News Roundup: Week of Dec 26, 2021

News Roundup: Week of Dec 26, 2021

Could Continuing AWS Outages Give Rise to Distributed Cloud Deployments?

Widespread disruption of high-use internet services was recently experienced as a result of the third AWS outage in the span of a month. AWS reported this latest disruption was caused by “a power outage at a data center in Northern Virginia” which saw giants like Hulu and Slack offline for about two and a half hours. A recent article from The Washington Post suggests that having a cloud deployment with a singular, critical point of failure creates opportunities for widespread outages, in a world where distributed cloud deployments can offer you some protection from these outages. As “the cloud’s increasing intricacy and demands” continue to increase, and companies continue to migrate and develop in the cloud, the potential for outages caused by the “over-centralization” of infrastructure into heavily-used AWS regions also increases.

Azure App Service Insecurity Exposing Source Code Since 2017

A recently discovered insecurity in the Azure App Service has “exposed the source code of applications written in PHP, Python, Ruby, and Node” and has been prevalent since September 2017. SC Magazine purports that this security flaw was first widely reported to the public by The Wiz on Oct. 7, 2021, and Microsoft has since updated it’s security recommendations document and mitigated the default behavior that caused this issue. Further research suggests that this vulnerability was likely not a well-kept secret and would have been widely exploited during the purported four year window of this vulnerability. We recommend double-checking your deployments against these new recommendations to ensure that your source code isn’t vulnerable.

Security Attacks Likely to Continue to Increase in 2022

2020 and 2021 have been marred by an increase in the commonality and sophistication of security attacks on companies as we all navigate the uncharted waters of remote work, and address the new connectivity and security concerns that have surfaced as a result of this necessary transition. A recent article from Bloomberg law suggest that some of the most damaging attacks have targeted backbone systems and solutions, such as the Microsoft Exchange software attacks that affected many companies in 2021. Alarmingly, many of the “exploits used in the first quarter of 2021 are still being used today” which only serves to create added pressure on both the solutions providers and companies that build critical systems upon such backbones solutions. These attacks are complemented by more ‘traditional’ phishing attacks, “which remains one of the highest-volume types of vulnerabilities” across all business sectors. Having proper security procedures and communication channels in place is more important than ever, and the criticality of such considerations will only increase as we move into 2022.

JEDI Becomes JWCC With Decision Target of Q3 2022

In the wake of four years of legal challenges and congressional inquiries, The JEDI contract has been replaced with a new framework, the Joint Warfighter Cloud Compatibility (JWCC), “from which to deliver commercial cloud services to Defense personnel.” The Pentagon “issued formal solicitations for JWCC” to AWS, Microsoft, Google, and Oracle, effectively leveling the playing field for the biggest US cloud providers. According to Nextgov “The Pentagon plans to make JWCC awards in the third quarter of fiscal 2022” which could bring some interesting infrastructure developments from these cloud providers.
News Roundup: Week of Dec 26, 2021

News Roundup: Week of Apr 18, 2021

News roundup

FCC Re-Establishes CSRIC to Tackle 5G and Solar Winds Attacks

The FCC recently announced that a federal advisory committee will be re-established “with a primary focus on improving 5G network security.” This announcement also cites the recent security breaches affecting the communications sector, especially the Solar Winds breach, in needing to revamp the CSRIC for today’s and tomorrow’s challenges. The FCC intends to “re-establish CSRIC on or before June 30, 2021 for a period of two years.”

SASE Market Continues to Grow

VentureBeat recently highlighted the Secure Access Service Edge (SASE) market as “showing tangible, long-term momentum in just its second year as a new technology segment.” The article states that SASE provides “long-term assurances for unified security across the entire organization,” which is especially important in our widely WFH world. SASE technology also allows you to streamline “complex security and WAN implementations” and build “user-centric security frameworks,” that are a necessity as the 5G-powered cloud edge begins to develop.

FBI Begins Court-Ordered Culling of Microsoft Exchange Servers

The US Department of Justice recently issued an unprecedented court order for the FBI “removal of the malicious web shells” from vulnerable versions of Microsoft Exchange servers from networks in the US. Months after a January Chinese-led espionage campaign that exploited four day zero vulnerabilities in Microsoft Exchange Server, many of the vulnerable web shells were still in place. According to released court records, “FBI personnel will access the web shells, enter passwords, make an evidentiary copy of the web shell, and then issue a command through each” of the web shells, to delete them. The announcement did include a promise from the FBI to attempt to inform all network owners impacted by the search and of impacted computers affected by this process.

News Roundup: Week of Dec 26, 2021

News Roundup: Week of Jan 31, 2021

Ford and Google Partnership Announced

Ford announced this week that they’re partnering with Google Cloud “in first-of-its-kind partnership” that aims to “accelerate Ford’s transformation and reinvent the connected vehicle experience.” Ford intends to leverage the data, AI, and ML capabilities of Google Cloud as they move to power their vehicles with built-in Android OS and Google apps services. Ford is hoping to leverage this partnership to get ahead in the race for “electrification, connectivity and self-driving” cars that is happening in the industry today. This partnership highlights the initial integration of Google Assistant, Google Maps as primary navigation, Google Play media playback, and an Android development base for other apps.

