Concerning CapitalOne’s Security Breach
The news about the CapitalOne security breach has been covered media outlets all over from the traditional to the security and tech-focused. AWS and CapitalOne have agreed that this was not the result of a cloud specific issue but a misconfiguration on a web application firewall (WAF). Given the public disclosures by the accused, we have more information on this breach than normal. Social media posts and websites mentioned in the criminal complaint suggest a Server Side Request Forgery (SSRF) was used. While not a new exploit, SSRF is likely to get more attention in the coming days along with AWS Metadata Service and AWS IAM Roles.
AWS Expands into the Middle East
Werner Vogels recently announcedthat AWS has now successfully launched three new Availability Zones in the Middle East (Bahrain), creating new innovation opportunities for all manner of organizations in the region. AWS continues to devote resources towards expanding their network into new regions, with Indonesia, Italy, and South Africa on the radar in the next few years. Significant investments also continue to be made in the education, training, and certification programs. Increased service availability, increased access to training, new use cases and solutions, and new developer insight should prove to fuel some creative innovations in the not-so-distant future.
Airlines Taking off into the Cloud
According to a recent articlefrom ZDNet, ATPCO, the company who “has collected and distributed fare and fare-related data for the airline and travel industry” for more than 50 years, has taken its automation journey to the AWS cloud. When you factor in the more than 1600 data elements the company provides airlines into the equation, the move to the cloud seemed to be the only cost-effective and efficient way to manage, automate, and fully leverage this increasing pool of data. Exposing a new industry to the capabilities of big data, blockchain, machine learning, and real-time data could create some interesting new innovations in pricing and business models for airlines.
Google Brings VMware to Their Cloud
Google continues to follow AWS when improving their cloud offering. In this instance they too are bringing a “VMware in cloud” solution to market. According to Forbes, this VMware solution (powered by CloudSimple) will be available later this year. This move by Google is yet another step in closing the gap between their cloud and others. Slowly but surely Google will look to combine this partnered growth with the addition of new and competitive features within their cloud offering in order to increase service usage and solve new use cases.
Freeing Your Data via Native Cloud Infrastructure
Forbes published an articlerecently discussing the benefits of native cloud infrastructure for enterprises working to “provide real-time services to their customers.” Providing real-time access to ever-growing lakes of data in efficient and meaningful ways requires new levels of automation and scalability that can only be achieved in via cloud infrastructure. The article suggests managing your data at the container and app level to support automating from the app down instead of from the infrastructure up. Some of the suggestions they provide to start your journey in this direction are:
-
Break down monoliths
-
Ensure a robust CI/CD process
-
Begin with stateless apps
-
Crawl, walk, then run