News Roundup: Week of Sep 7, 2020

News Roundup: Week of Sep 7, 2020

DOD Doubles Down on Microsoft for JEDI Contract

According to an article from Yahoo! Finance, despite continued protest from Amazon Web Services, the US Defense Department “has completed a comprehensive review” of JEDI proposals and “determined that Microsoft’s offering continues to represent the best value to the government. It has been determined that Microsoft will be unable to begin fulfilling this contract immediately due to Amazon’s lawsuit filed “to challenge the contract process.”

Beware of Voice Phishers

In light of the COVID-19 epidemic, KrebsonSecurity reports hybrid phishing attacks targeting work-at-home employees. In an effort to trick them into “giving away credentials needed to remotely access their employers’ networks,” these attacks come in the form of “a combination of one-on-one phone calls and custom phishing sites.” KrebsonSecurity warns that these attacks are targeted at new hires and that domains used for these phishing sites often invoke the company’s name.

SASE and Zero Trust can Secure and Future-Proof your Remote Workforce Solution

Many journalists and experts in the cloud security industry agree that a Zero-Trust and SASE approach to network security for your remote workforce is more important than ever. An article from Threatpost suggests that a Zero Trust policy will reduce the attack surface of your remote working solution. In the face of the ever-evolving COVID-19 epidemic and its ramifications on future working environments, committing to a SASE approach (outlined both in this article and in a Networkworld article) will help provide IT staff with “full control and visibility over every user’s access throughout the organization’s networks and applications.” A SASE approach to network security is a decision that can help you secure your network now and for the future.

Verizon’s 5G Development Continues with Virtualized Cloud Security Hardware

ComputerWeekly.com reported recently that “Communications giant Verizon has revealed that a series of trials carried out by its network security engineers have proven successful in protecting its 5G infrastructure against security threats and in advancing security measures to protect the confidentiality, integrity and availability of Verizon’s 5G network.” Verizon appears to be solving the latency and vulnerability issues presented by introducing security hardware for “virtualizing many of these functions and moving them to the cloud.” This virtualized approach will be coupled with AI-powered network accelerators in order to reduce operational costs and increase efficiency.

Navy Looking for Cloud Solution to Ship-Mounted Network-Centric Naval Warfare

According to MeriTalk, “The Naval Sea Systems Command (NAVSEA) is seeking industry input as it looks to invest in ship-mounted cloud computing infrastructure as part of the Navy’s broader future strategy for network-centric naval warfare.” The Navy has stated that the plan is to leverage “edge cloud architecture using IaaS” to create a continuous development and computing infrastructure refresh cycle.

News Roundup: Week of Sep 7, 2020

News Roundup: Week of Jan 12, 2020

Register Security Roundup

The recent Register security roundup has highlighted issues with the recent Citrix vulnerability, TikTok security bugs and holes, and the Honey shopping addon being flagged as a security risk by Amazon, among other things. The Citrix security hole has created a situation where “up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.” We highly recommend double-checking to make sure you’ve addressed the situation effectively, as “A full patch for the hole is not due to be released by Citrix until January 20.”

Google Cloud Introduces Premium Support Plan

In a recent blog post, Google announced the introduction of a Premium Support Plan for enterprise customers in order to bring themselves up-to-par with support tiers from the likes of AWS and Azure. The promised 15 minute response time for P1 issues is now the industry standard across the board. The introduction of third-party technology support and promise of “Content aware expertise” should help to increase the overall quality and efficacy of Google’s support.

U.S. Financial Regulators Scrutinizing Cloud Data

A recent articlefrom the Wall Street Journal calls attention to increased auditing scrutiny from U.S. financial regulators concerning how firms manage data stored in the cloud. The article cites the Capital One breach as well as recent Facebook breach as obvious contributing factors. The SEC is hoping that their increased pressure on firms to properly and securely handle data in the cloud, especially as elected officials move to “label big cloud providers as systemically important because of their increasingly critical role in the industry.”

