On The Cloud Pod this week, Oracle finally has some news to share. Plus Log4j is ruining everyone’s lives, AWS suffers a massive outage post re:Invent, and Google CAT releases its first threat report.
A big thanks to this week’s sponsors:
- Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure.
- JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.
This week’s highlights
- 🚨 A critical vulnerability in Apache Log4j wrought havoc over the weekend. Cloud platforms and developers alike are racing to fix the bug, which gives hackers an opportunity to take control of systems remotely.
- 🚨 On the heels of re:Invent, AWS suffered a major outage last Tuesday in its US-EAST-1 region, which had staggering repercussions across the cloud.
- 🚨 Google Cybersecurity Action Team (CAT) releases its first Threat Horizons report, revealing its top three concerns threatening cloud users today.
- 💡 “It’s amazing how much of our infrastructure and applications live on these open source contributions of one or two people, and how critical they are to the entire ecosystem. And when they break or they’re vulnerable, it becomes a huge issue for us very quickly.”
- 💡 “Think about what Microsoft did: They started signing device drivers and signing applications that run in Windows, and everyone thought Oh, they’re just exerting control, what a terrible idea. They’re just trying to corner the market. And now, of course, 15 years later, binding authorization is probably the most critical next step in securing the cloud.”
General News: The Log4j Vulnerability is COVID for Tech
- 🔥 In light of the critical Apache Log4j 2.0 vulnerability that gives attackers the ability to to execute arbitrary code on other systems, AWS has released a hotpatch for the logging platform. The aim is to help developers mitigate risk as they work to update their systems to 2.15 or newer.
- ⏩ VentureBeat reminds us that while the Log4j debacle is bad, at least organizations now have tools and processes in place to respond quickly to zero-day bugs.
- ✅ GCP has released a set of recommendations for those who are investigating and responding to the Log4j 2.0 vulnerability.
- 🔎 To help customers detect whether their systems have been compromised by the Log4j bug, Google has updated its IDS signature to automatically scan for any Log4j exploit attempts.
- 🛡️ Google creates a new Web Application Firewall (WAF) rule to detect and block Log4j exploit attempts by attackers.
AWS: What Better Way to Follow Up re:Invent Than With a Giant Outage?
- 💀 On the Tuesday after re:Invent, AWS experienced a major outage that left many of its users — from day traders to gamers to its own employees — without services for the better part of the day.
- 🤔 The latest AWS outage has some pondering whether entirely cloud-based operations are reliable, and considering the benefits of hybrid cloud environments instead.
- 📜 For those of you curious to know how many outages there have been, AWS Maniac has put together the complete history of AWS outages in this nifty timeline.
- 🇮🇩 Now for a region that (hopefully) isn’t going down: AWS opens a new Asia Pacific Region in Indonesia. The new Jakarta Region is its 10th in the Asia Pacific, and can be used with a large number of AWS services.
- 🛑 AWS releases Managed Rules for its Network Firewall, allowing users to enable managed domain list rules to block HTTP and HTTPS traffic to suspicious domains — all at no additional cost!
GCP: Google CAT Identifies What You Should Really be Worried About
- 🕵️♀️ Just in time for the Log4j mishap, Google Cloud IDS for network-based threat detection is now generally available, featuring capabilities like east-west and north-south traffic visibility, autoscaling, HIPAA support, and more.
- 🗓️ Google has extended the Pub/Sub data retention window from seven days to 31 days, giving customers more time to debug server issues, or process jobs for backtesting.
- ☁️ With the new Anthos Multi-Cloud API, Google is making it easier for users to manage the full lifecycle of their Anthos clusters running on AWS or Azure.
- 🔫 In a retort to the lack of serverless announcements at AWS re:Invent, Google has released the top five trends for serverless computing in 2022 and beyond, including security and supply chain integrity, and avoiding vendor lock-in. Shots fired.
- 😺 In its first Threat Horizons report, Google’s Cybersecurity Action Team (CAT) cites crypto mining, ransomware, and advanced persistent threats (APTs) as the biggest issues facing cloud users today.
- 🚧 With the Policy Troubleshooter for BeyondCorp Enterprises, Google is making it easier for administrators to understand permissions access issues, and unblock users.
Azure: Azure in Space: For All of Your Interplanetary Computing Needs
- 🚀 Azure is entering the space race with Azure Orbital (now in preview). This new feature includes capabilities like satellite communication, enhanced imagery with SpaceEye, and new geospatial and data analytics.
- 🎅 With the Red Hat Ansible Automation Platform on Azure, users can more easily automate Red Hat Enterprise Linux (RHEL) deployments without needing to install and configure their core Ansible infrastructure.
- 📈 Now in preview, Azure Load Testing is a fully managed service to help developers optimize and scale app performance, by generating high-scale load with custom Apache JMeter scripts.
- ✨ Azure has added new features to Azure Virtual WAN, including two new partners — Fortinet and Versa — to expand SD-WAN capabilities, branch connectivity, custom traffic selectors, and more.
Oracle: Breaking News: Oracle has Finally Fixed its RSS Feed
- 🤝 Someone working at Oracle must listen to The Cloud Pod, because Justin is now receiving Oracle news! Oracle announces that more startups are choosing Oracle Cloud Infrastructure (OCI) over other cloud platforms, citing customers that no one has ever heard of like Aleph Alpha and Aindra Systems.
- 🗣️ While on an Oracle earnings call after the AWS outage, Oracle Chairman Larry Ellison took the opportunity to quote a (definitely real) anonymous customer who told him “Oracle never ever goes down” — never mind the five incidents that have happened since December 8th.
- 💻 Oracle releases OCI DevOps Service, an end-to-end CI/CD platform where developers can commit their own source code to a repository, build and test software artifacts, and run deployments to OCI platforms.
TCP Lightning Round
⚡ Even though Justin wrote all the lightning round one-liners, Jonathan manages to win the point, making the scores Justin (17), Ryan (12), Jonathan (14), Peter (2).
Other Headlines Mentioned:
- Amazon Redshift launches single-node RA3.xlplus cluster
- Right-size permissions for more roles in your account using IAM Access Analyzer to generate 50 fine-grained IAM policies per day
- Amazon DevOps Guru introduces enhanced analysis for Amazon Aurora databases and support for AWS tags as an application boundary
- Amazon S3 File Gateway now supports NFS file share auditing
- Amazon S3 File Gateway enables administrators to force the closing of locked files
- Public preview: Azure NetApp Files application volume group for SAP HANA
- General availability: Azure VPN Gateway NAT
- Announcing the general availability of Oracle Cloud Infrastructure Database Management for Oracle autonomous databases
- Azure HPC – CycleCloud 8.2.1 is now generally available
- Announcing the general availability of Oracle Cloud Infrastructure Operations Insights AWR Hub
- Oracle welcomes customers to OCI for OpenSearch public beta, a fully managed search service based on OpenSearch
- You can now enable data compression for capacity pool storage in Amazon FSx for NetApp ONTAP file systems