¶ Book Announcement: AWS Certification Guide
I want to know who gets paid to come up with the names . Dude , that's the job . That's the job I need .
Just sit at a desk and say you know what Typhoon I'm going on break ? That's right .
That's right , give me my six-figure salary .
Yeah , Reminds me of that Mitch Hedberg joke . I don't know if you remember that one where he's talking to me . He's like I want to be the guy that just names kitchen appliances .
Oh yeah , so good . Hello and welcome back to another episode of the Cables to Clouds Fortnightly News . With me , as always , is my co-host , chris Miles , at BGB Main on Blue Sky . Of course I'm at carpe-dmbpn on Blue Sky and , yeah , we're on LinkedIn and stuff too , so you can find us there .
But before we get into the news this week and it's going to be a quick one Chris and I have a special announcement . Uh , chris , you actually have the physical artifact , so please take it away .
Yeah , so I actually have a physical copy of our book for the um AWS certified . I got such a mouthful AWS certified advanced networking specialty exam uh guide that we put out through PAC . So I have a physical copy here , which is very cool to actually see this come to fruition .
But so I guess we're taking this opportunity to say the book is finally published . So if you order it , it will be , as far as I know , shipped directly to you rather than the pre-order like we've been plugging for the last month . So sorry for kind of drowning your ears with this stuff , but , um , we're really excited to get this out .
So , um , we're really pleased with the final product . I don't want to speak for Tim specifically , but , uh , I think it came out really well . So , um , please check the show notes , um , and we'll uh , we'll put a link in there for the book . No-transcript , brother , none of us were . Well , we did this .
Uh , it forces you to to get to that point very fast .
So yeah , yeah , I mean we know what we know and we're both ans certified and all of that , but like it's just there's , you know , it is it's difference between knowing it , working with it , and then knowing it to the point where you can write a certification book about it , right .
¶ Silk Typhoon: China's Cloud Provider Attacks
So , anyway , all right , let's uh , let's jump right into it . So , uh , in the news , um , this week , from data breach , today is an article , uh , entitled china's silk typhoon is tied to cloud service provider hacks . So Silk Typhoon is a different state-sponsored cyber what do they call it ? Cyber espionage group in China . So we've been talking about Salt Typhoon .
You've seen it all over the internet by this point , where Salt Typhoon is another group in China and their latest hack attack , if you will , is they were doing a compromise of service providers , so service provider routers , infrastructure and then basically harvesting data all right off the wire for with unencrypted traffic because they had access . Basically they were .
They were essentially man in the middle type attacks . They could because they had access . Basically they were essentially man-in-the-middle type attacks . They could just pull data right off of those routers . So this is a follow-on to that . So there's this group .
The Silk Typhoon group is actually essentially exploiting what was found , like exploiting the data that was harvested from Salt Typhoon to actually start invading people's's like cloud accounts . There's , you know , you take a look at this article , there's a .
There's a bunch of of , basically , data that was compromised and taken and , you know , the the group is using it to to further compromise now enterprises . So a lot of people , a lot of enterprises , looked at salt typhoon and they said , eh , we don't . You know , that's , that's not us , right ? We're not getting hacked , it's our service providers .
Well , this is actually the , the follow on , if you will , the , the extension of that attack , which a lot of cybersecurity experts were warning was coming . You know , when somebody can steal your credentials , it's like being in a , it's like being in one of those . You get the email and it's hey , we got hacked and your data's gone .
You know they sold your data . It may not be today , but at some point . If you don't change your passwords , you can pretty much guarantee that somebody is going to make use of that data , right ? So this is it .
We've been blowing this horn for a while ourselves on the podcast , but also , you know , at Aviatrix , talking about how encryption you know as as through the provider network is really important . Um , and this really kind of because the show that it's this is the reason , right , so anything to add there um , not much .
I mean , I will say this didn't come out as , like some , like newfound attack , necessarily .
To me it seems like they were using pretty common , you know common methods like password spraying across publicly accessible devices and pretty much elevated that to getting access to cloud accounts , cloud management providers , et cetera , and you know , and then going in onto stealing API keys , which is , you know , obviously a big , a big , uh , bad thing actually .
Yes , I should say um , but yeah , it's um . One thing I didn't learn , or I did learn from this that I didn't know about , was how the name silk typhoon came out of this . So like , typhoon is apparently the classification of just the threat actor . So that was just a little tidbit I didn't know .
So you know , there was , there was a link to a Microsoft page where they're all classified and they each have unique names . Yeah , like Russia's blizzard , china's typhoon , iran is sandstorm and then's uh , even uh , kind of lower level uh classifications from there , which is , which is pretty cool I want to know who gets paid to come up with the names .
Dude , that's the job . That's the job I need .
Yeah , just sit a sit a sit at a desk and say you know what typhoon I'm going on break ? That's right .
Well , that's right . Give me my six , six figure salary , yeah reminds me of that , uh , mitch hedberg joke .
