Tim: 0:01

Welcome to the Cables to Clouds podcast, your one-stop shop for all things hybrid and multi-cloud networking. Now here are your hosts.

Chris: 0:09

Tim, chris and Alex.

Tim: 0:14

Hello and welcome to another episode of the fortnightly news with the Cables to Clouds podcast. As always, I am Tim McConaughey at carpe dash dmvpn on blue sky, and with me, as always, is my co-host, chris miles. Uh at, was it the cloud main on blue sky?

Tim: 0:32

that's right, yeah that's right, that's right, that's right. We don't. We don't know that other place, we don't go there anymore. I'm just kidding. Um, yeah, so this week we we have kind of a quick roll-up for you. I mean, most of the really big news we actually covered in an episode which you'll be seeing pretty soon if you haven't seen it already, or you will have seen it by the time you see this, should I say which is a recap of MS Ignite and reInvent. So let's just jump into some of the more interesting stuff that's happened in the meantime with some of the other clouds and get into it. So the first article we have is, sorry, sdxcentralcom, and this is actually a follow-up to something that was done back in May of this year talking about how the cloud native firewalls kind of underperformed from a security perspective, and so what SDX Central has done is gone back, essentially, and given them time to fix what was broken. You know, rejigger it, make it better and the findings are still pretty awful is what they found.

Chris: 1:41

So I think AWS actually did worse, as I said, just to be clear. So it was the. The report was actually done by cyber ratings. I think sdx central is just doing following up with cyber ratings.

Tim: 1:51

Yeah but yeah, there was, yes, cyber ratingsorg. Sorry, yeah, yeah, that's my, I totally misread it, uh. But yes, cyber ratingsorg is the actual, actual people that did the cyber risk assessment on it. So AWS actually managed to do worse than they did the first time, which I don't know how that's possible, but this is the craziest part they scored a point. So this is another percentage score, basically on things like how much protection essentially do you get based on their rating score, which the article goes in a little bit more detail about that, and of course, you can go to cyberratingsorg and get the full details.

Tim: 2:31

But in May AWS Network Firewall actually scored I think it was a 5.39% of effectiveness, meaning that you were protected almost not quite 5.5% of the time. And it says here that they scored a mere point, 38 percent. So not even so, not even a half a percent, and that is a regression. That is not just more or less, that is a total point, 38 percent. I don't know that's possible. It's basically saying you're not running anything, basically. So it's a very interesting finding by CyberRatings and I know that when we reported on this back in May, aws had actually issued a statement saying that our network firewall is great and we think they tested it incorrectly or something to that effect.

Tim: 3:19

Cyberratings in this version says, quote unquote this was not a bug. There's a fundamental flaw in how AWS network firewalls is approaching the detection of vulnerabilities so very troubling. I don't know. I really don't know what to say to that. Really, I mean, that's pretty crazy, right. And then, to roll it up, azure and GCP were not great either. The best performing firewall got a protection level of 50.57%, 57%, 50.57%, if I can learn how to talk, and Azure is 24.14%, which, again, I don't know the exact. You know ratings or how they did it. We have to go to the. You have to read the whole report to get to that. But this is just, you know, a percentage based on how they determined that they were these, these native firewalls were protecting workloads. So for the money you're paying for these, man like I, I don't, I don't know, I don't know. What do you have? What? Anything to add there?

Chris: 4:26

Chris to this crazy article. No, yeah, I mean it's. It's funny because, um, I mean the. The outcome, basically, of this is from the, the interview that they did with, uh, vikram fatak I think it's how you say his last name um, the ceo of cyber ratings that performed the report. He basically just said, like, look, these things are charged at a premium for security and you don't get security. He was just like you don't get it.

Chris: 4:43

Um, the, if any pretty much any range within you know whether you're a small business or you're a large enterprise. He just says use a third party. So the third party players that were called out were Cisco, checkpoint, palo or quote unquote, the whole gang. So he basically just says don't use any of the cloud native stuff today. He basically just says don't use any of the cloud-native stuff today, which is I mean, tim, you and I work in a specific technology sector where we see how many people actually use the cloud-native firewalls today and it's a very large number. So this is, I don't know. There's like I do understand that each one of these cloud-native firewalls doesn't have every bell and whistle that Apollo Alto is going to have right, because they obviously have very, you know, enhanced threat protection and new feature sets that they've added over the last, you know, 10, 15 years, but I find it hard to believe that they're that bad, like I don't know.

