Cloud options mean decisions, decisions for IT buyers

Much has been written about cloud consolidation, with M&A roiling the cloudscape over the past few months: Cisco bought Metacloud, EMC bought CloudscalingHP snapped up Eucalyptus. Despite all that, cloud deployment options abound, and choice will be a big theme at the upcoming Structure 2015 event, this June in San Francisco.

First, there is more choice than ever in public cloud. Sure, Amazon Web Services leads the market-share race by a wide margin. But viable options are available — from Microsoft Azure to Google Cloud Platform to vCloud Air to Digital Ocean to CenturyLink. What many of us tend to forget is that, despite all the cloud talk, we’re still very early in the game when it comes to business deployment. There’s a ton of opportunity out there. Is it enough to float all boats? That’s the zillion-dollar question.

We will discuss those options, and how even the biggest enterprises — General ElectricWalmart — are deploying more of their IT on cloud. The question is no longer if, but when.

At this year’s event, we’ll welcome back [company]Amazon[/company] CTO Werner Vogels, Khosla Ventures founder Vinod Khosla, [company]Microsoft[/company] EVP Scott Guthrie, Google SVP Urs Hölzle, Battery Ventures technology fellow Adrian Cockcroft and DataGravity CEO Paula Long.

We’ll hear from first-timers, too: Canonical founder Mark Shuttleworth, Digital Ocean CEO Ben Uretsky, CoreOS CEO Alex Polvi. And, on the end user side, we’re really excited to bring on stage National Football League CIO Michelle McKenna-Doyle, FBI CISO Arlette Hart and Pinterest head of engineering Michael Lopp. More names to come.

For a refresher of last year’s event, here’s a sampling of some favorite sessions:

Google’s Urs Holzle:

[youtube https://www.youtube.com/watch?v=I9R4P0TLViA]

Facebook’s Jay Parikh:

[youtube https://www.youtube.com/watch?v=F9FYTbxWK1o]

Intel SVP Diane Bryant:

[youtube https://www.youtube.com/watch?v=HTXuwqLUw7M]

Amazon’s Werner Vogels:

[youtube https://www.youtube.com/watch?v=oZPlr2-KMnw]

Microsoft’s Scott Guthrie:

[youtube https://www.youtube.com/watch?v=TImzXnUaO0A]

FBI: Sony hack was North Korea’s work

The U.S. Federal Bureau of Investigation has officially pointed to North Korea as the culprit behind the hacking of Sony Pictures Entertainment — an incident that was allegedly connected with a now-pulled film called The Interview, about the assassination of North Korean dictator Kim Jong-Un.

Although recent days have seen several stories in which unnamed U.S. officials said North Korea was to blame, this is the first time the authorities have openly said as much. According to the FBI, the malware used in the attack “revealed links to other malware that the FBI knows North Korean actors previously developed,” including similarities in the code, encryption algorithms and data deletion methods.

The FBI also said that the malware included hard-coded IP addresses that had communicated with IP addresses “associated with known North Korean infrastructure.” The agency said that the “destructive nature of this attack” — apart from the movie’s planned release being cancelled following threats to theaters, loads of [company]Sony[/company] Pictures strategic and commercial information and employees’ personal information was dumped onto the web — set it apart from other types of online attacks.

“North Korea’s actions were intended to inflict serious harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said. “Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.”

The agency also praised Sony Pictures for reporting the incident “within hours”, which it said helped the FBI’s investigators to do their work.

However, North Korea has reportedly denied being behind the attack. It has denied involvement before, though it did call it “righteous”.

Also on Friday, CNN reported that the hackers, who had previously identified themselves only as the “Guardians Of Peace”, had emailed Sony Pictures after it pulled The Interview to say it had been a “wise decision”, and to urge the studio to pull its trailers and ensure the Seth Rogen comedy was never released. Sony has indeed taken down the film’s trailers from YouTube.

Cinemas have reversed plans to re-screen the decade-old, Kim-family-baiting film Team America, and studios have also been scrapping plans to release anything that might irk North Korea, with New Regency canceling a Steve Carell project called Pyongyang before filming even started.

Culture aside, defectors from North Korea told Reuters that the country ultimately wants to target infrastructure — a more serious kind of attack that was demonstrated by someone who, according to a German government report this week, damaged a German steel plant earlier this year.

Update at 11:35 AM PST: President Obama confirmed what the FBI detailed this morning during a press conference saying that the U.S. “will respond proportionally” to the hack against Sony, but he did not say what the U.S. government is planning to do and he did not give a timeframe as to when some sort of action will occur.

Obama indicated that he was upset with Sony’s decision to cave into the hackers’ demands by not releasing The Interview.

“I wish they had spoken to me first,” said Obama. “I would have told them do not get into a pattern in which you are intimated by these types of criminal attacks.”

This article was repeatedly updated to add further information.

US lawmaker pushes back against FBI backdoor calls

U.S. Senator Ron Wyden (D-OR) has introduced a bill that would stymie almost any attempt by a government agency to force device manufacturers and app developers to install backdoors for surveillance purposes.

Wyden’s Secure Data Act, introduced on Thursday, follows calls by FBI chief James Comey for companies such as [company]Apple[/company] and [company]Google[/company] to give his agents a way through their encryption mechanisms, which have been tightened in the wake of Edward Snowden’s NSA revelations and episodes such as the celebrity iCloud hack.

Apple’s most recent move, for example, makes it impossible for the company to bypass the passcode on a user’s iPhone for the benefit of law enforcement or intelligence agencies.

Wyden’s bill gives an exemption to CALEA, the U.S. law that already compels carriers and router manufacturers to install “lawful intercept” capabilities, but beyond that it states:

… no agency may mandate that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.

“Covered products” means any hardware or software made available to the general public, so the bill would arguably not cover, say, flawed random number generators.

Wyden’s main impetus for this move, the NSA critic said in a statement, was that backdoors inherently weaken the security of the systems they’re installed in. He also reckons that backdoor mandates are a disincentive to innovation in “strong new data security technologies”, and harmful to trust in American products and services.

“Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats,” he said in the statement. “It is the best way to protect our constitutional rights at a time when a person’s whole life can often be found on his or her smartphone. And strong computer security can rebuild consumer trust that has been shaken by years of misstatements by intelligence agencies about mass surveillance of Americans.”

It’s interesting, if unsurprising, that Wyden’s bill gives a get-out to CALEA. His own statement cites the 2005 case of senior Greek politicians being illicitly tapped, using an [company]Ericsson[/company] lawful intercept feature, as an example of how backdoors can compromise a system’s security for the benefit of more people than they’re supposed to.

Earlier this year, security researchers also identified critical weaknesses in some companies’ lawful intercept products.