March 12, 2025 • 18 mins
Cloud security threats continue to evolve at an alarming pace, with state-sponsored actors developing increasingly sophisticated attack strategies. We dive into the emergence of China's Silk Typhoon group, which represents the concerning evolution of previous Salt Typhoon attacks. While initially targeting service provider infrastructure, these attackers are now leveraging stolen credentials to compromise enterprise cloud accounts through password spraying and API key theft. This progression demonstrates why encryption through provider networks is essential and why organizations must remain vigilant even when threats initially appear to target only their service providers.
Europe is making bold moves toward cloud standardization with the Sovereign European Cloud API (SECA) initiative. This collaborative effort between European cloud providers aims to create true interoperability across cloud platforms, potentially ending vendor lock-in for organizations operating in the EU. Drawing parallels to the USB-C standardization for mobile devices, this regulatory approach could force major cloud service providers to adapt their proprietary interfaces to maintain access to the European market. While technical challenges remain significant given the diverse service offerings across providers, the economic importance of Europe means this initiative deserves close attention as it could fundamentally change how organizations interact with cloud infrastructure globally.
The Kubernetes security landscape is evolving beyond traditional cluster protection with Aviatrix's launch of its Kubernetes Cloud Firewall. Rather than competing in the crowded space of intra-cluster security, this solution addresses the often-overlooked challenge of securing egress traffic and integrations between Kubernetes workloads and legacy systems. By reading the Kubernetes API to build security policies based on native attributes like pods and namespaces, the firewall helps organizations manage the reality that few environments are purely containerized. Looking to enhance your cloud security posture across hybrid environments? Subscribe to our podcast for more insights and visit https://www.cables2clouds.com for comprehensive show notes and resources.
Check out our book!
https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/
Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/
Check out the Fortnightly Cloud Networking News
https://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/
Visit our website and subscribe: https://www.cables2clouds.com/
Follow us on BlueSky: https://bsky.app/profile/cables2clouds.com
Follow us on YouTube: https://www.youtube.com/@cables2clouds/
Follow us on TikTok: https://www.tiktok.com/@cables2clouds
Merch Store: https://store.cables2clouds.com/
Join the Discord Study group: https://artofneteng.com/iaatj
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Tim McConnaughy (00:00):
I want to know who gets paid to come up with
the names.
Dude, that's the job.
That's the job I need.
Chris Miles (00:05):
Just sit at a desk and say you know what Typhoon
I'm going on break?
That's right.
Tim McConnaughy (00:09):
That's right, give me my six-figure salary.
Chris Miles (00:14):
Yeah, Reminds me of that Mitch Hedberg joke.
I don't know if you rememberthat one where he's talking to
me.
He's like I want to be the guythat just names kitchen
(00:40):
appliances.
Tim McConnaughy (00:41):
Oh yeah, so good.
Hello and welcome back toanother episode of the Cables to
Clouds Fortnightly News.
With me, as always, is myco-host, chris Miles, at BGB
Main on Blue Sky.
Of course I'm at carpe-dmbpn onBlue Sky and, yeah, we're on
LinkedIn and stuff too, so youcan find us there.
But before we get into the newsthis week and it's going to be
(01:01):
a quick one Chris and I have aspecial announcement.
Uh, chris, you actually havethe physical artifact, so please
take it away.
Chris Miles (01:11):
Yeah, so I actually have a physical copy of our
book for the um AWS certified.
I got such a mouthful AWScertified advanced networking
specialty exam uh guide that weput out through PAC.
So I have a physical copy here,which is very cool to actually
see this come to fruition.
But so I guess we're takingthis opportunity to say the book
(01:32):
is finally published.
So if you order it, it will be,as far as I know, shipped
directly to you rather than thepre-order like we've been
plugging for the last month.
So sorry for kind of drowningyour ears with this stuff, but,
um, we're really excited to getthis out.
So, um, we're really pleasedwith the final product.
I don't want to speak for Timspecifically, but, uh, I think
(01:53):
it came out really well.
So, um, please check the shownotes, um, and we'll uh, we'll
put a link in there for the book.
No-transcript, brother, none ofus were.
(02:32):
Well, we did this.
Uh, it forces you to to get tothat point very fast.
Tim McConnaughy (02:38):
So yeah, yeah, I mean we know what we know and
we're both ans certified and allof that, but like it's just
there's, you know, it is it'sdifference between knowing it,
working with it, and thenknowing it to the point where
you can write a certificationbook about it, right.
So, anyway, all right, let's uh, let's jump right into it.
So, uh, in the news, um, thisweek, from data breach, today is
an article, uh, entitledchina's silk typhoon is tied to
(03:02):
cloud service provider hacks.
