221: The Biggest Innovator in SFTP in 30 Years? Amazon Web Services!

Welcome episode 221 of The Cloud Pod podcast - where the forecast is always cloudy! This week your hosts, Justin, Jonathan, Ryan, and Matthew look at some of the announcements from AWS Summit, as well as try to predict the future - probably incorrectly - about what’s in store at Next 2023. Plus, we talk more about the storm attack, SFTP connectors (and no, that isn’t how you get to the Moscone Center for Next) Llama 2, Google Cloud Deploy and more! 

Titles we almost went with this week:

• Now You Too Can Get Ignored by Google Support via Mobile App
• The Tech Sector Apparently Believes Multi-Cloud is Great… We Hate You All. 
• The cloud pod now wants all your HIPAA Data
• The Meta Llama is Spreading Everywhere
• The Cloud Pod Recursively Deploys Deploy

A big thanks to this week’s sponsor:

Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

News this Week:

00:33 HashiCorp State of Cloud Strategy Survey 2023: The tech sector perspective 

• We didn’t find anything in the survey particularly interesting, until they broke it down by respondents who are actively in the tech industry. 
• Despite strong Macro pressure and recent earnings reports about slowness in growth, 48% of respondents increased their cloud spend in the last 12 months
• 94% of tech industry respondents indicated that multi-cloud works, citing that it has advanced or achieved their company’s business goals.  
  • Sure, Jan. 
• 91% of tech companies rely on platform teams. 

01:37 Justin - “The thing about that is, I could see the value for Saas vendors, right? Especially if you're dealing with large data ingestion. I think we were talking to New Relic, for example, when they launched a New Relic on Azure.It saves their customers a bunch of money because they're not doing egress charges out to the internet to AWS to basically get the New Relic data in. And they see that as a strategy that helps customers reduce money and also helps increase adoption as well as partnership opportunities.”

AWS

05:11 AWS Summit New York  just happened, and there were a lot of announcements (and protests.) We won’t spend a lot of time going over each of these in the show, but the link are available for you to peruse at your leisure. 

• Introducing AWS HealthImaging — purpose-built for medical imaging at scale
  • AWS is very excited to announce the general availability of AWS HealthImaging, a purpose-built service that helps builders develop cloud-native applications that store, analyze, and share medical imaging data at a petabyte scale. HealthImaging ingests data in the DICOM P10 format. It provides APIs for low-latency retrieval and purpose-built storage. 

• Amazon Redshift now supports querying Apache Iceberg tables
• AWS Glue Studio now supports Amazon Redshift Serverless
• Snowflake connectivity for AWS Glue for Apache Spark is now generally available   
• AWS Glue jobs can now include AWS Glue DataBrew Recipes 
• I continue to support not doing predictions on summits 

06:42 Llama 2 foundation models from Meta are now available in Amazon SageMaker JumpStart

• After we mentioned Azure getting LLama Support, we couldn’t ignore this article that you now use LLama 2 on Sagemaker.

08:04 Jonathan - “There’s an awful lot of models out there, actually. If you go to Huggingface.co there's a guy called Tom Joins known as ‘The Bloke’ and he has available for download like close to 600 different models and a lot of them are like quantized versions of the larger models so you can run them on sensible currency hardware. But yeah, there's dozens to choose from that have been trained on different data sets. Some are tuned for chats, some are tuned for other things. So yeah, don't be restricted by what the cloud providers actually turn into products and sell you when you can use any open source tools like PyTorch to take these models and do whatever you like with them, even in SageMaker.” 09:41 AWS Transfer Family launches SFTP connectors

• We would argue that AWS Transfer Family has done more innovation than any other SFTP server vendor in a long time. 
• This time they are launching SFTP connectors, which is a fully managed and low code capability to securely and reliably copy files at scale between remote SFTP servers and Amazon S3.  
• Files transferred using SFTP connectors are stored in Amazon S3, enabling you to unlock value from data using analytics, data lakes or AI/ML Services in AWS.  
• AWS Transfer Family support for SFTP connectors is available in all AWS Regions where the service is available, and pricing information can be found here. 

GCP

16:48  Cloud Next 2023 session catalog is live, covering all of your key cloud topics

• Google Cloud Next is just about a month away, and Google Cloud Next has launched their session catalog.  
• There will be sessions on AI, (how surprising) Serverless/Containers, Devops, and more. 

17:26 Ryan - “So I want to know if I can use AI to schedule me in these things. Because I, with every single conference, I always have the best of intentions of going through the catalog in advance and figuring out what I want to do and getting all excited and the whole thing. But without fail, it's five minutes before a session and I'm trying to figure out how to get across to wherever I need to go. 18:09 Cloud Deploy gets deploy parameters, new console creation flows, and reduced pricing

• Google Cloud Deploy announced new capabilities today, the first to add to their previously announced Parallel deployments capability,  is the ability to use deployment parameters to focus your deployed to child targets. 
• They have also reduced the price of Active Cloud Deploy delivery pipelines and expanded no charge usage to include single-target delivery pipelines, making it easier to get started with cloud deploy.
• It's easier than ever to deploy your first pipeline with simple deliver pipelines and targets, and release directly in the Cloud Deploy console for trials and experiments

19:05 Jonathan - “A lot of the business that the cloud providers are seeing now are coming from cloud migrations. I'm sure they're getting some startups and cloud native apps as well, but a lot of the business is going to be from migrations. And people either have Jenkins already or some other kind of CI. set of tooling and build processes and things like that. So if Google is going to provide services for deployments, then it would really be in their interests to make it so that you could also do on-prem deployments with the same set of tools.” 23:13 Introducing Google Cloud Support on mobile: Manage support cases on-the-go

• On-Call engineers supporting Google Cloud can be excited that they can now view and manage google cloud support cases right from the google cloud mobile app
• This is perfect for anyone who wants to be ignored, or who loves watching your issues not get fixed in a timely manner. 