AWS Moves to Block JEDI Progress

According to a recent Federal Times article, “Amazon Web Services will ask a federal court to block the Pentagon and Microsoft from beginning work on the Department of Defense’s controversial enterprise cloud, according to a Jan. 13 court filing.” The grounds for this motion are allegations from AWS “in a December complaint that the contract award to Microsoft was influenced by President Donald Trump.” AWS has presented evidence in the form of “videos of Trump bashing Amazon in a 2016 campaign rally and saying ‘we’re going to take a look at it [the contract]’ in the Oval Office last summer.”

Microsoft’s 2020 Patch for Windows

KrebsOnSecurity published an articlerecently analyzing Microsoft’s first significant 2020 patch for Windows operating systems. The patch included “updates to plug 50 security holes in various flavors of Windows and related software.” KrebsOnSecurity highlights a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 that the “NSA says the flaw may have far more wide-ranging security implications.” We highly recommend backing up and updating your systems as necessary to address this vulnerability.

AWS re:Invent 2019 Recap

AWS re:Invent 2019 Recap

AWS Reinvent photo

Last week was AWS’s annual reinvent conference in the putatively beautiful and blissful Las Vegas. Andy Jassy, Amazon’s CEO, announced plenty of new products and features to excite and alarm the computing and soft-warring world. The conference also highlighted AWS’s leadership in highly resilient software architecture and design with their launch of the AWS Builders’ Library. Let’s run over some of the highlights.

Cloud Descending Back to Earth via New Edge Environments: AWS Local Zones, Outposts, and Wavelength

AWS launched two new environment types this year with AWS Local Zones and Wavelength. Local Zones was spurred by AWS customers requiring ultra-low latency for their compute, notably gaming companies based in L.A., where the first Local ZOne is now generally available. New zones will come online as customer demand in a city necessitates. Wavelength is an AWS environment colocated with telecom infrastructure, providing access to 5G endpoints. The general availability of AWS Outposts, a rack of AWS servers providing AWS on-premise, was also announced, enabling the rollout of Local Zones and Wavelength in fairly short order. AWS Outposts enable companies to test deployments in cloud-like environments without fully committing to the cloud, and give customers like Morningstar and Philips Healthcare ultra-low latency, hyper-local availability zones.

These environments showcase a new battle for the edge. AWS basically won the general compute cloud race, but we now find different telecommunication and networking competitors offering edge environments, with startups the likes of Packet and Vaper IO joining the race. As developers gain access to these new endpoints, along with increased networking capabilities and incredibly low hyper-local latencies, we are sure to see a revolutionary new age of applications and services.

We Have a Size for That: New Compute Instance Types

Amazon launched multiple new instance types including Graviton2 instances and EC2 Inf1 instances. The new Graviton2 boast a whopping 40% price performance improvement. They are based on the ARM architecture, effectively challenging Intel and AMD’s dominance in the chip space, and combined with the Nitro System security chip to support encrypted EBS storage volumes by default. The EC2 Inf1 instances are dedicated Machine Learning training instance types, effectively challenging Nvidia’s domination of the market with their GPUs. AWS promises that these chips provide a significant increase in throughput and price performance relative to Nvidia-powered instance types.

AWS Continues to March into SaaS Markets With New Machine Learning Services

Also announced were multiple ML based services including Code Guru for automated code reviews, Fraud Detector for automated fraud detection, Kendra for search indexing, Transcribe Medical for call transcription in the medical industry and Augmented AI for AI workflows requiring human intervention. You would be hard pressed to find a SaaS market Amazon isn’t capable of stepping into with their army of engineers and data scientists.

