News Roundup: Week of Jan 31, 2021

News Roundup: Week of Jan 31, 2021

Ford and Google Partnership Announced

Ford announced this week that they’re partnering with Google Cloud “in first-of-its-kind partnership” that aims to “accelerate Ford’s transformation and reinvent the connected vehicle experience.” Ford intends to leverage the data, AI, and ML capabilities of Google Cloud as they move to power their vehicles with built-in Android OS and Google apps services. Ford is hoping to leverage this partnership to get ahead in the race for “electrification, connectivity and self-driving” cars that is happening in the industry today. This partnership highlights the initial integration of Google Assistant, Google Maps as primary navigation, Google Play media playback, and an Android development base for other apps.

Jeff Bezos to be Replaced as Amazon CEO by AWS Chief Andy Jassy

Amazon announced this week that Jeff Bezos will be stepping down as CEO and will be replaced by longtime AWS leader Andy Jassy. After 27 years, Bezos will be stepping into an executive chair role, effective in Q3 of this year. As reported by c|net, this “transition comes as Amazon navigates a tricky period in its history.” Amazon is attracting regulatory scrutiny as its profits continue to grow during the economic shifts caused by the COVID-19 pandemic. This coming on the back of challenges Amazon has faced keeping its vast workforce safe from COVID-19 infection.

New Administration Brings Renewed Scrutiny of JEDI Contract

The lengthy legal battle led by AWS against the results of the JEDI cloud competition is creating renewed pressure on the Department of Defense under the new administration. According to Nextgov, “The Defense Department may not continue with the embattled Joint Enterprise Defense Infrastructure cloud contract if a federal judge does not dismiss charges of improper political influence in Amazon Web Services’ protest, according to a document sent to Congress.” AWS continues to allege that government officials, including the former president, improperly influenced the outcome. The Department of Justice expects a ruling from a federal judge soon.

Remote Threats to Remote Work Continue to Evolve

A recent article from InformationAge warns us of continued and evolving threats to remote work IT security. The post warns that hackers are changing their tactics to utilize a much more people-centric attack vector and targeting end employees directly. It is critical that we all take extra care to train employees and screen external communications for these evolving threats. As CISOs around the world continue to focus on securing their remote workforce, often for the first time in their company’s history, this challenge can seem incredibly daunting. Many companies scrambled to push out a cloud solution to address the remote work necessity and are now having to backtrack to secure them. The article warns that ransomware might continue to focus more on cloud environments and increase in complexity as 2021 progresses.

Salesforce Launches Vaccine Cloud as Vaccinations Become a Reality

Salesforce recently announced the launch of “Vaccine Cloud” in an effort to help institutions “more rapidly, safely and efficiently deploy and manage their vaccine programs.” The announcement comes as many states are working towards the end of their first phase of vaccination and registrants are eagerly awaiting the second phase of vaccination. The immense challenge of administering and managing the global scale of vaccination “efficiently, effectively, and equitably,” is proving to be quite the challenge for government agencies, healthcare organizations, businesses, nonprofits, and educational institutions alike. Salesforce is hoping to leverage their experience to help with vaccine inventory management, appointment scheduling, outcome monitoring, public health outreach and more.

Announcing the Launch of our New Website!

Announcing the Launch of our New Website!

As our customers’ needs continue to evolve our controller and plugin systems have grown from a Swiss army knife of virtual devices to full-blown cloud edge networking functionality. We are hard at work finalizing the next major release of our VNS3 controller and as we look into the future we saw a need to reposition and re-package our offerings. In order to facilitate this transition we’re thrilled to announce that we’re starting off the new year with a brand new website, and we wanted to take the opportunity to explain our design choices and some of the decision making that is leading us forward.

New Messaging Goals

Our main goal in redesigning our website is to help new and existing customers better understand all of the many pain points that our offerings address while giving us a platform to talk about new packaging, pricing, and features as they relate directly to these use cases. We’ve also put a lot of work into our UI over recent years and are excited to be able to put product screenshots in the spotlight. We’re hoping new and existing customers will appreciate the increased transparency of a more direct messaging style as we move forward.

Plugin Manager

Another major focus of this transition is to get more users launching VNS3 to try it for themselves. We’ve spent a lot of time revamping our documentation site, and we’re adding more quickstarts with AWS Cloudformation, terraform, Azure, and more. As we move forward we’re planning to release more short-form, tutorial-focused content to help new and existing users get the most out of their VNS3 deployments. We’re also releasing new free tier packages like our People VPN offering that went live to address remote work needs that arose last year.

News Roundup: Week of Jan 31, 2021

News Roundup: Week of Nov 30, 2020

More and More AWS Local Zones

As announcements from the 2020 AWS re:Invent continue to roll out, one of the earlier announcements we were excited about was the promise of increased local zones in Boston, Houston, and Miami this year with the promise of twelve more zones coming online through 2021. These new local zones are intended to “provide access with single-digit millisecond latency to the vast majority of users in the Continental United States.” This is yet another step towards bringing the cloud down to the ground as more edge compute locations support different instance types, direct connect, and the most-used AWS services.