24:14 Justin - “So I will say - definitely support case. It's definitely a use case I would use the mobile apps for. And then rebooting an EC2 box, just as a preliminary, like I'm on my way home, let me reboot this box and hope it fixes it. And sometimes it does, which works. So those are the two use cases I've mostly had, but yeah, like looking at performance metrics, looking at, you know, different things, trying to set up anything like, yeah, forget all that use case. Like no, no time for that on my little teeny tiny phone to look at logs.”

Azure

24:43 Compromised Microsoft Key: More Impactful Than We Thought 

• The Wiz, one of the leading cloud security researching companies, as well as Cloud Security Posture Management firms, did some extensive research in the recent storm attack. 
• Wiz reports that microsoft indicated only Outlook and Exchange online were impacted by the token forging technique.
  • Wiz Research has found that the compromised signing key was more powerful than it may have seemed, and was not limited to just those two services.
• Wiz concludes that multiple types of Azure AD applications, including every application that supports personal account authentication such as Sharepoint, Teams, Onedrive and any app that supports login with Microsoft under certain conditions could be compromised.
• While Microsoft released IOCs for the encryption keys and source ip addresses, Wiz says it will be difficult for customers to detect the use of forged tokens against their applications due to lack of logs on crucial fields related to the token verification process. 
• Wiz also researched where the key comes from and believes it was able to sign OpenID v2.0 tokens
• Microsoft responded to the wiz article:
  • Many of the claims made in this blog are speculative and not evidence-based. We recommend that customers review our blogs, specifically our Microsoft Threat Intelligence blog, to learn more about this incident and investigate their own environments using the Indicators of Compromise (IOCs) that we've made public. We’ve also recently expanded security logging availability, making it free for more customers by default, to help enterprises manage an increasingly complex threat landscape

24:14 Ryan - “I like changing the security logging to free though. I think that that's a good response. I'll give them credit for that one.”

Oracle

33:20 Easily install Oracle Java on Oracle Linux in OCI: It’s a perfect match!

• For those of you who leverage Oracle Cloud, you now get a license and full support of Oracle Java SE and Oracle GraalVM versions at no extra cost. 
• **This is a trap if you're multi-cloud.** 
• Oracle Java is supported by Oracle Linux. 
• It’s also compatible with Intel/AMD and Arm based processors. 

Continuing our Cloud Journey Series Talks

The Cloud Shared Responsibility model is a framework that defines the security and compliance responsibilities of cloud service providers (CSPs) and their customers. The model is based on the principle of shared responsibility, which means that both the CSP and the customer share responsibility for security and compliance in the cloud. The CSP is responsible for the security and compliance of the cloud infrastructure, platform, and services. The customer is responsible for the security and compliance of the data, applications, and workloads that they deploy in the cloud. The key points of the Cloud Shared Responsibility model are as follows:

1. The CSP is responsible for the security and compliance of the cloud infrastructure, platform, and services.
2. The customer is responsible for the security and compliance of the data, applications, and workloads that they deploy in the cloud.
3. The CSP and the customer must work together to ensure the security and compliance of the cloud environment.
4. The CSP must provide customers with the information and tools they need to meet their security and compliance obligations.
5. The customer must implement appropriate security and compliance controls in the cloud environment.
6. The CSP and the customer must monitor and assess the security and compliance of the cloud environment.
7. The CSP and the customer must respond to security and compliance incidents in a timely and effective manner.
8. The CSP and the customer must cooperate with law enforcement and other government agencies in the event of a security or compliance incident.
9. The CSP and the customer must maintain appropriate documentation of their security and compliance efforts.
10. The CSP and the customer must regularly review and update their security and compliance policies and procedures.

The Cloud Shared Responsibility model is a complex and ever-evolving framework. It is important for both CSPs and customers to stay up-to-date on the latest changes and best practices. The key differences between shared security model and shared fate security model are:

• In a shared security model, each component is responsible for its own security. In a shared fate security model, all components are responsible for the security of the system as a whole.
• In a shared security model, a component can be compromised without affecting the security of the other components. In a shared fate security model, a compromise of one component can lead to the compromise of the entire system.
• In a shared security model, it is easier to identify and fix security vulnerabilities. In a shared fate security model, it is more difficult to identify and fix security vulnerabilities because all components are interconnected.
• In a shared security model, it is easier to recover from a security breach. In a shared fate security model, it is more difficult to recover from a security breach because the entire system is compromised.

Shared security models are typically used in systems where the components are not tightly coupled. Shared fate security models are typically used in systems where the components are tightly coupled.

After Show

Wholesale copying’: Israel’s Orca Security sues rival Wiz for patent infringement 

Closing

And that is the week in the cloud! We would like to thank our sponsors Foghorn Consulting. Check out our website, the home of the cloud pod where you can join our newsletter, slack team, send feedback or ask questions at thecloudpod.net or tweet at us with hashtag #thecloudpod