls) catalogue on this, however, is not available yet. The present [C5] is intended to be an aid for the customer providing a better overview for a higher level of security and avoiding redundant audits.”

Only five cloud service providers are C5 accredited – AWS and Microsoft being among them – while Alibaba says it it’s the first company to be accredited with additional requirements.

“Alibaba Cloud is fully committed to the highest standards in all aspects of our operations no matter where that might be in the world,” said Simon Hu, Alibaba SVP and president of Alibaba Cloud in a statement. “We are proud to be the first company to meet the C5 additional requirements – something that should increase the trust placed in us by our growing client base not only in Germany, but also across the whole of Europe.”

This can be seen as the icing on the cake for a stellar year in Alibaba’s cloud operations. Naturally, its traditional eCommerce strength remains – just the $25 billion generated in sales with Singles Day last month – enabling the cloud arm to fly somewhat under the radar. CEO Daniel Zhang told analysts on an earnings call at the start of November that the cloud business “continues to defy gravity”, with revenues up 99% year on year.

Alongside an expanding partner ecosystem, the company outlined its plans to move from one million cloud customers to 10 million at its Computing Conference in Hangzhou back in October. The previous month, Gartner placed the company in third for public cloud infrastructure as a service.

Multi-cloud continues to be a major trend as we move into 2018 – and according to a new research report from VMware, organisations need to overcome the inherent technical and skill challenges of multi-cloud deployments for success.

Over half (57%) of the more than 1,300 global IT decision makers in large enterprises polled said that technical challenges, as well as the demand for new skills and staff, were unexpected, critical learnings from managing multiple clouds. Integrating legacy systems and understanding the new technology were cited by 62% and 61% of those polled respectively as the toughest challenges in the process.

As the report puts it, if you haven’t started exploring multi-cloud yet, then you’re already behind so you need to start now. What’s more, VMware says, first year progress is particularly demanding, with technical snafus as well as the usual legacy issues. For those between years two and five, patience is the order of the day, although there are some surprising benefits, particularly around security as organisations become more comfortable with cloud technologies. Beyond year six, the report argues, the possibilities are near infinite, combining technologies such as AI and IoT with confident security practices and a cloud-first organisational posture.

As this publication reported last month, research from BMC Software found that organisations are struggling to manage multi-cloud environments. In this instance, BMC advocated exploring AI and machine learning as it can increase automation in the multi-cloud management process. Plenty of market buzz has been around the concept of late too; witness Cisco’s intention to acquire Cmpute.io earlier this month as evidence of that.

“The race to digital transformation is driving the need for global organisations to dramatically speed application delivery, while simultaneously fuelling innovation and becoming more agile in the process,” said Ajay Patel, senior vice president for product development of cloud services at VMware. “With digital business changing how industries operate, organisations are increasingly looking to multiple clouds to support the drive to become more secure, innovative, efficient and agile.

“This study highlights what it takes for a successful multi-cloud approach that not only allows companies to realise the true benefits of the cloud but helps them capitalise on emerging technologies to run a competitive, successful business,” Patel added. “With time, organisations are on a path to reap the full, long term benefits of multi-cloud environments.”

You can find out more about the report here.

It appears Amazon Web Services (AWS) is continuing a presence in China after all: the company has announced a strategic technology partnership with Ningxia Western Cloud Data Technology (NWCD), opening a second data centre in China in the process.

The AWS China (Ningxia) region, which offers two availability zones at launch, complements the Beijing region Amazon already has. Like the Beijing region, which is operated by Sinnet, the Ningxia region will be operated by NWCD.

This curious relationship is further expanded in this statement from the press materials. “While the cloud services offered in both AWS China regions are the same as those available in other AWS regions, the AWS China regions are isolated from all other AWS regions and operated by AWS’s Chinese partners separately from all other AWS regions,” the company notes. “Customers using the AWS China regions enter into customer agreements with Sinnet in Beijing and NWCD in Ningxia, rather than with AWS.”