So Silk Typhoon is a differentstate-sponsored cyber what do
they call it?
Cyber espionage group in China.
So we've been talking aboutSalt Typhoon.
You've seen it all over theinternet by this point, where
Salt Typhoon is another group inChina and their latest hack
(03:24):
attack, if you will, is theywere doing a compromise of
service providers, so serviceprovider routers, infrastructure
and then basically harvestingdata all right off the wire for
with unencrypted traffic becausethey had access.
Basically they were.
They were essentially man inthe middle type attacks.
They could because they hadaccess.
Basically they were essentiallyman-in-the-middle type attacks.
(03:45):
They could just pull data rightoff of those routers.
So this is a follow-on to that.
So there's this group.
The Silk Typhoon group isactually essentially exploiting
what was found, like exploitingthe data that was harvested from
Salt Typhoon to actually startinvading people's's like cloud
accounts.
(04:05):
There's, you know, you take alook at this article, there's a.
There's a bunch of of,basically, data that was
compromised and taken and, youknow, the the group is using it
to to further compromise nowenterprises.
So a lot of people, a lot ofenterprises, looked at salt
typhoon and they said, eh, wedon't.
You know, that's, that's not us, right?
We're not getting hacked, it'sour service providers.
Well, this is actually the, thefollow on, if you will, the,
(04:29):
the extension of that attack,which a lot of cybersecurity
experts were warning was coming.
You know, when somebody cansteal your credentials, it's
like being in a, it's like beingin one of those.
You get the email and it's hey,we got hacked and your data's
gone.
You know they sold your data.
It may not be today, but atsome point.
(04:50):
If you don't change yourpasswords, you can pretty much
guarantee that somebody is goingto make use of that data, right
?
So this is it.
We've been blowing this hornfor a while ourselves on the
podcast, but also, you know, atAviatrix, talking about how
encryption you know as asthrough the provider network is
really important.
Um, and this really kind ofbecause the show that it's this
(05:13):
is the reason, right, soanything to add there um, not
much.
Chris Miles (05:17):
I mean, I will say this didn't come out as, like
some, like newfound attack,necessarily.
To me it seems like they wereusing pretty common, you know
common methods like passwordspraying across publicly
accessible devices and prettymuch elevated that to getting
access to cloud accounts, cloudmanagement providers, et cetera,
(05:39):
and you know, and then going inonto stealing API keys, which
is, you know, obviously a big, abig, uh, bad thing actually.
Yes, I should say um, but yeah,it's um.
One thing I didn't learn, or Idid learn from this that I
didn't know about, was how thename silk typhoon came out of
(06:01):
this.
So like, typhoon is apparentlythe classification of just the
threat actor.
So that was just a littletidbit I didn't know.
So you know, there was, therewas a link to a Microsoft page
where they're all classified andthey each have unique names.
Yeah, like Russia's blizzard,china's typhoon, iran is
(06:21):
sandstorm and then's uh, even uh, kind of lower level uh
classifications from there,which is, which is pretty cool I
want to know who gets paid tocome up with the names.
Tim McConnaughy (06:30):
Dude, that's the job.
That's the job I need.
Chris Miles (06:32):
Yeah, just sit a sit a sit at a desk and say you
know what typhoon I'm going onbreak?
That's right.
Tim McConnaughy (06:38):
Well, that's right.
Give me my six, six figuresalary, yeah reminds me of that,
uh, mitch hedberg joke.
Chris Miles (06:43):
I don't know if you remember that one where he's
Give me my six-figure salary.
Reminds me of that MitchHedberg joke.
I don't know if you rememberthat one where he's talking
about he's like I want to be theguy that just names kitchen
appliances.
Tim McConnaughy (06:53):
Oh yeah, so good, yeah, excellent, yeah.
So I mean, we're just going tohave to keep an eye on this one.
Right?
This is in the wild, this ishappening.
It's a mix.
It's a mix of previous exploitsand, like Chris said, there's
always just the tried and true.
You know weak passwordencryption, weak password, brute
(07:16):
forcing and whatnot.
So it's happening.
So keep your stuff encrypted.
Chris Miles (07:23):
Definitely All right.
Next up, we have an articlefrom NetworkWorldcom which is
very interesting, titled theSovereign European Cloud API
Claims to Offer InteroperabilityWithout Lock-in.
So this article I'll be honest,I'd heard nothing about this
prior to finding this, shortlybefore we recorded the show yeah
(07:46):
same about this prior tofinding this shortly before we
recorded the show.
Yeah, same, but it's actually avery interesting concept in that
Europe is kind of leading thecharge on things like
interoperability.
