Best of LinkedIn: Cloud Insights CW 03/ 04

00:00:00: This episode is provided by Thomas Allgaier and Franis, based on the most relevant LinkedIn posts about cloud in calendar weeks O three and O four.

00:00:08: Franis enables enterprises with market technology and competitive intelligence for portfolio and strategy development.

00:00:14: Welcome

00:00:15: back to our deep dive.

00:00:16: It's great to have you with us.

00:00:18: You know, if you were watching the LinkedIn feeds in mid January, twenty twenty six, you probably felt a real shift in the conversation.

00:00:25: Oh,

00:00:25: definitely the whole cloud topic.

00:00:26: Yeah.

00:00:27: It isn't just about speed or new features anymore.

00:00:29: It's gotten very serious.

00:00:30: Very fast.

00:00:31: It has.

00:00:32: It feels like the industry came back from the holiday break, looked at everything and just said, okay, party's over.

00:00:37: Time

00:00:37: to grow up.

00:00:38: Yeah.

00:00:38: Exactly.

00:00:39: We're seeing this massive focus on boundaries.

00:00:41: You know, where does my data actually live?

00:00:43: How do we stop hemorrhaging money?

00:00:45: And maybe how do we stop getting hacked by really simple mistakes?

00:00:49: That's the perfect way to put it.

00:00:51: So we've sifted through all the noise and really distilled it down to three huge pillars that define these last couple of weeks.

00:00:58: First step, we're going to talk about sovereignty and Right.

00:01:01: AWS made a huge move there.

00:01:02: A huge move?

00:01:04: But the legal pushback is, I think, even more interesting.

00:01:07: Then we're going to do a serious reality check on cost optimization and fine ops and a little spoiler here.

00:01:15: If you think your dashboard is saving you money, you're probably wrong.

00:01:20: We'll also get into how AI is just completely breaking the old billing models.

00:01:24: And finally, we'll tackle security and secops.

00:01:27: There's a really loud message from the senior engineering community, and it's basically, stop buying cools.

00:01:33: Start understanding how a breach actually works.

00:01:36: Okay, so let's dive right in.

00:01:37: Pillar one.

00:01:38: Sovereignty.

00:01:39: you can't miss the headline.

00:01:40: the AWS European sovereign cloud is officially live.

00:01:44: it is and we need to pause here because Sovereign cloud is a term that gets thrown around a lot.

00:01:48: a lot of marketing fluff usually

00:01:50: right, but according to posts from make wheeze Miller and Mateo de Pascal This launch is a genuine game changer.

00:01:56: It's not just a new label on an old service.

00:01:59: Okay, so they're emphasizing that the first region is physically in Brandenburg, Germany, but Let's be honest, AWS has had data centers in Frankfurt for years.

00:02:09: So for anyone listening who's thinking, so what?

00:02:14: Why is this different?

00:02:15: That is the crucial question.

00:02:17: And the difference is all in the architecture.

00:02:19: Matera de Pascal pointed out that this cloud is physically and logically separate.

00:02:23: In, you know, cloud terms, we call that a separate partition.

00:02:26: A

00:02:26: partition.

00:02:27: Okay, break that down for us.

00:02:28: What does that mean for a business actually running something on it?

00:02:31: OK, so think of the standard AWS global network as one giant house.

00:02:36: You have different rooms, US East, Frankfurt, Tokyo, and they're separate rooms, but they share the same plumbing, the same wiring.

00:02:42: And the same landlord has the keys to all the doors.

00:02:45: Exactly.

00:02:45: This new sovereign cloud is a completely separate building.

00:02:48: Down the street, different keys, different plumbing.

00:02:50: So

00:02:50: it creates a hard break.

00:02:51: A very hard break.

00:02:52: It has its own billing systems.

00:02:54: It has its own identity and access management, its own IAM system.

00:02:59: I mean, that's huge.

00:03:00: So an identity.

00:03:01: in the global AWS cloud doesn't even exist here.

00:03:03: It doesn't.

00:03:04: And the metadata, which is often the really sticky point with privacy laws, all of it stays in the EU.

00:03:10: And crucially, the operators, the actual people with keys to the servers are all EU residents.

00:03:18: That is a massive shift.

00:03:19: We're so used to that.

00:03:21: follow the Sun support model, where an engineer in Seattle might be patching a server in Dublin.

00:03:25: That's

00:03:26: gone here.

00:03:27: And it seems like it's just the start.

00:03:28: We saw updates from Susanna Curic and Ivo Pinto highlighting expansion plans.

00:03:33: Yeah, they're already talking about local zones in Belgium, the Netherlands, and Portugal.

00:03:37: So the physical footprint is expanding fast, trying to bring that latency down while keeping data inside those borders.

00:03:44: So on paper... This sounds perfect for the public sector, healthcare, finance, basically anyone terrified of GDPR.

00:03:52: But, and there's always a but.

00:03:54: There

00:03:54: is always a but.

00:03:55: Not everyone is buying

00:03:56: it.

00:03:56: No, not at all.