Jeff Bezos to be Replaced as Amazon CEO by AWS Chief Andy Jassy

Amazon announced this week that Jeff Bezos will be stepping down as CEO and will be replaced by longtime AWS leader Andy Jassy. After 27 years, Bezos will be stepping into an executive chair role, effective in Q3 of this year. As reported by c|net, this “transition comes as Amazon navigates a tricky period in its history.” Amazon is attracting regulatory scrutiny as its profits continue to grow during the economic shifts caused by the COVID-19 pandemic. This coming on the back of challenges Amazon has faced keeping its vast workforce safe from COVID-19 infection.

New Administration Brings Renewed Scrutiny of JEDI Contract

The lengthy legal battle led by AWS against the results of the JEDI cloud competition is creating renewed pressure on the Department of Defense under the new administration. According to Nextgov, “The Defense Department may not continue with the embattled Joint Enterprise Defense Infrastructure cloud contract if a federal judge does not dismiss charges of improper political influence in Amazon Web Services’ protest, according to a document sent to Congress.” AWS continues to allege that government officials, including the former president, improperly influenced the outcome. The Department of Justice expects a ruling from a federal judge soon.

Remote Threats to Remote Work Continue to Evolve

A recent article from InformationAge warns us of continued and evolving threats to remote work IT security. The post warns that hackers are changing their tactics to utilize a much more people-centric attack vector and targeting end employees directly. It is critical that we all take extra care to train employees and screen external communications for these evolving threats. As CISOs around the world continue to focus on securing their remote workforce, often for the first time in their company’s history, this challenge can seem incredibly daunting. Many companies scrambled to push out a cloud solution to address the remote work necessity and are now having to backtrack to secure them. The article warns that ransomware might continue to focus more on cloud environments and increase in complexity as 2021 progresses.

Salesforce Launches Vaccine Cloud as Vaccinations Become a Reality

Salesforce recently announced the launch of “Vaccine Cloud” in an effort to help institutions “more rapidly, safely and efficiently deploy and manage their vaccine programs.” The announcement comes as many states are working towards the end of their first phase of vaccination and registrants are eagerly awaiting the second phase of vaccination. The immense challenge of administering and managing the global scale of vaccination “efficiently, effectively, and equitably,” is proving to be quite the challenge for government agencies, healthcare organizations, businesses, nonprofits, and educational institutions alike. Salesforce is hoping to leverage their experience to help with vaccine inventory management, appointment scheduling, outcome monitoring, public health outreach and more.

Announcing the Launch of our New Website!

Announcing the Launch of our New Website!

As our customers’ needs continue to evolve our controller and plugin systems have grown from a Swiss army knife of virtual devices to full-blown cloud edge networking functionality. We are hard at work finalizing the next major release of our VNS3 controller and as we look into the future we saw a need to reposition and re-package our offerings. In order to facilitate this transition we’re thrilled to announce that we’re starting off the new year with a brand new website, and we wanted to take the opportunity to explain our design choices and some of the decision making that is leading us forward.

New Messaging Goals

Our main goal in redesigning our website is to help new and existing customers better understand all of the many pain points that our offerings address while giving us a platform to talk about new packaging, pricing, and features as they relate directly to these use cases. We’ve also put a lot of work into our UI over recent years and are excited to be able to put product screenshots in the spotlight. We’re hoping new and existing customers will appreciate the increased transparency of a more direct messaging style as we move forward.

Plugin Manager

Another major focus of this transition is to get more users launching VNS3 to try it for themselves. We’ve spent a lot of time revamping our documentation site, and we’re adding more quickstarts with AWS Cloudformation, terraform, Azure, and more. As we move forward we’re planning to release more short-form, tutorial-focused content to help new and existing users get the most out of their VNS3 deployments. We’re also releasing new free tier packages like our People VPN offering that went live to address remote work needs that arose last year.

News Roundup: Week of Dec 26, 2021

News Roundup: Week of Nov 30, 2020

More and More AWS Local Zones

As announcements from the 2020 AWS re:Invent continue to roll out, one of the earlier announcements we were excited about was the promise of increased local zones in Boston, Houston, and Miami this year with the promise of twelve more zones coming online through 2021. These new local zones are intended to “provide access with single-digit millisecond latency to the vast majority of users in the Continental United States.” This is yet another step towards bringing the cloud down to the ground as more edge compute locations support different instance types, direct connect, and the most-used AWS services.

AWS Brings the Mac Mini to the Cloud

The opener to the 2020 re:Invent conference brought a surprising announcement for Mac and iOS app developers: new EC2 Mac instances powered by the Mac mini. This announcement comes on the heels of the recent M1 Mac mini launch and connects the Mac to the AWS Nitro System. This announcement also means that AWS is bringing Apple’s M1 Mac minis into the AWS data centers within the first half of 2021.

