Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Earlier this week on our blog, I explored the top tools for cloud management systems and the ways organizations should evaluate their options.
We’re excited for the release of CloudBolt 9.0—Cumulus. If you want to learn more about the new features we’re bringing to our customers, check them out here.
With that, onto this week’s news:
IBM Taps Red Hat for Additional Kubernetes Expertise
Mike Vizard, Container Journal, Sept. 27, 2019
“IBM is leveraging the Kubernetes expertise of its Red Hat subsidiary to make it easier to deploy its blockchain platform anywhere and manage instances of the open source Apache CouchDB running on Kubernetes clusters.
The IBM Blockchain platform is based on the open source Hyperledger Fabric platform being developed under the auspices of the Linux Foundation. Its deployment on Red Hat OpenShift, which is based on a distribution of Kubernetes, not only advances portability but also makes it possible to containerize smart contracts, peers, certificate authorities and ordering services across a hybrid cloud computing environment.
At the same time, IBM is leveraging Operator software developed by CoreOS, which Red Hat acquired last year, to make it easier to deploy and manage CouchDB document databases. IBM also plans to provide support services for CouchDB databases alongside the cloud service instance of CouchDB it makes available in the form of the Cloudant platform, which IBM acquired in 2014.”
Cloud Vulnerability Could Let One Server Compromise Thousands
Kelly Sheridan, Dark Reading, Sept. 26, 2019
“A newly disclosed critical vulnerability in the OnApp cloud orchestration platform could let an attacker compromise an entire private cloud with access to a single server, researchers report.
The finding comes from researchers at security firm Skylight Cyber who say the flaw has the potential to affect hundreds of thousands of production servers and organizations around the world. OnApp is a London-based cloud management platform, one of the top firms that powers thousands of clouds for managed service providers, telcos, and other cloud hosting services.
Cloud security issues are common these days; however, we usually see them in the context of user misconfigurations and resulting accidental data leaks. In most cases, these mishaps are the user’s fault. This particular flaw, located in a management system that thousands of providers use, could let an attacker access, steal, change, or eliminate data on a server through no fault of the user or provider.”
Serverless Security Threats Loom as Enterprises Go Cloud Native
Jessica Lyons Hardcastle, SDX Central, Sept. 26, 2019
“Enterprises are rapidly adopting serverless computing because of improved security as well as the need for speed and greater operational efficiency. However, as they increase their usage of serverless functions, companies must understand how this affects their threat landscape — and how to implement security measures such as runtime controls and API discovery and usage inspection, according to a new Enterprise Strategy Group (ESG) study that looks at how organizations are securing cloud-native applications.
Application security company Data Theorem commissioned the study, Security for DevOps – Enterprise Survey Report. In it, ESG analyzed responses from 371 IT and cybersecurity professionals at organizations in North America responsible for evaluating, purchasing, and managing cloud security technology products and services.
The study found that only 8% of companies are securing 75% or more of their cloud-native applications with DevSecOps practices — automating core security tasks by embedding security controls and processes into DevOps. That number jumps to 68% of companies that say they plan to secure 75% or more of their cloud-native applications with DevSecOps practices in two years.”