This discussion sifts into tactical concerns for containers in the near term. We’ve gotten far with containers and Kubernetes. But what about process controls that we need to wrap around containers?
We talked through how we need to be thinking about containers now that we have good control surfaces around them to make things work. If you were using containers and Kubernetes, this podcast will certainly inform your thinking.
We reflected on 2021 and our four key panelists talked through what’s coming for 2022. Instead of making broad predictions, we focused on the needs of the market. We felt there were many immediate needs around cloud outages and security challenges.
Of course, we also discuss how the edge is coming up along with more physical integrations like for automotive, healthcare, and energy creation and storage. All are very big topics that are local presence related computing.
Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, shares insights from the 2021 End of Year session where predictions for the future were discussed. The focus was on transforming the market from monolithic, single-vendor clouds, including on-premises Edge locations, towards a more ad hoc and composable model that allows multiple vendors to integrate seamlessly. Hirschfeld emphasizes the importance of creating infrastructure pipelines to enable modularity and a multi-vendor experience while maintaining a single control experience for users and operators. He encourages listeners to explore the detailed discussion in the full podcast from December 30th at the2030.cloud.
Our scheduled topic was supply chains generally, but the Log4Shell vulnerability dominated the discussion. We dove into the challenge of patching and fixing a library that is literally in nearly every device or service for years and years.
That led us to supply chains in the context of software, and specifically Java Log4j. This is a critical topic and our conversation about it was very thoughtful. We really covered the angles of what it takes to produce and maintain a supply chain for software. Then we discussed alternatives and things to consider when you building anything: software products or physical products in which embedded systems and components impact your designs.
Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, reflects on the December 16th discussion centered around the supply chain, particularly focusing on Log4j and software components. He underscores the importance of understanding the provenance of software components and emphasizes the necessity of maintaining a robust patch and update process, especially considering embedded systems like Java. Hirschfeld advocates for a shift in mindset towards viewing software as an ongoing process rather than a static deliverable, inviting listeners to explore the insightful discussion further at the2030.cloud.
Today we talked about supply chains, but mainly security and the security aspects of supply chains because we have a very serious challenges here.
We have made software and on boarding software for developers so easy, but haven’t put the same efforts in how to manage production systems! The team really talked about what it takes to build production systems that respect security, supply chains, dependency graphs, and inclusion in a way that cross teams.
It’s an incredibly important topic, and it is the foundation of any successful supply chain hardening effort.
During this 20 minute check-in we dive security and SaaS infrastructure.
Can we protect the secrets that people are trusting to SaaS providers to store for us? The topic was inspired by the Twitch leak where a lot of sensitive information was exposed exposed to the public. That comes on the heels of all sorts of other leaks, compromises and down time on systems.
Overall, it seems like bad news is coming faster and faster for operators. The fundamental question is NOT can we trust a SaaS provider to secure information. We know the answer is NO. But what to do about it?
Backups are really, really tricky! We talk through a lot of different things that you have to consider in making successful backups like security, resilience, how you store the data, how you recover the data and rebuild the systems. Basically, we ran the gamut on backup challenges.
You really need to think through a lot of the considerations! Our discussion will help make you better at backups.
Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, reflects on the October 26th discussion about backups, emphasizing their critical role in successful recovery efforts. He highlights the complexities of securing data at rest and the potential vulnerabilities backups may pose in scenarios like ransomware attacks or disaster recovery. Hirschfeld urges listeners to consider the entire system architecture and storage mechanisms to avoid potential losses, inviting them to explore the comprehensive discussion at the2030.cloud for deeper insights.
Understanding and Managing Certificates is a critical operational skill in which we cover the basics and then go deeper.
If you are familiar with SSL HTTPS, you are using certificates on a daily basis. And yet, actual management of trust and root CA is and distributing private and public keys or distributing public keys and managing private keys is tricky.
Even our expert panel still struggles while we understand what’s going on. One of the challenges with this is in education and having people understand what they’re actually getting from certificates and trust, and what they’re not getting.
We go into the details about Secrets Management. We explore how the process works, and how to do it right. We also cover the alternatives.
This podcast is for you if you are trying to understand how secrets management works. We cover different scenarios where it can be applied, and where can go wrong.
“The peak of trustability” came up during our discussion of Trust in general. We really unwound what trust means starting from simple concepts like credentials and certificates and other security items.
We got to a point where trust is also about software supply chain! Security includes how much you keep up with changes and what the latest things are. Then we realized that trust has an important time value: you don’t trust, initially, you build trust, and then you lose trust.
This creates a peak of trust ability concept that I hadn’t heard articulated before. I think is really important in understanding trust in a broader sense, especially when we think about Zero Trust. That;s not the end. It’s an end point and it’s also a starting point for building interconnections and relationships with people and tech.
DevOps Lunch and Learn was about security practices. Specifically, we built an outline of topics in security that we think are necessary for developers and operators to build secure applications.
We basically built a week long course curriculum!
As we go through what this course curriculum we walk through who needs to know this information and why.