I'm seeing this as somewhat asthe iPhone going to USB-C type
moment maybe for the cloudoperators, going to USB-C type
(08:10):
moment maybe for the cloudoperators, but, in short,
basically a collaborationbetween a couple of European
cloud providers called Aruba andIONOS, and a cloud marketplace
called Dynamo are basically inthe process of creating
something called the SovereignEuropean Cloud API or SECA, and
it sounds like this API ispretty much a way for the large
(08:31):
cloud providers and platforms toincrease interoperability and
kind of create a unified APIthat can be used for
orchestrating infrastructureacross hybrid cloud and
multi-cloud environments hybridcloud and multi-cloud
environments and kind of youknow, kind of you know, creating
(08:56):
this unified mechanism so thatcustomers can use, I guess, any
cloud provider that they shouldwant with the same API structure
that they would use in any ofthe other ones.
This was kind of a thing thatat a at a very high level, it
sounded cool to me.
I was like, okay, that's, thatsounds very interesting.
But like I couldn't help butstart thinking about the lower
(09:16):
layers of it and the technicalpieces of it, and I'm like I
don't know how the hell thiswould work with the major CSPs.
They all have differentservices, they all interact very
different ways.
It's not just always, you know,carbon copy of column A, column
B type thing.
So I don't know exactly howthis would work, but very
(09:37):
interesting concept and you know, the EU does push a lot of
regulations that force the handof these tech giants sometimes,
so I guess it could be a thing.
How do you feel, tim?
Tim McConnaughy (09:52):
Yeah.
So I think what you're going torun into here is either it's
going to have to be compulsory,like the short answer is, the
CSPs are not going to do itunless they absolutely have to
do it to do business in the EU,probably.
But I'm right there with you.
I'm like the only way.
There's only two ways thiscould technically function.
I think I figure right.
(10:13):
One is whatever this uhalliances or whatever that this
api, this common api thatthey're building, would be like
a third party abstraction layer,like a third-party abstraction
layer like you send your APIcall to our formatted single-use
API and then we figure out whatto do on the back end to talk
(10:35):
to the API and to the CSPs.
Or somehow they're going tobuild the framework and tell the
CSPs basically like hey, youneed to build support for this
into your platform so thatpeople can send it straight to
you, but we own the framework ofthe API, basically.
So I don't see that one flying.
(10:57):
But I mean, then again, if youwant to cut out the entire
European market, I guess maybenot even Microsoft was ready to
do that right.
So back in the 90s and theearly, early two thousands when
they were on trial for you know,antitrust stuff and whatnot.
Yeah, that that's.
That's the only way I see itworking.
Chris Miles (11:17):
Yeah, I mean in that, in that scenario, like if
I guess what?
Like the European market isobviously too big to just kind
of do away with, right for anyof the major CSPs.
So I mean, if one cloudprovider chose not to adopt this
, then that's going to be amajor advantage for the other
two to say like well, we'll doit, and that's going to be kind
(11:38):
of a, you know, a very fruitfulendeavor for them.
I don't think that's how it'llshake down, but they kind of all
have either they none of themhave to participate or all of
them have to participate typething.
Tim McConnaughy (11:53):
Yeah, and that's why it's going to back.
It has to go back to compulsory, because if you look at the
csps, there's absolutely noreason for any of them to be
first, you know, to jump on theboard of that and be like, yeah,
of course I'll, I'll do thisright, that's the thing.
Chris Miles (12:05):
Jump on the board of that and be like yeah, of
course I'll, I'll do this Right.
That's the thing like kind ofwhat I was getting at with the,
the iPhone USB-C type thing,like if, if it gets forced in
this market, there's no reasonwhy it couldn't permeate to
other markets as well.
Um, so, you know that's itcould be kind of a um, uh, a
change in, uh or a shift in howwe interact with the cloud
(12:26):
altogether.
Um, you know if this actuallycomes to fruition, but, um, very
early days, so hard to tell.
But yeah, it could be.
Yeah, it could be quite a uh,quite a rift well, and this is a
european initiative, right.
Tim McConnaughy (12:39):
So, it being a european initiative, does this
work?
Does this hold up in othercountries?
Would there be like an, an, ananz initiative, like?
Like the, the, the.
What I mean by that is like the, the framework, the api, the.
Does this hold up in othercountries?
Would there be like an ANZinitiative?
Like what I mean by that islike the framework, the API, the
standard that they're trying tobuild right is being built in
the EU.
Would it be something wherethey would adopt it worldwide if
(13:00):
it did permeate to othermarkets, or would everybody be
building their own?
Like?
It wouldn't make any sense,right, that wouldn't make any
sense.
Chris Miles (13:06):
Not necessarily that they'd all build their own,
but that's the thing is likethe cloud providers don't change
from region to region, right?
