The ITAM Roundup: 7/29/24
š° News
Oracle's Java pricing brews bitter taste, subscribers spill over to OpenJDK
Following Oracle's introduction of an employee-based subscription model, only 14% of Oracle Java subscribers plan to stay with Oracle's runtime environment, with 86% moving to alternatives like OpenJDK. This shift is primarily due to the significant price increase associated with the new model, with costs projected to be two to five times higher than the previous usage-based model. Additionally, 47% of respondents prefer open source solutions, and 38% are deterred by the uncertainty surrounding Oracle's pricing, licensing, and support changes.
Lindsay Clark
Microsoft: Our licensing terms do not meaningfully raise cloud rivals' costs
In response to the UK's Competition and Markets Authority (CMA) investigation, Microsoft claims that its licensing terms do not significantly increase costs for cloud rivals. The company argues that Amazon remains the leading hyperscaler in the UK, with Google growing steadily, and asserts that using Microsoft products on Azure is perceived as cheaper than on competitors' platforms. Critics, including Google and AWS, contend that Microsoft's licensing practices restrict customer choice and innovation, potentially driving customers towards Azure by making it more expensive to use Microsoft software on other cloud services.
Richard Speed
Wiz walks away from Googleās $23B acquisition offer: Read the CEOās note to employees
Cybersecurity startup Wiz declined a $23 billion acquisition offer from Alphabet, Google's parent company, despite it being a significant premium over its $12 billion valuation. CEO Assaf Rappaport informed Wiz's 1,200 employees that the decision to remain independent was made with the support of investors, emphasizing confidence in their exceptional team. Founded in 2020 by four former Israeli military officers, Wiz's notable backers include Index Ventures, Sequoia Capital, and Thrive Capital.
Marina Temkin
Microsoft Calls for Windows Kernel Access Restrictions Following Major CrowdStrike Outage
Microsoft is considering restricting third-party cybersecurity vendors from accessing the Windows kernel following a major CrowdStrike outage caused by a faulty update, which led to widespread system crashes. In response, Microsoft deployed over 5,000 IT support engineers to assist affected customers and emphasized the need for close cooperation with partners to enhance Windows security. Additionally, Microsoft is exploring modern security innovations, such as Azure Attestation and Virtualization-Based Security (VBS), and incorporating Rust into the Windows kernel to improve system resilience without relying on kernel access.
https://petri.com/microsoft-windows-changes-crowdstrike/
Nvidia works with Accenture to pioneer custom Llama large language models
Accenture, in collaboration with Nvidia, has introduced the Accenture AI Refinery framework, enabling enterprises to develop custom large language models using Nvidia's AI Foundry service and Llama 3.1 models. This framework allows businesses to refine and personalize AI models with their own data to create domain-specific solutions, enhancing productivity by automating repetitive tasks. The initiative underscores the strategic importance of generative AI in driving innovation, with companies like Amdocs, Capital One, and ServiceNow already integrating AI Foundry into their workflows for competitive advantages.
Zeus Kerravala
š Tips
The Critical Role of the CMDB in Security and Vulnerability Management
The Configuration Management Database (CMDB) is essential for effective security and vulnerability management, offering a centralized view of an organization's IT infrastructure to help identify and address risks. It tracks IT assets and their relationships, enabling better decision-making, prioritization of critical vulnerabilities, and efficient remediation. Integrating the CMDB with security tools enhances cybersecurity efforts by providing a unified view, facilitating incident response, and ensuring compliance with governance and regulatory requirements.
David Pickering
Microservices vs. Monoliths: Which Are More Secure?
Microservices offer security benefits by isolating application components, but they also introduce complexities and vulnerabilities that can outweigh these advantages. While a breach in one microservice may not necessarily compromise the entire application, improper access controls, shared vulnerabilities, and increased complexity can lead to significant security risks. Thus, the security advantages of microservices are often counterbalanced by the heightened security challenges they present compared to monolithic architectures.
Uniquely Licensed Salesforce Products and the Pitfalls to Avoid
Salesforce offers many additional products with unique licensing models, such as Success Cloud and Commerce Cloud, which require careful consideration during adoption or renewal to avoid pitfalls. These products may follow a percentage of net fee structure or a metric-based fee structure, each with specific recommendations to minimize costs and secure favorable terms. Organizations should conduct thorough due diligence, negotiate renewal protections and overage rates, and reassess all product pricing to achieve a cost-effective Salesforce deal.
Bearson Smith
šBugs & Exploits
Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft has warned that ransomware gangs are exploiting a VMware ESXi authentication bypass vulnerability, CVE-2024-37085, to gain full administrative privileges on ESXi hypervisors. This flaw allows attackers to create an 'ESX Admins' group with administrative rights, enabling them to steal data, move laterally within networks, and encrypt the ESXi hypervisor's file system. The vulnerability has been used by ransomware operators, including Storm-0506 and Black Basta, in attacks that compromise organizations by targeting ESXi virtual machines critical to business operations.