Intel and Google Hybrid and Multi Cloud Improvements

In an announcement via HPCwire this week, Intel and Google are officially collaborating to co-develop “reference architectures optimized for the now generally available ‘Anthos on bare metal’ solution.” This announcement is meant to target “data center and edge computing use cases,” and is another instance of new Intel processors being introduced to cloud computing infrastructure. This collaboration “allows enterprises to run Anthos on their existing on-prem physical servers, deployed on an operating system without a hypervisor layer.”

Salesforce Buys Slack for Over $27 Billion

In one of the largest deals in recent years, Salesforce acquired Slack with a combination of cash and stock that totalled over $27 billion. This latest acquisition comes on the heels of a slew of acquisitions by Salesforce in the past few years. CNBC suggests that “The acquisition will further intensify Salesforce’s rivalry with Microsoft, whose Teams chat and video service has emerged as Slack’s stiffest competitor.” This acquisition might also push companies away from using Slack given Salesforce enterprise-focused reputation.

IBM Cloud Quantum Safety Claims

An article this week from sdccentral reports that IBM is promising quantum-safe cryptography support for key management and application transactions in IBM Cloud. This is another step for IBM towards establishing themselves as a leader in quantum-safe networks. Any TLS encrypted data harvested today is at risk of being decrypted by quantum computers. This leaves any data in transit today vulnerable to these attacks in the future. IBM hopes to deliver quantum-safe cryptography for data in transit in the IBM Cloud, focusing their security strategy  on open-source standards such as CRYSTALS and Open Quantum Safe.

News Roundup: Week of Dec 26, 2021

News Roundup: Week of November 9, 2020

IBM Cloud Automation and Data Paks

A recent article from Fierce Telecom highlights new automation and data capabilities coming to IBM’s cloud software portfolio. These IBM Cloud Pak updates “offer integrated data and AI capabilities that run on Red Hat OpenShift” starting on November 20. These updates “include industry accelerators for banking, warranty management, supply chain forecasting, and retail,” as well as Watson Machine Leraning Accellerator (WML-A) and other improvements.

Enterprise Decentralization of the World Wide Web

A recent article highlights the new startup Inrupt launched by World Wide Web inventor Tim Berners-Lee that promises decentralized web technology with more control for customers and users over their personal data. This enterprise version of the company’s push to give customers more control over their data boasts “a handful of early-adopter clients – including NatWest Bank, the BBC, the Flanders government in Belgium and the NHS.” The company chose these four organizations to develop “explicit use cases with large organisations” in order to quickly scale and adjust their offering to market needs.

Adapting to Cyberattacks in a COVID World

A recent Forbes article suggests that as we all continue to adapt to the immediate and consequential challenges presented by COVID, cyberattacks “are going through a digital transformation of their own this year.” The article cites a McAfee Labs COVID-19 Threats Report from July that claimed “a 630% increase in cloud services cyberattacks between January and April of this year alone.” The article outlines 5 key adaptations for cloud platforms into 2021:

  1. Prioritize Privileged Access Management (PAM) and Identity & Access Management (IAM) using cloud-native controls to maintain least privilege access to sensitive data starting at the PaaS level.
  2. Start using customer-controlled keys to encrypt all data, migrating off legacy operating systems and controls that rely on trusted and untrusted domains across all IaaS instances.
  3. Before implementing any cloud infrastructure project, design in Zero Trust Security (ZTS) and micro-segmentation first and have IaaS and PaaS structure follow. 
  4. Before implementing any PaaS or IaaS infrastructure, define the best possible approach to identifying, isolating and correcting configuration mistakes or errors in infrastructure.
  5. Standardize on a unified log monitoring system that ideally has AI and machine learning built to identify cloud infrastructure configuration and performance anomalies in real-time.

Continued AWS Investment in Indian Infrastructure

Reports filtering in from TechCrunch and Fierce Telecom discuss a $2.8 billion investment from AWS to build a new AWS Cloud region in Hyderabad, “which is the capital and largest city” in the Indian state of Telanga. AWS Chief evangelist Jeff Barr highlights that “this is the latest in a long series of investments” for AWS in India. Barr also posits in his blog post that the continuing investment in Indian cloud regions will support innovation and cloud transformation into the “next generation of IT leaders in India.” This new region is scheduled to join the Asia Pacific cloud in 2022.

Continued Cloud Growth Despite COVID

A recent article from SiliconANGLE discussing cloud trends at this point in 2020 and suggesting that, while cloud growth may have been better without a global pandemic, “COVID has been a benefactor to cloud.” To support their claims they cite cloud revenue estimates from AWS, Azure, and GCP, which include lower but continued increases in revenue for all three platforms. The article goes on to discuss customer spending patterns, serverless computing, and cloud platform market share as indicators of increased cloud market growth.