AWS Brings the Mac Mini to the Cloud

The opener to the 2020 re:Invent conference brought a surprising announcement for Mac and iOS app developers: new EC2 Mac instances powered by the Mac mini. This announcement comes on the heels of the recent M1 Mac mini launch and connects the Mac to the AWS Nitro System. This announcement also means that AWS is bringing Apple’s M1 Mac minis into the AWS data centers within the first half of 2021.

Intel and Google Hybrid and Multi Cloud Improvements

In an announcement via HPCwire this week, Intel and Google are officially collaborating to co-develop “reference architectures optimized for the now generally available ‘Anthos on bare metal’ solution.” This announcement is meant to target “data center and edge computing use cases,” and is another instance of new Intel processors being introduced to cloud computing infrastructure. This collaboration “allows enterprises to run Anthos on their existing on-prem physical servers, deployed on an operating system without a hypervisor layer.”

Salesforce Buys Slack for Over $27 Billion

In one of the largest deals in recent years, Salesforce acquired Slack with a combination of cash and stock that totalled over $27 billion. This latest acquisition comes on the heels of a slew of acquisitions by Salesforce in the past few years. CNBC suggests that “The acquisition will further intensify Salesforce’s rivalry with Microsoft, whose Teams chat and video service has emerged as Slack’s stiffest competitor.” This acquisition might also push companies away from using Slack given Salesforce enterprise-focused reputation.

IBM Cloud Quantum Safety Claims

An article this week from sdccentral reports that IBM is promising quantum-safe cryptography support for key management and application transactions in IBM Cloud. This is another step for IBM towards establishing themselves as a leader in quantum-safe networks. Any TLS encrypted data harvested today is at risk of being decrypted by quantum computers. This leaves any data in transit today vulnerable to these attacks in the future. IBM hopes to deliver quantum-safe cryptography for data in transit in the IBM Cloud, focusing their security strategy  on open-source standards such as CRYSTALS and Open Quantum Safe.

News Roundup: Week of Jan 31, 2021

News Roundup: Week of November 9, 2020

IBM Cloud Automation and Data Paks

A recent article from Fierce Telecom highlights new automation and data capabilities coming to IBM’s cloud software portfolio. These IBM Cloud Pak updates “offer integrated data and AI capabilities that run on Red Hat OpenShift” starting on November 20. These updates “include industry accelerators for banking, warranty management, supply chain forecasting, and retail,” as well as Watson Machine Leraning Accellerator (WML-A) and other improvements.

Enterprise Decentralization of the World Wide Web

A recent article highlights the new startup Inrupt launched by World Wide Web inventor Tim Berners-Lee that promises decentralized web technology with more control for customers and users over their personal data. This enterprise version of the company’s push to give customers more control over their data boasts “a handful of early-adopter clients – including NatWest Bank, the BBC, the Flanders government in Belgium and the NHS.” The company chose these four organizations to develop “explicit use cases with large organisations” in order to quickly scale and adjust their offering to market needs.

Adapting to Cyberattacks in a COVID World

A recent Forbes article suggests that as we all continue to adapt to the immediate and consequential challenges presented by COVID, cyberattacks “are going through a digital transformation of their own this year.” The article cites a McAfee Labs COVID-19 Threats Report from July that claimed “a 630% increase in cloud services cyberattacks between January and April of this year alone.” The article outlines 5 key adaptations for cloud platforms into 2021:

  1. Prioritize Privileged Access Management (PAM) and Identity & Access Management (IAM) using cloud-native controls to maintain least privilege access to sensitive data starting at the PaaS level.
  2. Start using customer-controlled keys to encrypt all data, migrating off legacy operating systems and controls that rely on trusted and untrusted domains across all IaaS instances.
  3. Before implementing any cloud infrastructure project, design in Zero Trust Security (ZTS) and micro-segmentation first and have IaaS and PaaS structure follow. 
  4. Before implementing any PaaS or IaaS infrastructure, define the best possible approach to identifying, isolating and correcting configuration mistakes or errors in infrastructure.
  5. Standardize on a unified log monitoring system that ideally has AI and machine learning built to identify cloud infrastructure configuration and performance anomalies in real-time.

Continued AWS Investment in Indian Infrastructure

Reports filtering in from TechCrunch and Fierce Telecom discuss a $2.8 billion investment from AWS to build a new AWS Cloud region in Hyderabad, “which is the capital and largest city” in the Indian state of Telanga. AWS Chief evangelist Jeff Barr highlights that “this is the latest in a long series of investments” for AWS in India. Barr also posits in his blog post that the continuing investment in Indian cloud regions will support innovation and cloud transformation into the “next generation of IT leaders in India.” This new region is scheduled to join the Asia Pacific cloud in 2022.

Continued Cloud Growth Despite COVID

A recent article from SiliconANGLE discussing cloud trends at this point in 2020 and suggesting that, while cloud growth may have been better without a global pandemic, “COVID has been a benefactor to cloud.” To support their claims they cite cloud revenue estimates from AWS, Azure, and GCP, which include lower but continued increases in revenue for all three platforms. The article goes on to discuss customer spending patterns, serverless computing, and cloud platform market share as indicators of increased cloud market growth.

