Welcome to episode 281 of The Cloud Pod, where the forecast is always cloudy! Justin and Ryan are your hosts as we search the clouds for all the latest news and info. This week we’re talking about ECS turning 10 (yes, we were there when it was announced, and yes, we’re old,) some more drama from the CrowdStrike fiasco, lots of updates to GitHub, plus more. Join us!
Titles we almost went with this week:
- Github Universe full of ECS containers
- Github Universe lives up to the Universal expectations
A big thanks to this week’s sponsor:
We’re sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You’ve come to the right place! Send us an email or hit us up on our slack channel for more info.
Follow Up
01:09 Dr. Matt Woods ended up at PWC as chief innovation officer
- YAWN
- What exactly does a chief innovation officer at PWC do? Is this like a semi-retirement?
General News
01:44 TSA silent on CrowdStrike’s claim Delta skipped required security update
- Delta isn’t backing down with CrowdStrike, and in a court filing said CrowdStrike should be on the hook for the entire $500M in losses, partly because CrowdStrike has admitted that it should have done more testing and staggered deployments to catch bugs.
- Delta further alleges that CrowdStrike postured as a certified best-in-class security provider who “never cuts corners,” while secretly designing its software to bypass Microsoft security certifications to make changes at the core of Delta’s computer systems without Delta’s knowledge.
- Delta says they would never have agreed to such a dangerous process if it had been disclosed.
- In its testimony to Congress, CrowdStrike said that they follow standard protocols, and that they are protecting against threats as they evolve.
- CrowdStrike is also accusing Delta of failing to follow laws, including best practices established by the TSA.
- According to CrowdStrike, most customers were up within a day of the issue – while Delta took 5 days.
- Crowdstrike alleges that Delta’s negligence caused this in following the TSA requirements designed to ensure that no major airline ever experiences prolonged system outages.
- CrowdStrike realized Delta failed to follow the requirements when its efforts to help remediate the issue revealed alleged technological shortcomings and failures to follow security best practices, including outdated IT systems, issues in Delta’s AD environment and thousands of compromised passwords.
- Delta threatened to sue Microsoft as well as CrowdStrike, but has only named CrowdStrike to date in the lawsuits.
3:48 Ryan – “It’s a tool that needs to evolve very quickly to emerging threats. And while the change that was pushed through shouldn’t have gone through that particular workflow, and that’s a mistake, I do think that that should
