Welcome to The Cirrostratus Group December newsletter. Happy Holidays to you and your family as we all look forward to 2022!

It's interesting to look at the predictions for a new year and one of the articles on predictions that I found the most interesting this year is by Dr. Werner Vogels, the CTO of Amazon. His prediction about AI-supported software development is exciting.

Forrester has just released their Wave Report on AI infrastructure. Other than the big three cloud providers, AWS, MIcrosoft & Google, Nvidia is the only other provider identified as a leader. One of the interesting things about Nvidia is that their hardware is often used by the cloud providers.

Gartner has just released their Magic Quadrant report for Cloud Database Management Systems. There are 20 providers in this report with 10 of those identified as leaders. The leaders include the cloud providers identified above plus major classical database system providers such as IBM and Oracle. This is a market that has many different providers and products which provide different advantages for various types of applications giving SaaS providers and enterprise customers many good choices for database applications.

A couple of recent security issues have caused substantial concern and are cautionary tales for SaaS providers.

  • Kronos, a cloud HR system provider, announced in mid December that due to a ransomware attack some of their applications would be unavailable for an unknown period of time, probably several weeks. As of now, a couple weeks later, they don't know whether any customer data has been affected or when the applications will be back online. I'm sure they have put all the resources possible on resolving this event but the time it has taken shows how difficult a problem it is. It appears that they have been reasonably transparent in indicating the impact, the timeline, alternative tools and their knowledge of the incident but the impact has been substantial on some of their customers who have had to go to backup/manual procedures for payroll and timekeeping.
  • The other major security issue is the Log4J vulnerability which also came to light around mid December. It is not clear if the Kronos incident and Log4J vulnerability are related but the Log4J issue can certainly enable a ransomware attack. Log4J is both widely used and used in a way that makes it more difficult to address the impact. It's estimated that about 4% of the software ecosystem is impacted by Log4J. This article provides more technical background on the vulnerability.

Both of these events are strong reminders that SaaS providers must make sure their security and redundancy is as strong as possible and that these topics are always top of mind. The damage to a provider and their customers can be substantial.

Plenty of things to think about and work on for 2022! Happy New Year!

Paul Ressler
The Cirrostratus Group