The reason behind this is due to various restrictions China puts on technology companies. As a CNBC report put it, Chinese firms “usually can fully own and control data centres and cloud-related services around the world without foreign equity restrictions or technology transfer requirements, but foreign cloud companies in China don’t enjoy the same environment.” In May, the country’s new cybersecurity law took effect, putting more pressure on organisations.

As an example of the former, last month Sinnet announced in a regulatory filing it was buying part of Amazon’s cloud business in China to help “comply with China’s laws”. The news forced AWS to deny it had sold up in the Asian country.

To give an idea of the cooperation involved, the press materials included a statement from He Jian, secretary of Zhongwei Municipal Committee of the Communist Party of China. “We have developed a close collaboration with AWS based on mutual trust, and are delighted that our region is now offering highly resilient, high performance data centres to enterprises across the nation,” said He.

“The second AWS region in China is part of AWS’s ongoing commitment to offer best in class cloud technologies to Chinese customers,” added AWS CEO Andy Jassy in a statement. According to the company, customers on board with the new region include Lenovo, Samsung Electronics and Xiaomi.

In October, analyst firm Synergy Research released a note which put more meat on the bones regarding the Chinese market. “The difference between China and all other countries is striking,” said John Dinsdale, a chief analyst at Synergy, at the time. “The markets for cloud services and for data centre infrastructure are truly global in nature and in all regions they are dominated by US-headquartered companies, but China stands out as the one huge exception.

“Going forward, it is difficult to see US companies making too much headway in China, but there is no doubt that some of the Chinese companies will have an increasing impact in countries beyond China,” Dinsdale added.

Cisco has announced its intention to acquire Cmpute.io to help organisations get the most out of their multi-cloud deployments.

The acquisition, which is expected to close in the second quarter of Cisco’s 2018 fiscal year, was announced on Cisco’s blog, with Rob Salvagno, head of Cisco’s M&A and venture investment team, writing that the addition of Cmpute.io’s technology will “help customer optimise their cloud consumption to ensure optimal business value.”

Longer-term industry watchers may remember Cmpute.io in its previous life as Batch.ly. The company offers four paths to cloudy application optimisation; instance right sizing, putting instance types with the right application based on performance; cost and time saving; as well as availability, automatically balancing application workloads across instance categories.

This is by no means the first cloud-based buy made by Cisco this year. 2017 has seen the acquisition of SD-WAN provider Viptela, for $610 million back in May, while October saw $1.9 billion splashed out for cloud collaboration provider BroadSoft.

The importance of managing multi-cloud environments continue to be a hot button issue for organisations. A research study from BMC Software released last month found that for the majority of IT decision makers polled, current multi-cloud management approaches needed rethinking.

According to the research, cost optimisation was the most popular reason to go multi-cloud, ahead of increased agility and risk mitigation. “With a multi-cloud strategy, customers need to budget, buy, and consume differently,” added Salvagno.

Financial terms of the deal were not disclosed.

With AWS re:Invent done and dusted for another year, naturally the majority of coverage has focused on the initiatives coming out of Amazon’s headquarters. There were plenty of them too – more than 20 announcements in Andy Jassy’s keynote alone, with topics ranging from machine learning, databases, and the Internet of Things (IoT).

Yet plenty more news came from the event’s many partners. First up was something of a continuation, between Amazon Web Services and VMware. First announced last year and made available in August, the two companies’ collaboration, VMware Cloud on AWS, has been extended and expanded. More VMware capabilities have been plugged in, more AWS services are being supported, and availability will be expanded from the US West region, in Oregon, to now include US East in Virginia.

“The momentum for VMware Cloud on AWS is growing rapidly, and VMware and AWS are delivering major new capabilities after only three months of availability while enhancing our strategic relationship with new integrations across our platforms,” said Mark Lohmeyer, VMware vice president and cloud platform business unit general manager. “Customers of VMware Cloud on AWS will be able to migrate application portfolios to the cloud even more rapidly with Hybrid Cloud Extension and AWS Direct Connect, while maintaining the optimal levels of performance, scale, and availability required for mission-critical apps.”

