Welcome to The Cloud Pod episode 230, where the forecast is always cloudy! This week our hosts are sailing the pod across the data lake and talking about updates to managed delivery from Kafka. We also take a gander at Bedrock, some new security tools from our friends over at Google. We’re also back with our Cloud Journey Series talking security theater.
In general news, Microsoft recently released a warning regarding potential cyber-attacks through SQL Server instances. The truth is even worse than you think, though. **Insert meme of dog saying it’s fine surrounded by fire here**
Senator Ron Wyden reached out through a letter to several regulatory agencies—urging them to hold Microsoft responsible for a recurring pattern of careless cybersecurity approaches.
These approaches have ostensibly facilitated Chinese espionage against the U.S. government. Data from Google Project Zero reveals that, since 2014, Microsoft products have been connected to a cumulative 42.5% of all discovered zero-day vulnerabilities.
The CEO of Tenable criticized Microsoft, labeling them ‘profoundly irresponsible,’ and accusing them of a ‘culture of harmful concealment.’ This criticism responds to perceived security laxity in Azure and other cloud services.
Shifting the focus to Amazon, the hosts discuss the general availability of Bedrock, a managed service that supports building generative AI applications.
However, Justin expresses concern about the pricing model, and the hosts jokes about starting a GoFundMe after his trial due to substantial costs. Justin notes that wanting the Anthropic Clause2 model and 100K model context length for just a month costs $45,000, which was nerve-wracking.
The hosts also touch upon Amazon MSK’s introduction of Managed Data Delivery from Apache Kafka to AWS Lake Formation, with Justin humorously suggesting that the feature might make his job redundant. Meanwhile, Ryan notes there’s still a need for someone to feed in the data and handle prompts.
Turning to Google Cloud Platform (GCP) updates, the hosts express skepticism regarding Google’s promise of deploying internet-facing applications in under an hour with the Dev(Sec)Ops toolkit. One host bluntly labels it as “complete BS,” suggesting a pinch of skepticism towards the feasibility of such a rapid deployment.
The hosts’ discussions on Google Cloud Firewall Plus and the Cloud SQL Node.js connector interweave technical details with an appreciative nod to Google’s secure defaults, a seemingly subtle dig at other cloud platforms.
Finishing up the GCP news section, they explore the introduction of Advanced Vulnerability Insights for GKE, the hosts mix appreciation for its built-in nature with a critical eye on the additional costs, embracing both the positives and negatives of the update.
Recent updates from Microsoft Azure, notably the eligibility of Azure Container Apps for the Azure savings plan for compute, draw attention to changes and additions in cost management. Essential for users meticulous about exporting reports, the cost management console now supports configuration with storage accounts behind a firewall.
New pricing for Azure Data Manager for Energy and Microsoft Graph Data Connect, and multi-currency cost viewing in Cost Management Labs were also discussed. Matthew expressed concerns about pricing, highlighting uncertainties in future charging and wariness toward Azure’s hyper scale ambiguous future pricing.
The conversation then shifts towards an innovation from Microsoft aimed at global government operations. The introduction of Microsoft Cloud for Sovereignty aims to align governments with their compliance, security, and policy needs while effectively utilizing the cloud to deliver value to citizens.
This initiative, underpinned by best practices, aims to navigate complex regulatory accomplishments. Featuring Sovereign Landing Zone on GitHub, transparency logs, and support for regulations in Italy and Netherlands, it endeavors to help governments swiftly and securely create solutions meeting regional and national requirements.
The discussion then moves to Microsoft Azure’s expansion, with a new cloud region in Italy, the Italy North datacenter region. This includes Azure Availability Zones, designed to offer additional resilience for applications through unique physical datacenter locations that have independent power, network, and cooling, providing additional tolerance to datacenter failures.
In the after show, the focus is on Google’s Mandiant acquisition and the ensuing cybersecurity discussions. The conversation highlights the significant reliance on weak passwords, with 41% of 2022’s compromises attributed to them, and the prevalence of “security theater” – implementing ostensible but ineffective security measures.
Discussions include the dangers of simply porting legacy security controls to the cloud. Justin highlights the possible illusion of security through compliance, with companies appearing secure on paper without substantial practical security. Ryan underscores considering business and customer impacts when deploying security controls, emphasizing effective, not just apparent, security. The podcast, spanning various topics, concludes with these reflections.
And that is the week in the cloud! Check out our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloud Pod