Right, exactly the way youinteract with it in Europe is
the same that you interact withit in Australia, except for
China.
Yeah, china being the obviousoutlier.
So I don't think we're evergoing to see this in.
Tim McConnaughy (13:23):
China, yeah right.
Chris Miles (13:24):
But yeah, I mean, the way you interact with it is
always the same.
So I mean there's definitely areason for this to make its way,
like if one API structure getsadopted in Europe, then that
forces company A or company.
B that operates in Europe tohave a different interaction
(13:47):
mechanism in Europe thaneverywhere else.
So there's going to be a marketfor someone else to put it in
US, put it in Australia,wherever right it's going to
happen.
Tim McConnaughy (13:56):
I think, if this works out, yeah, we'll just
have to keep an eye on it, seeif it gets traction and, like I
said, I think it'll end uphaving to be compulsory to get
the real traction and there'llbe a huge fight against it.
But hey, let's hopeInteroperability is good for
everybody ultimately.
All right, we got one more, andthis one is from our own
(14:18):
company.
This week, aviatrix launchedthe Kubernetes Cloud Firewall
and this is a new capability.
You'll find the link in theshow notes.
By the way, it's on our.
Oh, actually, the one I put inthere is actually from
cloudnativenowcom.
So we didn't use our own pressrelease.
We used the Cloud Native Now,which is reporting on the launch
(14:41):
of the Kubernetes Firewall.
So the big thing about theKubernetes Firewall is it's
really just an extension of ourown Cloud Firewall product.
It's a new capability with newuse cases for Kubernetes.
I don't want to get into a.
You know, it's not like.
Maybe we'll do a product demoat some time just to show
everybody what that looks like,but this just in terms of the
(15:02):
news itself.
The news is, of course, thatwe've launched this feature and
it's going to provide, you know,relief from, say, overlapping
IPs.
We have a pretty advanced snapcapabilities.
So it's got you know all of thedistributed cloud firewall
stuff that we already do.
You can basically leverage that, but also use Kubernetes
(15:24):
attributes.
You can onboard your clustersand then the clusters we
basically would read a cloudasset inventory, which is
reading the cube API forreconciliation of workloads, of
pods, namespaces, all of that,so you can build security policy
based on Kubernetes attributes,which is pretty cool.
(15:46):
Now a lot of people are askingwhat we do inside the cluster,
and actually we veryspecifically chose not to build
a product that goes inside theKubernetes cluster, and there's
a couple of reasons for that.
One, of course, is that theproduct just isn't built to go
to do that we're not a CNI right.
And the more important one isthat the product just isn't
built to go to do that we're nota CNI right.
And the more important one isthat, truthfully, I mean you
(16:08):
look at Cilium Calico, you lookat Istio Linkerd, like that's
covered right, like there's notreally a reason to build a
product to go inside theKubernetes clusters and start
offering security policy inthere.
Yeah, why build a product thatalready exists and does its job
really well?
So we chose to focus instead onthe idea of okay.
(16:30):
Well, what about when you'releaving the cluster?
What does that look like?
Right?
What about when you'reintegrating with legacy
workloads?
Because I don't know of anycompany maybe a couple
Greenfield startups or somethingthat are fully Kubernetes, like
their entire application stackis microservices.
Most people have some kind oflegacy, whether it be on-prem,
whether it be in the cloud,whether it be PaaS services like
(16:52):
RDS for databases.
We're still not putting a lotof static or rather stateful
services in Kubernetes.
You know there's a lot of needfor egress as well to the
internet.
Um, you know being able to doweb proxy and do a security for
that as well.
So, uh, that's kind of wherewe're thinking about playing.
Um, anything to add to that?
(17:13):
Chris?
I missed.
Chris Miles (17:15):
No, I think I think you covered it.
I mean, obviously this is apress release, but you and I
obviously know a little bit morebehind the covers about the
press release.
So, um, the yeah, I think that,like you said, tim, is like
there's, there's, there's a lotof products out there that solve
the intra cluster um securityproblem in in in very good ways,
right, um, but it's kind ofharder to kind of take that like
(17:38):
higher level view and look atthe entire network as a um, uh,
as an entire system, entiresystem, and be able to ingest
native things about the clustersusing APIs or, you're sorry,
using the cube API, and use thatin security policy for
interacting either with otherclusters or other resources on
the network.
(17:58):
So that's kind of the view thatwe took and, yeah, we're seeing
a lot of traction with this, soit's a really cool product.
So, yeah, I think that's aboutit Cool.
Tim McConnaughy (18:10):
Cool and yeah, maybe in a future show we'll
show it off, not as like asponsored by thing, but just we
think it's a pretty cool product.
It's brand new and a lot ofpeople haven't seen it and we
get a lot of questions about it.