Tim: 5:40

Yeah, I mean, how could you sell a product that has 0.38% protection? I mean, let, could you sell a product that has 0.38% protection? I mean, like, it's like saying there's no protection at all. You're basically saying that it does nothing except pass traffic, like that's.

Chris: 6:17

I mean, I guess right my, my inkling here is that. So one of the interview answers that he gave was that um or sdx central. So it's like only 0.38 percent of all exploits hitting the aws firewall are caught and stopped. Sure, looks like anyone using the aws network firewall is basically wide open um. And he said, unless you care about the basic access, basic access control, pretty much for any kind of deep inspection, exploit blocking you need a third-party. So it's more. It's not just like whether or not the firewall functions, which I feel like is kind of misleading in that sense, right Like if from a traditional firewall perspective it is, I think it probably does its job, but probably I think the emphasis here should be at detecting exploits on its own, which you know that requires a certain level of merit, that that you know um, um that they need to live up to um.

Chris: 7:10

So I can understand that criticism if they're saying that, like almost all those other exploits got through um. But yeah, I mean that I'm not in this state to test this right. I don't have, uh, the capabilities of pushing you know known exploits through the firewall like this. So it's it's hard for me to recreate this, but, man, that seems insane For the amount of people I know at AWS and their emphasis on security and specifically network security. I've seen some of the things like web application firewall can do and detect as far as exploits go, and the fact that that would not be baked into network firewall. I don't know if I can believe it. That just sounds crazy.

Tim: 7:49

Yeah, that's, it's so insane, right, it's. Yeah, like I said, it's a basic. It's saying like you have a router, we're just forwarding packets, we're not even looking at them, right, like with that level of protection. So, yeah, I mean I, I think there's gotta be a little column, a little column B there. I I also find it really really hard to understand the idea that there's like no protection from any of the you know, or you know even that the best performing one was just over 50%. Right, that's, and that's that's being extremely generous. So, yeah, man, I mean yeah, anyway. So so I don't know what to say to that, except that if I definitely suggest that if your organization is using a native firewall for a checkbox or you know to to meet a requirement or you know, take a look, if you guys are doing this, and especially if anyone has done this and gotten a pen test, like something like when we talked to Serena, one of those type of pen test orgs, I would love to know have you seen this? Has this been a thing for you? So anyway, yeah, great, great story.

Tim: 8:56

So the next one is from I just completely blanked. The next one is from Reuters, sorry, and this is an interesting one. It's from Google, and Google is asking the FTC, the Federal Trade Commission, to basically break up the deal between Microsoft and OpenAI, saying that basically Microsoft has a monopoly on access to OpenAI because of their agreements between these two organizations. We know Microsoft has a large stake in OpenAI, the organization, and basically in order to access OpenAI, you have to use Microsoft's servers, access whatever. So Google's basically saying to the FTC that is the same thing as monopolistic behavior. You should, you should, stop this. You should let other organizations like us, for example Google, be able to access open AI without having to go through Microsoft to do it.

Tim: 9:53

So very interesting, and I mean, the more the AI stuff heats up man, the more stuff like this I would expect to see. The more the AI stuff heats up man, the more stuff like this I would expect to see. I'm actually. I mean, does Google? I mean Google has Gemini, like why I'm not saying there's no reason to ever use another model? Obviously, the models are trained in a very specific way. They all have different strengths and weaknesses, et cetera, et cetera. Or is this more like a advocacy for Google customers that might want to use OpenAI without having to go be Azure customers or something. Maybe that's the angle here.

Chris: 10:25

So pretty interesting stuff, yeah, I mean, my rub of it is that the FTC was already investigating Microsoft for their practices elsewhere, right, and it even says in this article that this came up while Google was being interviewed about that. So it was almost like they're leveraging, like hey, we know, you're already looking into them. You should probably have a look at this too. This is kind of a potential violation as well. I mean, I think that's a much easier play for Google to try to get you know, to ruffle some feathers and stir some commotion there, rather than promoting Gemini Because they know.

Chris: 11:08

Gemini is probably that's a long haul to get Gemini to the state of where chat GPT is today, right, so that's my initial thought anyway. But I mean, who knows if the FTC is even going to even you know kind of look at this at all. I don't think they even comment or responded to their comment.

Tim: 11:28

Well, and I guess we'll see. We'll see what the FTC looks like, along with many other federal agencies, in a few months anyway, to be honest, so it may not be fully staffed in order to even do this.

