Is there a run on cloud native security firms? View in browser »
The New Stack Update

ISSUE 170: Firewall Sale

Talk Talk Talk

“To start a project, you need three things: a read me, a license file and a code of conduct.”

Add It Up
Legacy Customers’ Concerns Propel Oracle’s Move Towards Microsoft

Two recent reports by consulting firms show that Oracle-using customers are often opting to stay with the company when migrating to the cloud, but that this is not necessarily their first option. Oracle will likely continue to gain cloud market share as its legacy customers migrate their workloads but that does not mean it will be competing directly with AWS and Azure for the lion’s share of IaaS enterprise spending.

App Associates’ “Oracle to the Cloud: Top 5 Myths, Debunked” found that 79% of its survey of 300+ Oracle customers at midsize and large enterprises want to move these workloads to the cloud (public, private IaaS) but feel there are too many risks moving to a third-party, non-Oracle IaaS. Specifically, 55% are concerned that moving to the cloud will increase their chances of an Oracle compliance audit, and 49% are worried that Oracle won’t support them after a migration.

Thirty-two percent of those surveyed had already been migrated to the legacy Oracle applications or databases cloud, with another 59% planning to do so. The report’s authors believe that many of these companies would move to migrate Oracle applications to the cloud if they had a clear path forward. Perhaps the Microsoft/Oracle announcement provides that path.

Rimini Street’s survey of 205 Oracle customers found slightly fewer companies having made the move to the cloud, with 26% having already migrated their Oracle deployment to a cloud-hosted environment. Another 26% have plans to move the Oracle deployment to the cloud, but only 27% plan to use Oracle Cloud. If these plans come to fruition, we expect that the percentage of enterprises using Oracle for cloud infrastructure will continue to grow at a fast clip (see data from 2017 and 2019). On the SaaS front, 9% of the survey has already migrated on-premises Oracle software (e.g., PeopleSoft) to versions that are delivered as a service, with another 11% planning to do so.

What's Happening

Wiebe de Roos, a continuous integration/continuous deployment (CI/CD) consultant and engineer for ABN Amro, one of The Netherlands largest banks with over 22,000 employees, joined the company when the bank was beginning its shift to CI/CD through its DevOps/DevSecOps initiative. The reasons management decided its developer teams needed to make the shift included late deliveries and less-than-stellar innovation on the application front. “The teams were not really mature,” Roos said.

In this edition of The New Stack Makers podcast recorded during the KubeCon + CloudNativeCon conference held in Barcelona at the end of May, Roos was joined by ABN Amro’s secure coding and AI team lead Dominik de Smit. They spoke with the host, Alex Williams, founder and editor-in-chief of The New Stack, about ABN Amro’s CI/CD, DevOps and DevSecOps journey. They also discussed the tools the development teams use, such as those Twistlock provides for containers and cloud native security, and how they have also played an essential role in meeting the real-world development, operational and security challenges they face.

How One of The Netherlands’ Largest Banks Got CI/CD

Firewall Sale

Is there a run on cloud native security firms?

Last we saw enterprise security software company Palo Alto Networks announce its intent to purchase container security provider Twistlock and serverless security provider PureSec. Palo Alto already has put up a considerable portfolio of security tools, including threat prevention services, firewalls, endpoint protection, the Cortex continuous integration platform and the Prisma cloud security suite (the last of which it plans to roll in technologies from both Twistlock and PureSec). 

Palo Alto is finding, as we already know in the cloud native community, that container and serverless security comes with their own unique attack vectors, and require at least some new tech and domain-specific expertise. As you may know, Twistlock offers a truly comprehensive cloud native security platform, providing holistic coverage across hosts, containers, and serverless in a single platform. Twistlock, which Palo Alto plans to purchase for $410 million, is cloud native and API enabled. PureSec (estimated purchase price between $60 and $70 million) enables its customers to build and maintain secure and reliable serverless applications.