News Roundup: Week of Jan 31, 2021

News Roundup: Week of Sep 7, 2020

DOD Doubles Down on Microsoft for JEDI Contract

According to an article from Yahoo! Finance, despite continued protest from Amazon Web Services, the US Defense Department “has completed a comprehensive review” of JEDI proposals and “determined that Microsoft’s offering continues to represent the best value to the government. It has been determined that Microsoft will be unable to begin fulfilling this contract immediately due to Amazon’s lawsuit filed “to challenge the contract process.”

Beware of Voice Phishers

In light of the COVID-19 epidemic, KrebsonSecurity reports hybrid phishing attacks targeting work-at-home employees. In an effort to trick them into “giving away credentials needed to remotely access their employers’ networks,” these attacks come in the form of “a combination of one-on-one phone calls and custom phishing sites.” KrebsonSecurity warns that these attacks are targeted at new hires and that domains used for these phishing sites often invoke the company’s name.

SASE and Zero Trust can Secure and Future-Proof your Remote Workforce Solution

Many journalists and experts in the cloud security industry agree that a Zero-Trust and SASE approach to network security for your remote workforce is more important than ever. An article from Threatpost suggests that a Zero Trust policy will reduce the attack surface of your remote working solution. In the face of the ever-evolving COVID-19 epidemic and its ramifications on future working environments, committing to a SASE approach (outlined both in this article and in a Networkworld article) will help provide IT staff with “full control and visibility over every user’s access throughout the organization’s networks and applications.” A SASE approach to network security is a decision that can help you secure your network now and for the future.

Verizon’s 5G Development Continues with Virtualized Cloud Security Hardware reported recently that “Communications giant Verizon has revealed that a series of trials carried out by its network security engineers have proven successful in protecting its 5G infrastructure against security threats and in advancing security measures to protect the confidentiality, integrity and availability of Verizon’s 5G network.” Verizon appears to be solving the latency and vulnerability issues presented by introducing security hardware for “virtualizing many of these functions and moving them to the cloud.” This virtualized approach will be coupled with AI-powered network accelerators in order to reduce operational costs and increase efficiency.

Navy Looking for Cloud Solution to Ship-Mounted Network-Centric Naval Warfare

According to MeriTalk, “The Naval Sea Systems Command (NAVSEA) is seeking industry input as it looks to invest in ship-mounted cloud computing infrastructure as part of the Navy’s broader future strategy for network-centric naval warfare.” The Navy has stated that the plan is to leverage “edge cloud architecture using IaaS” to create a continuous development and computing infrastructure refresh cycle.

News Roundup: Week of Jan 31, 2021

News Roundup: Week of Jan 12, 2020

Register Security Roundup

The recent Register security roundup has highlighted issues with the recent Citrix vulnerability, TikTok security bugs and holes, and the Honey shopping addon being flagged as a security risk by Amazon, among other things. The Citrix security hole has created a situation where “up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.” We highly recommend double-checking to make sure you’ve addressed the situation effectively, as “A full patch for the hole is not due to be released by Citrix until January 20.”

Google Cloud Introduces Premium Support Plan

In a recent blog post, Google announced the introduction of a Premium Support Plan for enterprise customers in order to bring themselves up-to-par with support tiers from the likes of AWS and Azure. The promised 15 minute response time for P1 issues is now the industry standard across the board. The introduction of third-party technology support and promise of “Content aware expertise” should help to increase the overall quality and efficacy of Google’s support.

U.S. Financial Regulators Scrutinizing Cloud Data

A recent articlefrom the Wall Street Journal calls attention to increased auditing scrutiny from U.S. financial regulators concerning how firms manage data stored in the cloud. The article cites the Capital One breach as well as recent Facebook breach as obvious contributing factors. The SEC is hoping that their increased pressure on firms to properly and securely handle data in the cloud, especially as elected officials move to “label big cloud providers as systemically important because of their increasingly critical role in the industry.”

AWS Moves to Block JEDI Progress

According to a recent Federal Times article, “Amazon Web Services will ask a federal court to block the Pentagon and Microsoft from beginning work on the Department of Defense’s controversial enterprise cloud, according to a Jan. 13 court filing.” The grounds for this motion are allegations from AWS “in a December complaint that the contract award to Microsoft was influenced by President Donald Trump.” AWS has presented evidence in the form of “videos of Trump bashing Amazon in a 2016 campaign rally and saying ‘we’re going to take a look at it [the contract]’ in the Oval Office last summer.”

Microsoft’s 2020 Patch for Windows

KrebsOnSecurity published an articlerecently analyzing Microsoft’s first significant 2020 patch for Windows operating systems. The patch included “updates to plug 50 security holes in various flavors of Windows and related software.” KrebsOnSecurity highlights a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 that the “NSA says the flaw may have far more wide-ranging security implications.” We highly recommend backing up and updating your systems as necessary to address this vulnerability.