Elsewhere, digital performance and app monitoring provider Dynatrace announced that organisations can monitor performance at the code level across a wider variety of AWS Lambda services. In what is described as an industry first, Alois Reitbauer, vice president at Dynatrace, explained: “Today, people buy and transact business via voice, not just on their laptop or mobile device. Monitoring these transactions at a user level is critical, as without it, you have an increasingly big blind spot.

“It’s similar with IoT; you now have millions of devices that are driving the code that’s being executed in AWS Lambda, so organisations need automated real-time discovery and continuous visibility to deliver proactive performance management and avoid IoT failures,” Reitbauer added.

Stratoscale, on the other hand, is looking more at running and scaling cloud-native applications on-premises. In what was again seen as a first for the industry, the company’s latest product, Chorus, enables app development teams to build cloud-native applications without being limited to the public cloud. The product supports Kubernetes, load balancers, and object storage.

Outside of product announcements, much of the partner news at re:Invent focused around companies getting on board with AWS’ metrics. A new program for AWS’ partner network announced at the event was the AWS Networking Competency, aimed at advanced partners who already provide specialised solutions to help customers adopt, develop and deploy on Amazon’s cloud. Among the 18 partners first announced were Colt, Equinix, and Dome9 Security. Colt said that to achieve recognition partners needed to demonstrate ‘deep AWS expertise’ and be able to ‘deliver solutions seamlessly.’

Read more: AWS takes a musical approach at re:Invent with machine learning, serverless and IoT key

The Cloud Standards Customer Council (CSCC) has published the latest version of its Practical Guide to Cloud Computing, which aims to give organisations a 10-step roadmap from developing business cases to moving to production.

The report, version 3.0, makes several changes to its predecessor, which was published in 2014, including updates to address maintaining cloud services and data residency management. As well as this, the ‘essential characteristics’ of cloud computing, opening the document, have been altered to reflect characteristics defined in the ISO/IEC 17788 standard.

Plenty has changed in the industry over the past three years. The report has been updated to take into account the likes of serverless computing, containers and microservices technology, as well as hybrid cloud, which wasn’t as ubiquitous a term in 2014 as today.

Yet the general good practice around adoption, governance, and integration remain solid. Take integration with existing enterprise systems – point eight in the 10-step agenda – for example. This is naturally important, if you’re a large organisation with significant investments at stake or if there are some assets which are simply not cloud-ready yet.

The report notes how there are a variety of components which can be considered from both the organisational and cloud service provider side, such as data, process integration and management capabilities, while there are several links in place between cloud services and existing applications. If an organisation has already established a process of adopting open standards for data formats, or communication protocols and APIs, then cloud services integration can be built on top of that. If not, then cloud integration can be used as a baseline for when these standards do appear.

The report offers by way of conclusion a summary of critical keys to success for any organisation embarking on a cloud journey. This includes establishing executive support, addressing organisational change management, establishing commitment, carefully evaluating cloud service agreements, addressing federated governance, handling security and privacy, complying with legal and regulatory requirements, and defining metrics and a process for measuring impact.

Naturally, this is only a guide – the ultimate selection of cloud solutions depends on the abilities of IT and business decision makers – yet the importance of making these moves is key. Analysing the top six benefits of cloud computing, the report notes the ability to achieve economies of scale, reduce CapEx by moving to OpEx, improve access, implement agile development, leverage a more global workforce, and gain access to emerging technologies such as artificial intelligence and blockchain.

You can read the full 45-page document here (pdf).

Talk about a global outlook: data centre provider Equinix has announced the launch of a new strategy to connect its data centres around the world through software defined networking (SDN).

The inter-metro connectivity, which enables users to dynamically connect its own infrastructure across Equinix locations as well as connect to any other customer, comes through the Equinix Cloud Exchange Fabric (ECX Fabric). For enterprises, it helps them with agility, while for service providers the move helps connect them with a global base of enterprise cloud buyers.