So, yeah, um, okay, and thatwill close us out for uh this
week, I think.
So go ahead and uh, download us, listen to us, watch us, um, do
(18:35):
all the normal things listening.
Chris Miles (18:36):
You've probably already downloaded this, but
that's a good point, yeah, sodownload the rest of them.
Tim McConnaughy (18:40):
Download the rest of the episodes, episodes,
or download the episode thatcomes out a week after this one.
Chris Miles (18:46):
Yeah, that would be good as well.
That's the most important thing.
Tim McConnaughy (18:48):
Yeah, good call , but yeah, no.
Thanks for hanging out with usand we'll see you next time on
the news.
Hi everyone, it's Tim and thishas been the Cables to Clouds
podcast.
Thanks for tuning in today.
If you enjoyed our show, pleasesubscribe to us in your
(19:09):
favorite podcast catcher, aswell as subscribe and turn on
notifications for our YouTubechannel to be notified of all
our new episodes.
Follow us on socials at Cablesto Clouds.
You can also visit our websitefor all the show notes at
cables2cloudscom.
Thanks again for listening andsee you next time.
I want to know who gets paid to come up with
the names.
Dude, that's the job.
That's the job I need.
Chris Miles (00:05):
Just sit at a desk and say you know what Typhoon
I'm going on break?
That's right.
Tim McConnaughy (00:09):
That's right, give me my six-figure salary.
Chris Miles (00:14):
Yeah, Reminds me of that Mitch Hedberg joke.
I don't know if you rememberthat one where he's talking to
me.
He's like I want to be the guythat just names kitchen
(00:40):
appliances.
Tim McConnaughy (00:41):
Oh yeah, so good.
Hello and welcome back toanother episode of the Cables to
Clouds Fortnightly News.
With me, as always, is myco-host, chris Miles, at BGB
Main on Blue Sky.
Of course I'm at carpe-dmbpn onBlue Sky and, yeah, we're on
LinkedIn and stuff too, so youcan find us there.
But before we get into the newsthis week and it's going to be
(01:01):
a quick one Chris and I have aspecial announcement.
Uh, chris, you actually havethe physical artifact, so please
take it away.
Chris Miles (01:11):
Yeah, so I actually have a physical copy of our
book for the um AWS certified.
I got such a mouthful AWScertified advanced networking
specialty exam uh guide that weput out through PAC.
So I have a physical copy here,which is very cool to actually
see this come to fruition.
But so I guess we're takingthis opportunity to say the book
(01:32):
is finally published.
So if you order it, it will be,as far as I know, shipped
directly to you rather than thepre-order like we've been
plugging for the last month.
So sorry for kind of drowningyour ears with this stuff, but,
um, we're really excited to getthis out.
So, um, we're really pleasedwith the final product.
I don't want to speak for Timspecifically, but, uh, I think
(01:53):
it came out really well.
So, um, please check the shownotes, um, and we'll uh, we'll
put a link in there for the book.
No-transcript, brother, none ofus were.
(02:32):
Well, we did this.
Uh, it forces you to to get tothat point very fast.
Tim McConnaughy (02:38):
So yeah, yeah, I mean we know what we know and
we're both ans certified and allof that, but like it's just
there's, you know, it is it'sdifference between knowing it,
working with it, and thenknowing it to the point where
you can write a certificationbook about it, right.
So, anyway, all right, let's uh, let's jump right into it.
So, uh, in the news, um, thisweek, from data breach, today is
an article, uh, entitledchina's silk typhoon is tied to
(03:02):
cloud service provider hacks.
So Silk Typhoon is a differentstate-sponsored cyber what do
they call it?
Cyber espionage group in China.
So we've been talking aboutSalt Typhoon.
You've seen it all over theinternet by this point, where
Salt Typhoon is another group inChina and their latest hack
(03:24):
attack, if you will, is theywere doing a compromise of
service providers, so serviceprovider routers, infrastructure
and then basically harvestingdata all right off the wire for
with unencrypted traffic becausethey had access.
Basically they were.
They were essentially man inthe middle type attacks.
They could because they hadaccess.
Basically they were essentiallyman-in-the-middle type attacks.
(03:45):
They could just pull data rightoff of those routers.
So this is a follow-on to that.
So there's this group.
The Silk Typhoon group isactually essentially exploiting
what was found, like exploitingthe data that was harvested from
Salt Typhoon to actually startinvading people's's like cloud
accounts.
(04:05):
There's, you know, you take alook at this article, there's a.
There's a bunch of of,basically, data that was
compromised and taken and, youknow, the the group is using it
to to further compromise nowenterprises.
So a lot of people, a lot ofenterprises, looked at salt
typhoon and they said, eh, wedon't.
