The (cloud) container store – Protocol

Hello and welcome to Protocol Enterprise! Today: a deep dive into AWS’ current and future plans for container technology, Okta apologizes for the lateness of its security-incident disclosure, and the latest funding rounds secured by enterprise tech companies.

Spin up

Cloud computing is definitely a global phenomenon, but most of the infrastructure required to make it work still calls the U.S. home. Over 40% of all “hyperscale” data centers, and nearly 50% of the total capacity, can be found in the Lower 48, according to Synergy Research Group.

You can only hope to contain it

When it comes to containers, AWS customers have moved from “we’re interested” and “we are starting to run some applications in it” to “we could think about running significant chunks of our business on it” over the last couple of years, according to Deepak Singh, AWS’ VP of Compute Services.

“For the most part, especially if it’s a newer application or a modernized or restructured application, it’s going to be running inside containers orchestrated by [Amazon] ECS and EKS or running on Lambda,” Singh said in an interview with Protocol. “Running it directly on a [virtual machine], without container orchestration on top, is getting less and less common.”

  • Containers speed up application development by isolating everything needed to build and deploy applications — code and other operating dependencies including configuration files and system libraries and tools — without the overhead of an operating system.
  • The technology has been around for a long time, but Docker popularized a developer-friendly format for using containers around 2013, and it has become a big part of the “cloud-native” world ever since.
  • With two major managed services for containers, AWS dominates container orchestration among cloud providers, according to market share data.

But the company has also heavily promoted Lambda, a very different serverless functions computing service, as the future of cloud computing.

  • AWS remains reluctant to acknowledge one of the major benefits of containers — they make it easier to run applications on multiple clouds — despite the growth and influence of containers as a product strategy both inside AWS and outside.
  • And key features announced in 2020 to support customers who want to manage applications on any infrastructure appear to have fallen short of the multicloud capabilities offered by similar products from Microsoft and Google.

“One of the unique things about AWS is that we have two container offerings at the high level via ECS and EKS; most other people just have the one,” Singh said. “And they appeal to a different type of customer — in many cases, sometimes different people in the same company, different departments in the same organization.

  • Amazon Elastic Container Service (ECS) — its homegrown and first managed container service launched in 2015 — was pegged as the most widely adopted cloud-managed orchestration system among cloud-native developers using such services in a December report from SlashData, an analyst firm focused on developers.
  • But it maintains a tenuous lead. Thirty-three percent of developers are using Amazon ECS, according to the Cloud Native Computing Foundation-commissioned report, followed by Google Kubernetes Engine (GKE) at 32%.
  • Amazon Elastic Kubernetes Service (EKS), launched almost three years after GKE, is used by 30% of developers surveyed and had the largest year-over-year gain at eight percentage points. A quarter of developers, meanwhile, said they used Microsoft Azure Kubernetes Service, and 17% used Red Hat OpenShift Online or hosted OpenShift on a third-party cloud provider.

Amazon ECS is falling out of favor to a degree because of its proprietary AWS technology, according to Eric Drobisewski, senior enterprise architect at insurance provider Liberty Mutual, which is trying to minimize its use of Amazon ECS over time.

  • “The code for that is kind of closed off to Amazon in terms of how it’s implemented, how it’s developed,” Drobisewski said. “It’s got its own orchestration model that they built — it is not Kubernetes-based. It does support open standards in terms of the artifacts you can push in … but the operations model around it is really unique to it.

AWS last year launched semi-answers to hybrid and multicloud offerings from its rivals — Google Cloud’s Anthos platform and Microsoft’s Azure Arc — with Amazon EKS Anywhere and ECS Anywhere, after announcing the products at re:Invent 2020.

  • The current Amazon EKS Anywhere deployment option, which arrived last September, allows customers to create and operate Kubernetes clusters in their own data centers and other clouds using VMware vSphere, with optional support from AWS. Bare metal support is expected this year.
  • ECS Anywhere is a similar feature for Amazon ECS that launched last May to allow customers to run and manage container workloads on their on-premises infrastructure.
  • But the tools don’t allow for real cloud-neutral functionality, said Jason Gregson, global head of AWS Operations and Programs at DoiT International, a multicloud software and managed service provider.
  • “It’s more of an enabler than it is really a set of tooling to actually allow you to do vendor-agnostic cloud computing … around containers,” Gregson said. “The compute element that’s running the software — yeah, absolutely that’s agnostic. The part that actually allows customers to use it — no.”

Both Amazon EKS Anywhere and ECS Anywhere are off to a “good start,” according to Singh.

  • “There’s already been customers who have adopted them at scale for a variety of workloads, ranging from gaming, machine learning, data prep to just running enterprise IT,” he said.
  • By next year, we should know whether the Anywhere versions of AWS’ container services helped it maintain its lead over the competition.

— Donna Goodison (email | twitter)

A MESSAGE FROM POLITICO LIVE

From the AI Act to the Data Act all the way to the DMA and the DSA, the EU is reinforcing its digital policy arsenal. Keen to know more? Wait no longer and join POLITICO Live’s AI & Tech Summit on April 21st to dissect those issues with top decision makers.

Learn more

Okta: “We made a mistake”

The last week at Okta has been a case study in the value of disclosing bad news in one big batch as early as possible, rather than drop by drop over an extended period of time.

Late Friday Okta published a FAQ about the January security incident involving a Sitel contractor working for its customer-support teams, which could have compromised data belonging to more than 300 of its customers but was only disclosed to customers after internal screenshots were posted on Twitter. “We want to acknowledge that we made a mistake,” the company said.

“In January, we did not know the extent of the Sitel issue — only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel,” the company said.

The security impact of this incident is likely to be fairly limited given that customer-support contractors had limited access to customer data, but the reputational fallout could take some time to assess. Techcrunch also reported that Okta’s network was compromised after the Lapsus$ hackers found a spreadsheet in Sitel’s network entitled “DomAdmins-LastPass.xlsx,” which contained a plaintext list of passwords saved in a password manager, thereby defeating the entire purpose of a password manager.

— Tom Krazit (email | twitter)

A MESSAGE FROM POLITICO LIVE

From the AI Act to the Data Act all the way to the DMA and the DSA, the EU is reinforcing its digital policy arsenal. Keen to know more? Wait no longer and join POLITICO Live’s AI & Tech Summit on April 21st to dissect those issues with top decision makers.

Learn more

Thanks for reading — see you tomorrow!

Spread the love

Leave a Reply

Your email address will not be published.