The release of the SageMaker IDE and SageMaker Debugger seems to be an attempt by AWS to capture the hearts and minds of data scientists with the promise of streamlining the building, training, debugging, deployment, and monitoring of Machine Learning models. This new IDE bypasses the need for users to understand and deploy a Python or R environment, enables progress reporting for long jobs, promises a simplified and automated debugging process, automates alerts about input data drift, and auto-trains your ML model from CSV data files. In early use, the IDE has proven to come with a steep learning curve and a high deal of complexity of use. The SSO feature, notably, only seems to work with newer AWS accounts. According to VentureBeat , the IDE provides “some features that appear to be just rebrandings of older products and some that solve new, legitimate customer pain points. Even the best new features are incremental improvements on existing products.”

Reducing Cloud Anxiety With New Security-Focused Services

It seems Amazon has heard the cries of its customers as they struggle to manage the complexity of their cloud environment’s security. They announced Amazon detective, Macie , and IAM Access Analyzer to review organizational security lattices and catch any potential privilege or access issues. IAM Access Analyzer helps to solve misconfiguration problems, one of the most common problems with AWS deployments, and can purportedly monitor and evaluate thousands of security policies across a deployment environment in seconds.

Thought Leadership in Designing Resilient Software Systems

Amazon showed some responsibility for their dominance of the cloud with their release of the AWS Builders’ Library. A number of sessions at re:Invent included references to their cell-based architecture approach and explained how AWS achieves high uptime numbers for their most important services.

News Roundup: Week of Sep 7, 2020

News Roundup: Week of Nov 10, 2019

Forrester Predicts 2020 as the Year of Edge Computing

According to Network World, a new set of predictions from Forrester Research sets 2020 as the year that “propels edge computing into the enterprise technology limelight for good.” The article suggests that this shift will bring telecom companies into a much more prominent role in the cloud market, especially given the increasing availability of edge computing via 5G infrastructure. Multi-vendor solutions and integrated systems that can leverage this new infrastructure are predicted to be in high demand in the near future.

Edge computing is very similar to the Cloud, Fog and Flood concept Patrick Kerpan described on the CohesiveFT Blog back in 2012. We’ve always believed this was the natural future progression of cloud and distributed computing. We’ll be re-publishing some updated discussions of this and similar insights in the coming weeks, including the Cloud, Fog, and Flood post, so stay tuned!

Google Gets Access to Patient Data via Ascension Deal

The New York Times recently revisited an event earlier this year where Google “signed its biggest cloud computing customer in healthcare to date” with Ascension, in a deal that, according to The Wall Street Journal, allows Google to “collect and crunch the detailed personal-health information of millions of people across 21 states.” Google has promised that patient data “cannot and will not be combined with any Google consumer data” and both parties claim the partnership is in full compliance with HIPAA. Ascension is optimistic that Google’s AI capabilities will allow them to “help improve clinical effectiveness as well as patient safety.”

Microsoft Releases Graphcore AI Chip to Azure Customers

Microsoft recently announced the availability of its new Graphcore AI chip, which promises to better “support the calculations that help machines to recognize faces, understand speech, parse language, drive cars, and train robots.” According to a recent article from Wired, many companies “claim that certain image-processing tasks work many times faster on Graphcore’s chips” and are praising the programmability of the chips. Graphcore plans to increase adoption and usability via their own software framework, Poplar, “which allows existing AI programs to be ported to its hardware.”

Enterprise Cloud Prefers Hybrid-Cloud Deployments

In a recent Yahoo! Finance article , Nutanix, Inc. revealed the results of an Enterprise Cloud Index survey, which suggest that 85% of respondents favored a hybrid-cloud deployment as their ideal operating model. The article highlights some key findings from the report, emphasizing the flexibility and agility offered by hybrid-cloud deployments:

  1. Apps are migrating away from the public cloud back to on-premises infrastructures.
  2. Security remains the biggest factor impacting enterprises’ future cloud strategies.
  3. IT professionals deem the hybrid cloud the most secure of all the IT operating models.
  4. Nearly a quarter (23.5%) of respondents currently aren’t leveraging any cloud technology today.
  5. Enterprises are striving to integrate cloud computing with their digital transformation goals. Nearly three-quarters (72%) of 2019 respondents said digital transformation was driving their cloud implementations, and 64% said that digital transformation was the top business priority in their organizations.