You know, that's, that's not us, right?
We're not getting hacked, it'sour service providers.
Well, this is actually the, thefollow on, if you will, the,
(04:29):
the extension of that attack,which a lot of cybersecurity
experts were warning was coming.
You know, when somebody cansteal your credentials, it's
like being in a, it's like beingin one of those.
You get the email and it's hey,we got hacked and your data's
gone.
You know they sold your data.
It may not be today, but atsome point.
(04:50):
If you don't change yourpasswords, you can pretty much
guarantee that somebody is goingto make use of that data, right
?
So this is it.
We've been blowing this hornfor a while ourselves on the
podcast, but also, you know, atAviatrix, talking about how
encryption you know as asthrough the provider network is
really important.
Um, and this really kind ofbecause the show that it's this
(05:13):
is the reason, right, soanything to add there um, not
much.
Chris Miles (05:17):
I mean, I will say this didn't come out as, like
some, like newfound attack,necessarily.
To me it seems like they wereusing pretty common, you know
common methods like passwordspraying across publicly
accessible devices and prettymuch elevated that to getting
access to cloud accounts, cloudmanagement providers, et cetera,
(05:39):
and you know, and then going inonto stealing API keys, which
is, you know, obviously a big, abig, uh, bad thing actually.
Yes, I should say um, but yeah,it's um.
One thing I didn't learn, or Idid learn from this that I
didn't know about, was how thename silk typhoon came out of
(06:01):
this.
So like, typhoon is apparentlythe classification of just the
threat actor.
So that was just a littletidbit I didn't know.
So you know, there was, therewas a link to a Microsoft page
where they're all classified andthey each have unique names.
Yeah, like Russia's blizzard,china's typhoon, iran is
(06:21):
sandstorm and then's uh, even uh, kind of lower level uh
classifications from there,which is, which is pretty cool I
want to know who gets paid tocome up with the names.
Tim McConnaughy (06:30):
Dude, that's the job.
That's the job I need.
Chris Miles (06:32):
Yeah, just sit a sit a sit at a desk and say you
know what typhoon I'm going onbreak?
That's right.
Tim McConnaughy (06:38):
Well, that's right.
Give me my six, six figuresalary, yeah reminds me of that,
uh, mitch hedberg joke.
Chris Miles (06:43):
I don't know if you remember that one where he's
Give me my six-figure salary.
Reminds me of that MitchHedberg joke.
I don't know if you rememberthat one where he's talking
about he's like I want to be theguy that just names kitchen
appliances.
Tim McConnaughy (06:53):
Oh yeah, so good, yeah, excellent, yeah.
So I mean, we're just going tohave to keep an eye on this one.
Right?
This is in the wild, this ishappening.
It's a mix.
It's a mix of previous exploitsand, like Chris said, there's
always just the tried and true.
You know weak passwordencryption, weak password, brute
(07:16):
forcing and whatnot.
So it's happening.
So keep your stuff encrypted.
Chris Miles (07:23):
Definitely All right.
Next up, we have an articlefrom NetworkWorldcom which is
very interesting, titled theSovereign European Cloud API
Claims to Offer InteroperabilityWithout Lock-in.
So this article I'll be honest,I'd heard nothing about this
prior to finding this, shortlybefore we recorded the show yeah
(07:46):
same about this prior tofinding this shortly before we
recorded the show.
Yeah, same, but it's actually avery interesting concept in that
Europe is kind of leading thecharge on things like
interoperability.
I'm seeing this as somewhat asthe iPhone going to USB-C type
moment maybe for the cloudoperators, going to USB-C type
(08:10):
moment maybe for the cloudoperators, but, in short,
basically a collaborationbetween a couple of European
cloud providers called Aruba andIONOS, and a cloud marketplace
called Dynamo are basically inthe process of creating
something called the SovereignEuropean Cloud API or SECA, and
it sounds like this API ispretty much a way for the large
(08:31):
cloud providers and platforms toincrease interoperability and
kind of create a unified APIthat can be used for
orchestrating infrastructureacross hybrid cloud and
multi-cloud environments hybridcloud and multi-cloud
environments and kind of youknow, kind of you know, creating
(08:56):
this unified mechanism so thatcustomers can use, I guess, any
cloud provider that they shouldwant with the same API structure
that they would use in any ofthe other ones.
This was kind of a thing thatat a at a very high level, it
sounded cool to me.
I was like, okay, that's, thatsounds very interesting.
But like I couldn't help butstart thinking about the lower
(09:16):
layers of it and the technicalpieces of it, and I'm like I
don't know how the hell thiswould work with the major CSPs.
They all have differentservices, they all interact very
different ways.
It's not just always, you know,carbon copy of column A, column
B type thing.