As Kubernetes works itself into the marketplace, the traditional security software vendors know they have to do something to meet customer demands. This is why industry observers are predicting more such acquisitions. “It’s clear that every major IT vendor is considering its cloud native strategy. VMware acquired Heptio, NetApp acquired StackPointCloud, Microsoft invested in Aqua Security … the list goes on,” Suresh Vasudevan, CEO of cloud native visibility and security platform Sysdig, told The New Stack. “Add to this the fact that every major cloud provider is retooling their offerings to provide development and operations capabilities for Kubernetes and containers, and you can imagine how things will evolve.”

As TechCrunch reporter Ron Miller pointed out (registration required), over $1.5 billion was spent on such acquisitions recently. He also pointed to FireEye buying Verodin for $250 million, and Insight Partners investing $780 million in threat intelligence company Recorded Future.

The messages from all these investments is obvious: If cloud native computing does make its way deep into the enterprise, then cloud native security will be required as well.

Honeycomb: Making Debugging, Collaboration Easier

Honeycomb, the San Francisco-based observability software startup, has introduced new features designed to help DevOps and site reliability engineering (SRE) teams more easily analyze event-based production data and address problems faster. One feature, BubbleUp, allows users to select suspect areas of heat maps to investigate anomalous behavior. Distributed Tracing can be accessed with a click directly from line graphs, histograms, or heatmaps to easily navigate across services, examine crucial details and discover latency, errors or duplicates. Collaboration features were added so users can share and search query history, replay debugging steps, curate dashboards for new team members and more. Honeycomb aims to empower the developer or the operator to ask questions like ‘What’s going on that’s weird?”

Deep Learning AI Generates Convincing Deepfake Videos of Mona Lisa

This article explores deepfakes, where images and videos of real people can be synthesized into fake videos using deep learning AI techniques. The Samsung AI Center in Moscow recently demonstrated with a series of jaw-droppingly impressive deepfake videos that were produced using only a handful of images — including some that were created from well-known historical paintings.

Cell-Based Architecture: A New Decentralized Approach for Cloud Native Patterns

WSO2 has introduced a new architectural pattern for distributed systems, called the Cell Architecture. This approach aims to minimize centralized dependencies and move integration into the agile development pipeline, making organizations more responsive to business needs.

Party On

A “Wolverine Welcome” to the Kubernetes "Boothday" party at KubeCon + CloudNativeCon in Barcelona, (left to right) Jeffrey Sica and Bob Killen from the University of Michigan.

Yes, you’re seeing double, plus one! (left to right) Ukranians Marianna Diachuk of SynergyOne and Anastasia Teslenki of Inch Kiev, and Roksolana Diachuk of Ciklum, at the Kubernetes "Boothday" party at KubeCon + CloudNativeCon in Barcelona.

Supergiant brought the sparkle: Mark Brandon (left) and Kateryna Nazina at the attendee party at KubeCon + CloudNativeCon in Barcelona.

Happy Boothday from Red Hat’s (left to right) Michael Peterson and Maru Newby.

This is what a hacker looks like: Heroku’s Ian Coldwater.

On The Road
KubeCon + CloudNativeCon and Open Source Summit // JUNE 25 // SHANGHAI, CHINA @ SHANGHAI EXPO CENTRE


KubeCon + CloudNativeCon and Open Source Summit
In 2019, KubeCon + CloudNativeCon and Open Source Summit combine together for one event in China. KubeCon + CloudNativeCon gathers all CNCF projects under one roof. Join The New Stack as we interview leading technologists from open source cloud native communities. Register now!
The New Stack Makers podcast is available on: — Pocket CastsStitcher — Apple PodcastsOvercastSpotifyTuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.
Free Guide to Cloud Native DevOps Ebook

Cloud native technologies — containers, microservices and serverless functions that run in multicloud environments and are managed through automated CI/CD pipelines — are built on DevOps principles. You cannot have one without the other. However, the interdepencies between DevOps culture and practices and cloud native software architectures are not always clearly defined.

This ebook helps practitioners, architects and business managers identify these emerging patterns and implement them within an organization. It informs organizational thinking around cloud native architectures by providing original research, context and insight around the evolution of DevOps as a profession, as a culture, and as an ecosystem of supporting tools and services. 

Download The Ebook
We are grateful for the support of our ebook sponsors:

Copyright © 2019 The New Stack, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list