The report emphasizes that “hybrid cloud will continue to be the best option for enterprises, enabling them to securely meet modernization and agility requirements for workloads.”

AWS re:Invent 2019 is Almost Here!

If you’re as excited as we are for re:Invent 2019 than you’re probably also counting down the days. As 2020 shapes up to be a very impactful year for the cloud, hybrid-cloud, and edge computing, we’re intrigued to see what AWS has in store for all of us. If you are joining us as attendees this year please don’t hesitate to contact us beforehand!

News Roundup: Week of Sep 7, 2020

News Roundup: Week of Oct 6, 2019

TSA Releases Cloud Strategy 2.0

TSA’s Cloud Strategy 2.0 was released recently, “[calling] for a mix of public and private cloud” to properly deal with both sensitive and transactional data. According to Nextgov: “the most significant principle” of this strategy “requires TSA programs to only purchase agency-approved cloud services.” Although “the document does not provide details on TSA’s preferred procurement strategies,” the document did detail clearance criteria for potential cloud products:

  • Its security posture must be certified by the Federal Risk and Authorization Management Program, or FedRAMP
  • It must have an open architecture in order to avoid lock-in to a closed set of vendors
  • It must be capable of integrating with multiple clouds, platforms, and infrastructures

According to FedScoop, “the agency will first consider software-as-a-service (SaaS) solutions and then infrastructure- and platform-as-a-service alternatives.”

Investigating Worldwide VPN Vulnerabilities

The NCSC published an alert describing “vulnerabilities [that] exist in several SSL VPN products which allow an attacker to retrieve arbitrary files, including those containing authentication credentials.” The alert claims that “an attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure.” The list of “highest-impact vulnerabilities known to be exploited by APTs” are as follows:

Pulse Connect Secure:

Fortinet:

  • CVE-2018-13379: Pre-auth arbitrary file reading
  • CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
  • CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto:

The NCSC recommends the following steps to “mitigate these vulnerabilities”

  1. Apply the latest security patches released by vendors
  2. Reset authentication credentials associated with affected VPNs and accounts connecting through them

How Much is Google’s Cloud Really Worth?

Barron’s recently published an article discussing a Deutsche Bank valuation of Google’s Cloud offering. Two Deutsche Bank analysts “place a 15 times revenue multiple on GCP” and “find that the total Google Cloud business is worth about $225 billion.” This valuation is presented in contrast to the market’s current valuation of the Google Cloud business at “zero” and might cause investors to rethink their GOOGL share valuation. The analysts are particularly optimistic about Tom Kurian’s continued positive influence on the success of Google Cloud.

The Cloud-Native and Serverless Future is Now

In an articlewritten for Forbes by Eugene Khazin, Principal and Co-Founder at Prime TSR, calls our attention to the fact that Amazon has “[started] an initiative to re-train 100,000 peopleacross their organization” as a clear sign that “cloud-native and serverless are the future” and the future is now. The article attributes the success of digital transformations to leveraging cloud-native data to “[build] a data-driven culture that includes self-service analytics as part of the company DNA.” This cultural transformation necessitates not only “[training] employees for a new way to build software” but emphasizes the importance of technological, programming, and analytical knowledge in other areas of the business.

AWS re:Invent 2019 Reserved Seating Opens Soon!

Here’s a friendly reminder for those of you joining us at AWS re:Invent 2019 that reserved seating for sessions opens this coming Tuesday, October 15, 2019. As you probably know, sessions tend to fill up pretty quickly so make sure to take a look at the se s sion schedule and pick out your favorites beforehand! If you have any questions about re:Invent, we recommend taking a look at the “ 2019 AWS re:Invent Ultimate Guide ” published by a re:Invent regular from A Cloud Guru. If you are planning to join us at re:Invent this year and would like to meet with our team we encourage you to contact usand let us know!