So I don't know exactly howthis would work, but very
(09:37):
interesting concept and you know, the EU does push a lot of
regulations that force the handof these tech giants sometimes,
so I guess it could be a thing.
How do you feel, tim?
Tim McConnaughy (09:52):
Yeah.
So I think what you're going torun into here is either it's
going to have to be compulsory,like the short answer is, the
CSPs are not going to do itunless they absolutely have to
do it to do business in the EU,probably.
But I'm right there with you.
I'm like the only way.
There's only two ways thiscould technically function.
I think I figure right.
(10:13):
One is whatever this uhalliances or whatever that this
api, this common api thatthey're building, would be like
a third party abstraction layer,like a third-party abstraction
layer like you send your APIcall to our formatted single-use
API and then we figure out whatto do on the back end to talk
(10:35):
to the API and to the CSPs.
Or somehow they're going tobuild the framework and tell the
CSPs basically like hey, youneed to build support for this
into your platform so thatpeople can send it straight to
you, but we own the framework ofthe API, basically.
So I don't see that one flying.
(10:57):
But I mean, then again, if youwant to cut out the entire
European market, I guess maybenot even Microsoft was ready to
do that right.
So back in the 90s and theearly, early two thousands when
they were on trial for you know,antitrust stuff and whatnot.
Yeah, that that's.
That's the only way I see itworking.
Chris Miles (11:17):
Yeah, I mean in that, in that scenario, like if
I guess what?
Like the European market isobviously too big to just kind
of do away with, right for anyof the major CSPs.
So I mean, if one cloudprovider chose not to adopt this
, then that's going to be amajor advantage for the other
two to say like well, we'll doit, and that's going to be kind
(11:38):
of a, you know, a very fruitfulendeavor for them.
I don't think that's how it'llshake down, but they kind of all
have either they none of themhave to participate or all of
them have to participate typething.
Tim McConnaughy (11:53):
Yeah, and that's why it's going to back.
It has to go back to compulsory, because if you look at the
csps, there's absolutely noreason for any of them to be
first, you know, to jump on theboard of that and be like, yeah,
of course I'll, I'll do thisright, that's the thing.
Chris Miles (12:05):
Jump on the board of that and be like yeah, of
course I'll, I'll do this Right.
That's the thing like kind ofwhat I was getting at with the,
the iPhone USB-C type thing,like if, if it gets forced in
this market, there's no reasonwhy it couldn't permeate to
other markets as well.
Um, so, you know that's itcould be kind of a um, uh, a
change in, uh or a shift in howwe interact with the cloud
(12:26):
altogether.
Um, you know if this actuallycomes to fruition, but, um, very
early days, so hard to tell.
But yeah, it could be.
Yeah, it could be quite a uh,quite a rift well, and this is a
european initiative, right.
Tim McConnaughy (12:39):
So, it being a european initiative, does this
work?
Does this hold up in othercountries?
Would there be like an, an, ananz initiative, like?
Like the, the, the.
What I mean by that is like the, the framework, the api, the.
Does this hold up in othercountries?
Would there be like an ANZinitiative?
Like what I mean by that islike the framework, the API, the
standard that they're trying tobuild right is being built in
the EU.
Would it be something wherethey would adopt it worldwide if
(13:00):
it did permeate to othermarkets, or would everybody be
building their own?
Like?
It wouldn't make any sense,right, that wouldn't make any
sense.
Chris Miles (13:06):
Not necessarily that they'd all build their own,
but that's the thing is likethe cloud providers don't change
from region to region, right?
Right, exactly the way youinteract with it in Europe is
the same that you interact withit in Australia, except for
China.
Yeah, china being the obviousoutlier.
So I don't think we're evergoing to see this in.
Tim McConnaughy (13:23):
China, yeah right.
Chris Miles (13:24):
But yeah, I mean, the way you interact with it is
always the same.
So I mean there's definitely areason for this to make its way,
like if one API structure getsadopted in Europe, then that
forces company A or company.
B that operates in Europe tohave a different interaction
(13:47):
mechanism in Europe thaneverywhere else.
So there's going to be a marketfor someone else to put it in
US, put it in Australia,wherever right it's going to
happen.
Tim McConnaughy (13:56):
I think, if this works out, yeah, we'll just
have to keep an eye on it, seeif it gets traction and, like I
said, I think it'll end uphaving to be compulsory to get
the real traction and there'llbe a huge fight against it.
But hey, let's hopeInteroperability is good for
everybody ultimately.
All right, we got one more, andthis one is from our own
(14:18):
company.
This week, aviatrix launchedthe Kubernetes Cloud Firewall
and this is a new capability.
You'll find the link in theshow notes.