I don't know if you remember that one where he's Give me my six-figure salary . Reminds me of that Mitch Hedberg joke . I don't know if you remember that one where he's talking about he's like I want to be the guy that just names kitchen appliances .
Oh yeah , so good , yeah , excellent , yeah . So I mean , we're just going to have to keep an eye on this one . Right ? This is in the wild , this is happening . It's a mix . It's a mix of previous exploits and , like Chris said , there's always just the tried and true . You know weak password encryption , weak password , brute forcing and whatnot . So it's happening
¶ European Cloud API for Interoperability
. So keep your stuff encrypted .
Definitely All right . Next up , we have an article from NetworkWorldcom which is very interesting , titled the Sovereign European Cloud API Claims to Offer Interoperability Without Lock-in .
So this article I'll be honest , I'd heard nothing about this prior to finding this , shortly before we recorded the show yeah same about this prior to finding this shortly before we recorded the show . Yeah , same , but it's actually a very interesting concept in that Europe is kind of leading the charge on things like interoperability .
I'm seeing this as somewhat as the iPhone going to USB-C type moment maybe for the cloud operators , going to USB-C type moment maybe for the cloud operators , but , in short , basically a collaboration between a couple of European cloud providers called Aruba and IONOS , and a cloud marketplace called Dynamo are basically in the process of creating something called the
Sovereign European Cloud API or SECA , and it sounds like this API is pretty much a way for the large cloud providers and platforms to increase interoperability and kind of create a unified API that can be used for orchestrating infrastructure across hybrid cloud and multi-cloud environments hybrid cloud and multi-cloud environments and kind of you know , kind of you know ,
creating this unified mechanism so that customers can use , I guess , any cloud provider that they should want with the same API structure that they would use in any of the other ones . This was kind of a thing that at a at a very high level , it sounded cool to me . I was like , okay , that's , that sounds very interesting .
But like I couldn't help but start thinking about the lower layers of it and the technical pieces of it , and I'm like I don't know how the hell this would work with the major CSPs . They all have different services , they all interact very different ways . It's not just always , you know , carbon copy of column A , column B type thing .
So I don't know exactly how this would work , but very interesting concept and you know , the EU does push a lot of regulations that force the hand of these tech giants sometimes , so I guess it could be a thing . How do you feel , tim ?
Yeah . So I think what you're going to run into here is either it's going to have to be compulsory , like the short answer is , the CSPs are not going to do it unless they absolutely have to do it to do business in the EU , probably . But I'm right there with you . I'm like the only way . There's only two ways this could technically function .
I think I figure right . One is whatever this uh alliances or whatever that this api , this common api that they're building , would be like a third party abstraction layer , like a third-party abstraction layer like you send your API call to our formatted single-use API and then we figure out what to do on the back end to talk to the API and to the CSPs .
Or somehow they're going to build the framework and tell the CSPs basically like hey , you need to build support for this into your platform so that people can send it straight to you , but we own the framework of the API , basically . So I don't see that one flying .
But I mean , then again , if you want to cut out the entire European market , I guess maybe not even Microsoft was ready to do that right . So back in the 90s and the early , early two thousands when they were on trial for you know , antitrust stuff and whatnot . Yeah , that that's . That's the only way I see it working .
Yeah , I mean in that , in that scenario , like if I guess what ? Like the European market is obviously too big to just kind of do away with , right for any of the major CSPs .
So I mean , if one cloud provider chose not to adopt this , then that's going to be a major advantage for the other two to say like well , we'll do it , and that's going to be kind of a , you know , a very fruitful endeavor for them .
I don't think that's how it'll shake down , but they kind of all have either they none of them have to participate or all of them have to participate type thing .
Yeah , and that's why it's going to back . It has to go back to compulsory , because if you look at the csps , there's absolutely no reason for any of them to be first , you know , to jump on the board of that and be like , yeah , of course I'll , I'll do this right , that's the thing .
Jump on the board of that and be like yeah , of course I'll , I'll do this Right . That's the thing like kind of what I was getting at with the , the iPhone USB-C type thing , like if , if it gets forced in this market , there's no reason why it couldn't permeate to other markets as well .
Um , so , you know that's it could be kind of a um , uh , a change in , uh or a shift in how we interact with the cloud altogether . Um , you know if this actually comes to fruition , but , um , very early days , so hard to tell . But yeah , it could be . Yeah , it could be quite a uh , quite a rift well , and this is a european initiative , right .
So , it being a european initiative , does this work ? Does this hold up in other countries ? Would there be like an , an , an anz initiative , like ? Like the , the , the . What I mean by that is like the , the framework , the api , the . Does this hold up in other countries ? Would there be like an ANZ initiative ?
Like what I mean by that is like the framework , the API , the standard that they're trying to build right is being built in the EU . Would it be something where they would adopt it worldwide if it did permeate to other markets , or would everybody be building their own ? Like ? It wouldn't make any sense , right , that wouldn't make any sense .