The new ECX Fabric capabilities are not quite available in all regions yet, however. All ECX locations in North America and EMEA are already catered for, including Frankfurt, London and New York, with 17 in total. Equinix says it will aim to roll out to new metros in the regions, such as Denver, Geneva and Milan, by early 2018, while extending connectivity to APAC areas later next year.

“As digital transformation intensifies, business possibilities have no limits and neither should an organisation’s IT infrastructure,” said Sara Baack, Equinix chief marketing officer in a statement. “Building a digital business requires the ability to reach strategic global destinations on demand, to access everyone that matters, and to bring people, clouds, data and things together.

“Today’s announcements and our future product and services roadmap are aimed at leveraging the Equinix global platform to serve as a strategic partner for companies on this journey,” added Baack.

According to figures from Synergy Research back in June, Equinix and Digital Realty, the company’s main rival in the colocation space, have extended their already substantial leads in the market. The primary reasons for this extension include Equinix completing the acquisition of 29 data centres from Verizon, alongside the planned merger of Digital Realty and DuPont Fabros.

More than 20 announcements flowed at AWS re:Invent today, including updates on machine learning, databases and the Internet of Things (IoT) – not to mention a couple of big-name customer wins.

The theme for Amazon Web Services CEO Andy Jassy was around builders. Unlike the previous year’s keynote, where it was about superpowers, this presentation had a slightly more mundane – and musical – approach.

Technology builders are like musicians, Jassy explained. Some guitarists may play acoustic a lot of the time, but require some parts be played electric. Requiring the appropriate tools for the job at hand, and getting the right approach to building your work, was key. And through the music – or rather words – of the Foo Fighters, Eric Clapton, Lauryn Hill and more, Jassy went through the gamut of AWS’ updates.

First up were the instances. AWS had earlier in the week announced bare metal offerings for EC2, and were augmenting that with new H1 Storage Optimised instances – designed for data-intensive workloads or big data clusters – as well as an updated M5 general purpose instances.

“Let’s talk about freedom,” says Jassy. Ah, one thinks: is the house band about to start up a certain George Michael number by any chance? Indeed they were. Jassy described freedom in this instance as “the ability not to be locked into abusive or ownerless relationships, or one size fits all characterisations or tools.” At this moment, veteran cloud-watchers could have already ticked off their Oracle-bashing square on their re:Invent bingo card, and AWS duly delivered (below).

This begat the launch around Aurora Multi-Master, which gives Aurora customers the ability for millisecond-quick failover on writes as well as reads, and a preview of Aurora Serverless, an on-demand auto-scaling serverless database. The latter’s announcement generated an unseemly outbreak of whooping from some sections of the audience. “What you get here is all the capabilities of Aurora…it doesn’t require you to provision any database instances, it automatically scales up when the database is busy, scales down when it’s not…pay only by the second when your database is being used,” said Jassy. “That is pretty different.”

Perhaps the most exciting announcements AWS made were around machine learning. Little wonder; the hype continues to rise – “of all the buzzwords we’ve heard in the 11-and-a-half years we’ve been doing AWS, machine learning might be the loudest”, Jassy noted – and AWS is even sleeping with the enemy in their collaboration with Microsoft in this area, Gluon.

What transpired was Amazon SageMaker, a new service aimed at helping developers build, train, and deploy machine learning models. “If you think about the history of AWS, we don’t build technology because we think the technology is cool,” said Jassy. “The only reason we build that technology is to solve problems for you. We want everyday developers and scientists to be able to use machine learning much more expansively.”

The most interesting aspect of SageMaker is its modular nature; users can build and train on it and deploy somewhere else, or vice versa. In a completely different ballpark is AWS DeepLens, a high definition camera with on-board compute optimised for deep learning. AWS said it expects users to get started running their first deep learning computer vision model in 10 minutes from unboxing the camera.