By the way, it's on our.
Oh, actually, the one I put inthere is actually from
cloudnativenowcom.
So we didn't use our own pressrelease.
We used the Cloud Native Now,which is reporting on the launch
(14:41):
of the Kubernetes Firewall.
So the big thing about theKubernetes Firewall is it's
really just an extension of ourown Cloud Firewall product.
It's a new capability with newuse cases for Kubernetes.
I don't want to get into a.
You know, it's not like.
Maybe we'll do a product demoat some time just to show
everybody what that looks like,but this just in terms of the
(15:02):
news itself.
The news is, of course, thatwe've launched this feature and
it's going to provide, you know,relief from, say, overlapping
IPs.
We have a pretty advanced snapcapabilities.
So it's got you know all of thedistributed cloud firewall
stuff that we already do.
You can basically leverage that, but also use Kubernetes
(15:24):
attributes.
You can onboard your clustersand then the clusters we
basically would read a cloudasset inventory, which is
reading the cube API forreconciliation of workloads, of
pods, namespaces, all of that,so you can build security policy
based on Kubernetes attributes,which is pretty cool.
(15:46):
Now a lot of people are askingwhat we do inside the cluster,
and actually we veryspecifically chose not to build
a product that goes inside theKubernetes cluster, and there's
a couple of reasons for that.
One, of course, is that theproduct just isn't built to go
to do that we're not a CNI right.
And the more important one isthat the product just isn't
built to go to do that we're nota CNI right.
And the more important one isthat, truthfully, I mean you
(16:08):
look at Cilium Calico, you lookat Istio Linkerd, like that's
covered right, like there's notreally a reason to build a
product to go inside theKubernetes clusters and start
offering security policy inthere.
Yeah, why build a product thatalready exists and does its job
really well?
So we chose to focus instead onthe idea of okay.
(16:30):
Well, what about when you'releaving the cluster?
What does that look like?
Right?
What about when you'reintegrating with legacy
workloads?
Because I don't know of anycompany maybe a couple
Greenfield startups or somethingthat are fully Kubernetes, like
their entire application stackis microservices.
Most people have some kind oflegacy, whether it be on-prem,
whether it be in the cloud,whether it be PaaS services like
(16:52):
RDS for databases.
We're still not putting a lotof static or rather stateful
services in Kubernetes.
You know there's a lot of needfor egress as well to the
internet.
Um, you know being able to doweb proxy and do a security for
that as well.
So, uh, that's kind of wherewe're thinking about playing.
Um, anything to add to that?
(17:13):
Chris?
I missed.
Chris Miles (17:15):
No, I think I think you covered it.
I mean, obviously this is apress release, but you and I
obviously know a little bit morebehind the covers about the
press release.
So, um, the yeah, I think that,like you said, tim, is like
there's, there's, there's a lotof products out there that solve
the intra cluster um securityproblem in in in very good ways,
right, um, but it's kind ofharder to kind of take that like
(17:38):
higher level view and look atthe entire network as a um, uh,
as an entire system, entiresystem, and be able to ingest
native things about the clustersusing APIs or, you're sorry,
using the cube API, and use thatin security policy for
interacting either with otherclusters or other resources on
the network.
(17:58):
So that's kind of the view thatwe took and, yeah, we're seeing
a lot of traction with this, soit's a really cool product.
So, yeah, I think that's aboutit Cool.
Tim McConnaughy (18:10):
Cool and yeah, maybe in a future show we'll
show it off, not as like asponsored by thing, but just we
think it's a pretty cool product.
It's brand new and a lot ofpeople haven't seen it and we
get a lot of questions about it.
So, yeah, um, okay, and thatwill close us out for uh this
week, I think.
So go ahead and uh, download us, listen to us, watch us, um, do
(18:35):
all the normal things listening.
Chris Miles (18:36):
You've probably already downloaded this, but
that's a good point, yeah, sodownload the rest of them.
Tim McConnaughy (18:40):
Download the rest of the episodes, episodes,
or download the episode thatcomes out a week after this one.
Chris Miles (18:46):
Yeah, that would be good as well.
That's the most important thing.
Tim McConnaughy (18:48):
Yeah, good call , but yeah, no.
Thanks for hanging out with usand we'll see you next time on
the news.
Hi everyone, it's Tim and thishas been the Cables to Clouds
podcast.
Thanks for tuning in today.
If you enjoyed our show, pleasesubscribe to us in your
(19:09):
favorite podcast catcher, aswell as subscribe and turn on
notifications for our YouTubechannel to be notified of all
our new episodes.
Follow us on socials at Cablesto Clouds.
You can also visit our websitefor all the show notes at
cables2cloudscom.
Thanks again for listening andsee you next time.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!