IT Modernization and DevOps News Week in Review 2.1.2021
This DevOps news week saw Data Privacy Day, an annual reminder of the importance of data privacy. In a call to action for individuals to own their own privacy, and for businesses to respect privacy, the National Cybersecurity Alliance advocates for “holding organizations responsible for keeping individuals’ personal information safe from unauthorized access and ensuring fair, relevant and legitimate data collection and processing” while encouraging individuals to learn more about how to protect their data online.
Continuing the theme, the Apache Software Foundation releases findings of its annual state of security report. This year’s study of more than 340 Apache projects finds 376 reports of new vulnerabilities last year which spanned across 101 of the top level projects; this figure is an increase from 320 in 2019.
In other security-related news, CSA has released the initial version 4 of the Cloud Controls Matrix. The CCM is a reference for organizations looking for ways to define and grow their cloud security and compliance – and is the foundation of CSA’s STAR Program. CCM v4.0 adds more control specifications, growing from 133 to 197 controls. It also adds mappings for several standards, including ISO/IEC 27001-2013, ISO/IEC 27017-2015, ISO/OEC 27018-2019, AICPA TSC v2017, and CCM V3.0.1.
- Gremlin publishes its 2021 State of Chaos Engineering report, in which it finds:
- Increased availability and decreased MTTR are the two most common benefits of Chaos Engineering
- Teams who frequently run Chaos Engineering experiments have >99.9% availability
- 23% of teams had a mean time to resolution (MTTR) of under 1 hour and 60% under 12 hours
- Google Cloud introduces VM Manager to help enterprises operate large compute engine fleets. A suite of infrastructure management tools, the new VM Manager seeks to reduce complexity and grow observability, security and compliance. It offers a single dashboard view and includes patch management, configuration management, and inventory management.
- Microsoft makes the Confluent Cloud integration with Azure generally available.
- RedKubes makes the Community Edition of its Otomi Container Platform, a turnkey Kubernetes console, open source.
- Neo4j announces the general availability of Neo4j Aura Enterprise, the company’s fully managed cloud database. According to a press release, the solution is, “engineered for cloud-native enterprise projects and meets organizations’ exacting requirements for securing massive, highly connected datasets at a granular level without compromising performance.”
- Algolia acquires MorphL, a Google DNI-funded AI/ML platform. Simultaneously, the firm launched its new AI offering, which it describes as a suite of API-based AI and ML models that help developers, data scientists, and marketers predict users’ intent, personalize online experiences, and create highly-targeted offers.
- Microsoft released its quarterly earnings, reporting revenue of $43.1B for the second quarter of fiscal 2021, a 17% jump from a year ago. According to the company’s earnings call, revenue was driven largely by its commercial cloud business, which saw more than $16B in revenue, which represents 34% year over year growth.
- Amazon GuardDuty rolls out a new machine learning domain reputation model. It “categorizes previously unseen domains as highly likely to be malicious or benign based on their behavioral characteristics,” alerting operators when an EC2 instance in their AWS environment is communicating with a malicious domain.
- AWS adds help for secrets, allowing operators to disover when a secret can be accessed publicly or from other accounts or organizations via a new IAM Access Analyzer.
- Amazon Elasticsearch Service adds support for encryption of data at rest and node-to-node encryption on existing domains.
- Amazon CodeGuru Profiler grows its capabilities with a new memory profiling feature designed to help operators troubleshoot and resolve memory issues in Java apps.
- Amazon expands the AWS Shield Advanced dashboard to include additional mitigation metrics and network traffic timeline details for events detected on protected resources, including details about the actions automatically taken to mitigate DDoS attacks.
- Our NTT DATA colleagues Sushila Nair and Edmund Tribue will deliver a keynote session titled Zero Trust Identity Protection to Enable the Adaptive Workforce at the CSA CloudBytes Connect virtual symposium on Thursday, February 4 at 11:15 am PST. Sign up to attend: Register here
Written by Flux7 Labs
Flux7, an NTT DATA Company, is the only Sherpa on the DevOps journey that assesses, designs, and teaches while implementing a holistic solution for its enterprise customers, thus giving its clients the skills needed to manage and expand on the technology moving forward. Not a reseller or an MSP, Flux7 recommendations are 100% focused on customer requirements and creating the most efficient infrastructure possible that automates operations, streamlines and enhances development, and supports specific business goals.