2022 started with a bang, that’s for sure.
This series explores the most interesting cloud technology news, bringing you up to speed with the latest releases, acquisitions, research, and hidden gems in the world of cloud computing – the stuff actually worth reading.
What happened in the cloud world this January? Keep on reading to find out!
Story of the month: Coming to terms with security vulnerabilities
There’s no denying that volunteer-run, open-source projects power a big chunk of software today. These projects are often maintained by volunteers and may lack adequate resources and staff for incident response and proactive maintenance. Yes, even when they become critical to the internet economy.
Whose job is it to fix things when something goes wrong?
Everyone is asking this question now that we’ve come to grips with the Log4j vulnerability discovered in December 2021 (read more about it here).
According to the FTC, the Log4j vulnerability
“is part of a broader set of structural issues. It is one of the thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies.”
While you crunch on that, AWS published handy advice on mitigating the Log4j issue in ECS, EKS, and Fargate (check out this project on GitHub for EKS). If you run Log4j, upgrade it to v2.16 or higher as soon as possible.
Forward this newsletter to the responsible person at your company
The Business of Cloud
Betting on the cloud was a smart move for IBM. The company reported a revenue rise beyond analysts’ estimates in Q4 2021 thanks to its hybrid cloud offering. IBM saw the biggest increase in sales during the last 10 years (6.5%, or $16.7 billion).
Meanwhile, another tech giant had a small hiccup. Microsoft published its Q2 sales and profit gains, reporting decelerating revenue for Azure cloud-computing services. This got some investors worried. But then the company reassured investors its Azure business still has potential with another report. Microsoft’s shares rose the most since April 2020. All’s well that ends well, right?
The fight for chips is just getting started. Intel announced a $20 billion-worth investment in its Ohio manufacturing plants. Also, it poached an Apple engineer who led the transition to Arm and M1 chips – among several other competitor hires (including AMD, Nvidia, and Apple).
It looks like Microsoft joined the game and hired a veteran Apple engineer to expand its chip-related efforts too. On the other side of the planet, China approved one of the major deals in the global semiconductor industry – AMD’s acquisition of Xilinx.
January was an interesting month for AWS. Orca Security discovered two critical vulnerabilities in AWS:
- gaining control plane access to a CloudFormation host (and retrieving its AWS credentials)
- and cross-account access through AWS Glue.
AWS employees jumped on Twitter to point out some overblown implications of these vulnerabilities. Still, AWS took its sweet time to respond.
I don't know how else to say it except that this simply isn't true. AWS CloudFormation hosts don't even have access to "all AWS resources in all AWS accounts" and the creds here are host-level (not the service principal) and don't lead to access to customer data or metadata. https://t.co/Kn37bzCtLa— Colm MacCárthaigh (@colmmacc) January 13, 2022
Things went south for the Nigerian government when it exposed data of millions of citizens due to its poor handling of an S3 bucket.
Source: Sahara Reporters
One smart team at NCC Group shared its war tales of CI/CD pipeline security assessments. A must-read if you’re curious about what this kind of attack looks like in practice.
Source: NCC Group
Food for thought
The 2022 Multi Cloud Security Report from Valtix revealed that while multi cloud has become a strategic priority for many in 2022, security often fails to keep up. 63% of surveyed IT leaders believe multi cloud security is inefficient, and even more believe it’s underinvested (76%).
Source: 2022 Multi Cloud Security Report
Trends like multi cloud, serverless containers, or no code/low code will rule the 2022 tech scene. Adopting a portfolio of cloud-native applications means welcoming future developments in cloud services and opening the door to many new opportunities.
GitOps used to be fresh just a couple of years ago. 2021 was a milestone year for the approach, which noted explosive customer adoption, many industry validations, and new CNCF initiative launches.
Meanwhile at CAST AI
Here are some new product features hot off the press:
- We released the Scoped autoscaler – a mode of operations where the CAST AI autoscaler co-exists with another autoscaler on the same cluster and manages only specific workloads. To restrict the scope of the autoscaler, you need to modify workloads as described in the documentation.
- We improved the Available Savings report by adding extra interactive settings for simulating further cluster optimization – for example, by using spot instances more aggressively or cluster scheduling.
Get the next portion of cloud technology news directly to your inbox.