On top of this was Amazon Transcribe and Translate, automatic speech recognition and translation services. It will be interesting to see how the latter stacks up against Google Pixel Buds, the search giant’s recent effort in this area – and the wag who piped up on Twitter that Jassy’s keynote should have been the first test for Transcribe may have had a point – but it is another example of AWS’ machine learning initiatives.

The IoT side saw a trio of products, in the shape of IoT Device Management, IoT Analytics, and IoT Device Defender, the latter of most interest and offering continuous auditing, real-time detection and alerting, and more to secure millions of devices.

On the customer side, Expedia announced it was going all-in on AWS. Mark Okerstrom, president and CEO of Expedia, told attendees that he expects 80% of the company’s critical apps will move to AWS within three years. Elsewhere, The Walt Disney Company has selected AWS as its preferred public cloud infrastructure provider.

Picture credits: Amazon Web Services

The verdict has come in for small businesses securing their clouds: good in parts, but could be better.

That’s according to the latest security survey from B2B research firm Clutch. In its latest report, which polled 300 US small business with a maximum of 500 employees, 90% of respondents overall said their cloud was secure, representing a small increase from the previous year.

More than half of organisations polled said they use encryption – cited by 60% of respondents – employee training (58%) or two factor authentication (53%) to secure their cloud storage, with only 6% saying they use no measures. Yet Clutch argues these numbers could be better; ‘almost all small businesses should be using these measures to protect their cloud storage’, the company said.

More concerning, however, is the revelation that 62% of small businesses who say they do not follow industry regulations when storing banking information on cloud storage. What’s more, 54% of small businesses admit the same for storing medical data on cloud storage. This, in other words, is the PCI DSS for payments and the HIPAA accreditation for healthcare.

Only 35% and 36% of respondents respectively said they followed the PCI DSS and HIPAA regulations. Almost three quarters (74%), however, said they followed the ISO accreditation. Istvan Lam, CEO of Tresorit, said it was “a good way to protect information inside the organisation… even if someone is not necessarily going to be audited for the standard, it’s a good practice to follow.”

The overall verdict from the report is that while small businesses are ‘confident’ in their cloud storage security, following industry regulations and implementing additional security measures should be seen as a must-have rather than a value-add.

“While cloud storage offers enormous benefits in cost savings, data portability and security, small businesses should ensure they implement proper security measures and follow necessary regulations to protect their data in the cloud,” the report wrote.

You can read the full report here.

Amazon won’t have the cloudy news agenda all its own way this week: Microsoft has announced a partnership with SAP which aims to ‘provide enterprise customers with a clear roadmap to confidently drive more business innovation in the cloud’, as the companies put it.

The move will enable organisations to run SAP’s private managed cloud service, SAP HANA Enterprise Cloud, on Microsoft Azure, as well as some internal use cases; Microsoft will deploy SAP S/4HANA on Azure for its internal finance processes, while SAP will move key internal business critical systems to Azure.

“Building on our long-time partnership, Microsoft and SAP are harnessing each other’s products to not only power our own organisations, but to empower our enterprise customers to run their most mission-critical applications and workloads with SAP S/4HANA on Azure,” said Microsoft CEO Satya Nadella in a statement. SAP CEO Bill McDermott added that the companies were taking their partnership “to the next level with this new capability.”

SAP’s most recent financial results, published last month, saw the company raise its outlook with cloud subscriptions and support revenue and new cloud bookings up 22% and 19% respectively from this time last year. The company cited this quarter was all about ‘waiting for the big brands’ to come through, with Shell already on board and two ‘global brand[s] of massive significance’ in the near future.

From Microsoft’s side, there have been a couple of major customer wins in recent weeks. Energy provider Chevron signed a seven-year partnership deal with the company last month, while United Technologies, which owns brands such as Otis and Pratt & Whitney, signed up earlier this month.

In a separate announcement, Microsoft said it was ‘reinventing its supply chain’ by teaming up with SAP Ariba and Intrigo Systems. The company in a recent webinar explained how the collaboration helped scale and support the manufacturing of its most popular products, including the Xbox and Surface.