Tim: 11:42

For all we know, you know, for whatever that's worth. We don't know yet. So, yeah, interesting. You know we've reported several articles already where Microsoft's being investigated, like in Europe, for example, for, you know, anti-competitive practices and whatnot. So, yeah, I guess we'll see how this one goes. I expect a lot more stuff like this, as, as we do, more as we see, the AI wars heat up a lot more. Okay, you want to take the next ones? Sure?

Chris: 12:16

So we have a couple articles here, one from Reuters and then another one from cloudcomputingnewsnet, so kind of two quick, rapid fire ones that we'll kind of talk about about Oracle. So Oracle, this one from Reuters is titled Oracle Slides as Revenue Target Miss Spotlights in Tough Cloud Competition. So Oracle, you know obviously been number four of the top four for quite a while in the cloud space. Um, you know, I hate talking about the stock market because this thing is so ephemeral so it's like it's hard to really, you know, talk about what this actually means. But, um, they did have. They previously had their shares, uh, up 80% as of Monday and then, as the cloud earnings came out, it looks like they've tumbled about 9%, as the company was on track to lose nearly $50 billion of the market cap.

Chris: 13:12

So that is interesting. I mean, like I said, this stuff changes every day so it's hard to really read into this. Yeah, and in addition, we also have an article from cloudcomputingnet or cloudcomputingnewsnet, sorry saying that Oracle has now entered into the use of meta and meta's LLMs being LLAMA as their large language models. I don't know if it's specifically on a certain offering or if this is just like what's baked into their AI products. Did you pull that out from this?

Tim: 13:45

I mean just that the main thing is that they're partnering with Meta to power their Lama AI, right. So Meta's going to be using Oracle's compute basically to do their Lama AI stuff. So it's a partnership. I mean, it's probably going to be money. There's going to be a lot of money involved. It's funny to see these two articles together, you know like here we have.

Tim: 14:08

Oracle missing its target. And then you know, potentially something very lucrative for Oracle in the very next breath. But you're right, the stock market is such a roller coaster man it's not worth it.

Chris: 14:18

I mean it's almost not worth drawing. At the same time, it's like they're obviously the ones that can be most competitive on stuff like compute and storage and networking as of right now, just because they are in that fourth spot. So they're offering the biggest discounted rates from what we've heard. So it almost makes sense that if you're someone like Meta, maybe that's appetizing to you.

Tim: 14:41

Well, meta, maybe that's appetizing to you. Well, I guess no this isn't.

Chris: 14:43

they're not servicing Meta, they're just using the open source model. Is that right?

Tim: 14:47

Yeah. Okay, I think that's yeah, Fair enough. But I mean, there's basically there's money changing hands there.

Tim: 14:53

There's a partnership, there's money changing hands, oracle's making money. So yeah, it's kind of like the same as what they've been doing, right, they've went all in on partnerships all across the as much as possible, even with other CSPs, to try to stay relevant and keep the market cap up and all of that. So yeah, I guess we'll see if it's, if it pays off for them. We shall see. All right, we got one more which is interesting but not surprising necessarily to a lot of people, and this one comes from CloudTech and basically says they there was a survey done and the results of the survey are less than a fifth of IT professionals say that cloud infrastructure is actually meeting their needs. So specifically, one in than 1 in 5, 18% of IT professionals said this, saying that there's a large disconnect between their expectations and what the reality is when it comes to their cloud strategy, like their organization's cloud strategy. Now, this was a SolarWinds survey, so maybe a little bit of a grain of salt there, because obviously SolarWinds is very on-prem heavy. That's kind of their bread and butter, right. So again, take a little bit of salt with it, but I think that generally there's also the grain of truth in it. So they said they did a survey that shows that, despite the cloud's promise of scalability and cost savings, the reality is mixed, and anybody who's ever done anything with the cloud could have told you that that was the case. So that part's interesting, but, specifically, they get into things.

Tim: 16:25

Like you know, a lot of the cloud professionals, a lot of the IT professionals, are saying that their organization's hybrid approach to cloud is also severely lacking. It's extremely complex and hard to manage, which, again, this is bread and butter, I think. At work, we probably say this a hundred times a day to various people, because it's very true, it's an absolutely true statement. And yeah, and despite that, though, actually very few people of those surveyed right by SolarWinds have actually engaged a third party value added reseller or professional services contractor to actually help them with their hybrid cloud approach or their hybrid cloud journeys. So you know, they also mentioned things about like OK, people also are not trusting the cloud security stack, which apparently they shouldn't.

