A scaling issue took out huge swaths of AWS last week. In the same week, the Log4j exploit required 84 updates from Amazon across dozens of their major AWS services. Every major software company has issued emergency patches and will be cleaning up the aftermath from this pervasive vulnerability for months, if not years. That is a problem, and the blame is only slightly on the Apache developers having a flaw in their software. Flaws and errors are going to happen, forever, even when DevSecOps is fully adopted. People make mistakes.
The problem here is the oversized impact of these flaws on companies that rely on AWS for critical and core aspects of their business. The weakness in most cloud strategies has been in the adoption of a single cloud platform or provider. Even when an organization uses multiple providers, their cloud hosted data and applications are not designed to fail over to another cloud, they just fail. Redundancy within a cloud system is great but a single point of failure, no matter how large or backed up, is still a single point of failure.
First, adopt new technology with a mandate to be multi- or hybrid-cloud. Demand failovers, at least for critical users and processes. If you can afford it, make sure data availability is part of that multi-cloud strategy.
Second, leadership needs to get on board and stop putting irrational constraints or mandates on the use of cloud resources and Zero Trust architecture. Yes, demand transparency, observability, and the data to support it but stop forcing your organization to use Azure because, “the CEO signed a memorandum.” Agreements like that put corporate privacy and security in jeopardy.
Third, get educated on the topics and know your options. Seek out companies that give you multi-cloud, reduce your IT costs, and at the same time, increase your Privacy and Security. Ask for responsiveness and partnership from your software vendors to understand their deployment strategy, dependencies and Software Bill of Materials.
And finally, get every last log4j instance patched across your organization. Reach out if you need us, we are here to help. https://www.replicacyber.com
___________________________________________________________________________________
Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.
Contact us to see how we can work together.