Not necessarily that they'd all build their own , but that's the thing is like the cloud providers don't change from region to region , right ? Right , exactly the way you interact with it in Europe is the same that you interact with it in Australia , except for China . Yeah , china being the obvious outlier . So I don't think we're ever going to see this in .
China , yeah right .
But yeah , I mean , the way you interact with it is always the same . So I mean there's definitely a reason for this to make its way , like if one API structure gets adopted in Europe , then that forces company A or company . B that operates in Europe to have a different interaction mechanism in Europe than everywhere else .
So there's going to be a market for someone else to put it in US , put it in Australia , wherever right it's going to happen .
I think , if this works out , yeah , we'll just have to keep an eye on it , see if it gets traction and , like I said , I think it'll end up having to be compulsory to get the real traction and there'll be a huge fight against it . But hey , let's hope Interoperability is good for everybody ultimately .
All right , we got one more , and this one is from our own
¶ Aviatrix Kubernetes Cloud Firewall Launch
company . This week , aviatrix launched the Kubernetes Cloud Firewall and this is a new capability . You'll find the link in the show notes . By the way , it's on our . Oh , actually , the one I put in there is actually from cloudnativenowcom . So we didn't use our own press release .
We used the Cloud Native Now , which is reporting on the launch of the Kubernetes Firewall . So the big thing about the Kubernetes Firewall is it's really just an extension of our own Cloud Firewall product . It's a new capability with new use cases for Kubernetes . I don't want to get into a . You know , it's not like .
Maybe we'll do a product demo at some time just to show everybody what that looks like , but this just in terms of the news itself . The news is , of course , that we've launched this feature and it's going to provide , you know , relief from , say , overlapping IPs . We have a pretty advanced snap capabilities .
So it's got you know all of the distributed cloud firewall stuff that we already do . You can basically leverage that , but also use Kubernetes attributes .
You can onboard your clusters and then the clusters we basically would read a cloud asset inventory , which is reading the cube API for reconciliation of workloads , of pods , namespaces , all of that , so you can build security policy based on Kubernetes attributes , which is pretty cool .
Now a lot of people are asking what we do inside the cluster , and actually we very specifically chose not to build a product that goes inside the Kubernetes cluster , and there's a couple of reasons for that . One , of course , is that the product just isn't built to go to do that we're not a CNI right .
And the more important one is that the product just isn't built to go to do that we're not a CNI right .
And the more important one is that , truthfully , I mean you look at Cilium Calico , you look at Istio Linkerd , like that's covered right , like there's not really a reason to build a product to go inside the Kubernetes clusters and start offering security policy in there . Yeah , why build a product that already exists and does its job really well ?
So we chose to focus instead on the idea of okay . Well , what about when you're leaving the cluster ? What does that look like ? Right ? What about when you're integrating with legacy workloads ? Because I don't know of any company maybe a couple Greenfield startups or something that are fully Kubernetes , like their entire application stack is microservices .
Most people have some kind of legacy , whether it be on-prem , whether it be in the cloud , whether it be PaaS services like RDS for databases . We're still not putting a lot of static or rather stateful services in Kubernetes . You know there's a lot of need for egress as well to the internet .
Um , you know being able to do web proxy and do a security for that as well . So , uh , that's kind of where we're thinking about playing . Um , anything to add to that ? Chris ? I missed .
No , I think I think you covered it . I mean , obviously this is a press release , but you and I obviously know a little bit more behind the covers about the press release .
So , um , the yeah , I think that , like you said , tim , is like there's , there's , there's a lot of products out there that solve the intra cluster um security problem in in in very good ways , right , um , but it's kind of harder to kind of take that like higher level view and look at the entire network as a um , uh , as an entire system , entire system ,
and be able to ingest native things about the clusters using APIs or , you're sorry , using the cube API , and use that in security policy for interacting either with other clusters or other resources on the network . So that's kind of the view that we took and , yeah , we're seeing a lot of traction with this , so it's a really cool product .
So , yeah , I think that's about it Cool .
Cool and yeah , maybe in a future show we'll show it off , not as like a sponsored by thing , but just we think it's a pretty cool product . It's brand new and a lot of people haven't seen it and we get a lot of questions about it . So , yeah , um , okay , and that will close us out for uh this week , I think .
So go ahead and uh , download us , listen to us , watch us , um , do all the normal things listening .
You've probably already downloaded this , but that's a good point , yeah , so download the rest of them .
Download the rest of the episodes , episodes , or download the episode that comes out a week after this one .
Yeah , that would be good as well . That's the most important thing .
Yeah , good call ,
¶ Episode Closing and Call to Action
but yeah , no . Thanks for hanging out with us and we'll see you next time on the news . Hi everyone , it's Tim and this has been the Cables to Clouds podcast . Thanks for tuning in today .
If you enjoyed our show , please subscribe to us in your favorite podcast catcher , as well as subscribe and turn on notifications for our YouTube channel to be notified of all our new episodes . Follow us on socials at Cables to Clouds . You can also visit our website for all the show notes at cables2cloudscom . Thanks again for listening and see you next time .