News Roundup: Week of Sep 7, 2020

News Roundup: Week of Sep 22, 2019

Feature Release of VNS3 Controller 4.8.0

We are very excited to announce the 4.8.2 release of our VNS3 controller! Version 4.8 includes a new API for dynamically configuring traffic monitoring on VNS3 as well as custom webhook alerts for real-time alerts on your network. Cloud meta-data was integrated to improve security of default passwords and adapter/address discovery. Enhancements were also made to the API system and time access URLs from our 4.6.1 release. This latest version of our VNS3 controller is currently available in the AWSand Azuremarketplaces. Please check out the release notesfor a full list of features and optimizations, and keep an eye out for upcoming feature-focused video briefs!

McAfee Reports Only 1% of Cloud Misconfigurations Are Caught

A recent survey from McAfee “[demonstrates] that 99 percent of IaaS misconfigurations go unnoticed.” The survey of 1,000 enterprise organizations worldwide exposed cloud misconfigurations as the dominant threat to network security. According to Yahoo Finance , “IaaS breaches don’t look like your typical malware incident, instead leveraging native features of cloud infrastructure to land the attack, expand to adjacent cloud instances, and exfiltrate sensitive data.”

According to Yahoo Finance, the key findings of the report are:

  • Cloud-Native Breaches are not like the typical malware-based attacks of the past, instead capitalizing on misconfigured, native features of the cloud
  • Only one percent of misconfiguration incidents in IaaS are known—companies claim they average 37 per month, when in reality they experience 3,500
  • Data loss prevention incidents in IaaS increased 248 percent YoY

In light of this report, TechRepublic suggests the following:

  • Build IaaS configuration auditing into your CI/CD process
  • Evaluate your IaaS security practice using framework like Land-Expand-Exfiltrate
  • Invest in cloud-native security tools, and training for security teams

In both cases, the emphasis here is on increasing communication and understanding relative to this new type of Cloud Native Breaches (CNB) and the potential vulnerabilities created by cloud misconfigurations. Designing a network with as simple (not simplistic) approach to cloud security that is easy to implement and maintain (see VNS3) is essential to avoiding a misconfiguration.

5G Potential for India and Huawei

With the deployment of 5G spectrum-based trials on the horizon for India, The Economic Times released an articlediscussing Huawei’s potential involvement in the project being under renewed scrutiny. Huawei brings “more than 2,500 standard essential patents for 5G” to the table and is “[advocating] to the industry to sign [a] ‘no backdoor’ agreement with the Indian government” as it works to solidify its official participation in the project.

Published on the same day by Forbes is an articlewritten by Andy Purdy, CEO of Huawei Technologies USA, titled “Why 5G Can Be More Secure Than 4G.” The article is optimistic about the security of 5G, reassuring readers that “5G maintains a clear separation between RAN and core” even though “some 5G applications do push computing power to the network edge.”

Department of Defense Embraces Zero Trust Model

The US Department of Defense released an articleurging users to “Assume Networks are Compromised.” The article supports the trend towards implementing a zero trust model as opposed to a “perimeter defense model.” When faced with the reality that “there is no secure system,” microsegmentation of your network can provide a lattice of security within a network that prevents an intruder’s ability to freely traverse a compromised network.

Edge Computing Considerations

In a Forbes articlediscussing edge computing, especially as it relates to the possibilities of 5G networks, Irina Farooq from Kinetica lays out “5 strategies for leveraging edge computing for enterprise applications.” These strategies are: focus on the application use cases, understand your options, make explicit decisions about security, privacy, and governance, develop the right data and machine learning strategy, and be prepared to learn and adapt. The article emphasizes informed, careful, and explicit decision-making when it comes to “[processing] data close to the end user.”