Tim: 17:21

And yeah, like I said, it's from SolarWinds. It's an interesting observation. I do, again, take it with a little bit of salt because it's from a very on-prem, heavy vendor, but I do think that people really do feel this way, that people feel that hybrid cloud is extremely uh complex and that that uh just the the benefits of cloud right, like you know, going all the way back to the our one of our original episodes, where all the cloud cost savings, like that's it's still true today, um. So, yeah, it's, it's interesting article uh kind of affirms what I think a lot of us already knew. But it's.

Chris: 18:00

It's tough because, like we, obviously we see this a lot with our, with our day job just because you know like we almost have to let customers learn the hard way how hard things are to do in the cloud.

Chris: 18:10

Right If, if I went to talk to someone before they even really started moving into cloud and tried to express like, hey, right, if I went to talk to someone before they even really started moving into cloud and tried to express like, hey, this is going to be a problem. This is what hurts once you get to a certain scale. It's not going to resonate until they've actually done it and had that pain kind of rise to the top on their own right. I think one of the most notable quotes in this article is in a hybrid cloud world with increasingly complex network systems, devices and applications, managing microservices and containers adds to the challenge. Without proper planning and comprehensive visibility, organizations risk finding themselves in a dire situation. Tool sprawl, information silos and alert fatigue can all lead to an unpleasant cloud experience. So that's like to me, it's just like it's a planning thing right.

Tim: 18:57

Yeah, it's like like if you, if you.

Chris: 18:59

I mean, I'm not saying everyone gets it right on the first go, but like there are there's enough learnings out there in the world where, like you can, you can be better at this stuff you can know what works, what doesn't work, what needs to stay on premprem.

Chris: 19:12

There's a bit of talk in here about, you know, customers saying like, oh, we had to repatriate workloads back and like I think that is repatriation in the context of you know, moving to something in the cloud or building it to run in cloud and then moving it back on-prem seems like, oh well, we did this because it was a failure, right, that we had to move it back on-prem. It's because it was a failure, right, that we had to move it back on frame. I don't think that's always the case. I think you just kind of realize that like things run better in certain scenarios in a different place and it costs less as well, for sure, um, but like I don't think it's always always implies that things failed to run in the cloud. I think it was just kind of a shift in the organization, uh, many times. So, like you said, there's a lot of, there's probably many grains of salt that you have to take when reading this article, but it was. It was very interesting.

Tim: 20:01

All right, and so, uh, a bit of a short one today, but we'll go ahead and uh, start wrapping it up here. I think, uh, yeah, so we'll go ahead and wrap it here and hopefully everybody is following us on blue sky. We have a cables to clouds on blue sky now and uh, yeah, so go ahead and follow us there and do all the other things that we always tell you to do you know them by now and yeah, by now you've probably heard them a hundred times, so I won't repeat them.

Tim: 20:32

Uh, yeah, yeah, but I, you know, I just had a thought. Uh, this one is going to come out like right before Christmas. Is that right, or or right?

Chris: 20:41

after Christmas. Uh, yeah, this will. This will come out on the 18th. Oh, this will come out.

Tim: 20:46

Christmas, is it the 18th? Oh yeah, that's right. 18th, all right. So yes, 18th of December. So uh, yeah. Hopefully you're getting up for your time off work. Hopefully you're. You know you're really.

Chris: 20:58

Hopefully you're at work and hopefully you're at the point where you're really phoning it in Like you're you're barely, you're barely paying attention. You're already. You know, you've got, you've got, uh, you know, yuletide thoughts in your head. You don't do any work.

Tim: 21:17

I took this last week off because I was certain, absolutely 100% certain, I was going to be sick coming back from re-invent. I was the only person on my team that was not sick. Yeah, everybody else had COVID or flu or something. And then of course I just, you know, did a bunch of stuff at home that needed to get done, that I'd been putting off, but so it wasn't a waste of time. But, hey, I'm not going to look a gift horse in the mouth on that one. Yeah right, all right, everyone, thanks for joining us and we'll see you next time. Hi everyone, it's Tim and this has been the Cables to Clouds podcast. Thanks for tuning in today. If you enjoyed our show, please subscribe to us in your favorite podcast catcher, as well as subscribe and turn on notifications for our YouTube channel to be notified of all our new episodes. Follow us on socials at Cables2Clouds. You can also visit our website for all the show notes at Cables2Cloudscom. Thanks again for listening and see you next time.