00:03:57: In fact, there's a very vocal counter narrative bubbling up that's calling this an illusion of sovereignty.

00:04:02: Sovereignty washing was the phrase I kept seeing.

00:04:04: That's the one.

00:04:05: Julius Knuff and Fred C. Veltuz were particularly blunt about it.

00:04:09: Their whole argument just cuts right through the technical stuff we just talked about and hits a legal brick wall.

00:04:14: This

00:04:14: is the U.S.

00:04:15: Cloud Act issue, isn't it?

00:04:16: It is.

00:04:17: And this is where the tech hits the real world.

00:04:20: The argument from critics like Julius Knuff is pretty simple.

00:04:23: It doesn't matter if the server is in Brandenburg.

00:04:26: It doesn't matter if the admin is German.

00:04:28: If the parent company is American.

00:04:30: If the parent company Amazon is based in the

00:04:32: U.S.,

00:04:33: they fall under U.S.

00:04:34: law.

00:04:35: And theoretically, a U.S.

00:04:37: court could compel that parent company to hand over data, no matter where it sits.

00:04:41: Yassi Romanetz had a fantastic breakdown of this.

00:04:44: She framed it around the legal concept of foreign interference and possession, custody, or control.

00:04:51: That analysis was brilliant.

00:04:52: She argued the legal test is whether the US entity actually has control.

00:04:56: And AWS's strategy here is, well, it's very clever.

00:04:59: How so?

00:05:00: By creating this technical partition, by removing the admin pads that would let a US engineer log in, they're trying to build a case that they technically cannot comply with a US warrant.

00:05:11: Oh, I see.

00:05:11: So they can go to a US judge and say, Your Honor, we'd love to help, but we literally cannot access that data.

00:05:16: The drawbridge is up.

00:05:17: Precisely.

00:05:18: It's a can't not won't defense.

00:05:20: But for purists like Fred C. Velduis, that's still way too risky.

00:05:25: They argue as long as the corporate org chart leads back to Washington, the risk is still there.

00:05:30: And this skepticism is just opening the door wide for competitors.

00:05:34: I saw a post from Jaco Landlust at Oracle that was, well, that's called spicy.

00:05:39: It was a bit of friendly fire, yes.

00:05:41: You basically just welcomed AWS to the club, pointing out that Oracle has been running a sovereign cloud model for two years.

00:05:47: No,

00:05:47: AWS is actually playing catch-up in this niche.

00:05:50: In this specific niche, yeah.

00:05:52: And it's not just the American Giants fighting.

00:05:54: Weiland Holfelder noted a huge milestone for S-three NS.

00:05:58: S-three NS.

00:05:59: For anyone not up on French tech partnerships, what is that?

00:06:02: So S-three-N-S is a partnership between Google Cloud and Thales, the French defense and security company, and they just achieved Secdom Cloud's three point two qualification.

00:06:11: Secdom Cloud.

00:06:12: It sounds like a droid from Star Wars.

00:06:14: It does, doesn't it?

00:06:15: But in the regulatory world, it is absolute gold.

00:06:19: It is the highest security standard for trusted cloud providers in France.

00:06:24: It's incredibly hard to get.

00:06:25: So you have the US giants building these partitions, but then you have the true European alternatives.

00:06:32: Bern Wagner or Bernie highlighted a partnership I thought was really telling.

00:06:36: Send a clinic in and stack it.

00:06:37: This is such a crucial example.

00:06:39: Stacket is the cloud arm of the Schwartz Group.

00:06:41: The owners of Lidl and Coffland.

00:06:43: Right.

00:06:43: A massive European retail giant turning into a tech provider.

00:06:47: And Santa Clinic is a major hospital chain.

00:06:50: So you have a German healthcare provider choosing a cloud provider with absolutely no U.S.

00:06:55: parent company.

00:06:56: Zero.

00:06:56: And for an organization dealing with patient data, that just removes the entire US Cloud Act headache from the equation.

00:07:03: So the spectrum is really clear now.

00:07:04: You've got Standard Cloud on one end.

00:07:06: In the middle, you have US Cloud with European partitions like AWS and Google Sales.

00:07:11: And then on the far end, native European Cloud like Stack-It.

00:07:15: Exactly.

00:07:16: And twenty twenty six is going to be the year where companies have to pick a side.

00:07:19: It's not a vague cloud first strategy anymore.

00:07:22: It's a which jurisdiction first strategy.

00:07:25: Fascinating.

00:07:26: Okay, let's pivot.

00:07:27: Pillar two.

00:07:28: We know where the data lives.

00:07:30: Now let's talk about why it's bankrupting us.

00:07:32: Finops.

00:07:33: Ah, yes.

00:07:34: The art of not going broke in the cloud.

00:07:37: You know, I read a post by Isaiah Michael that really hit home.

00:07:40: He basically said, stop blaming the technology for your bill.

00:07:43: That was some harsh.

00:07:45: but necessary truth.

00:07:46: He framed a cost overruns as an ownership problem, not

00:07:50: a tech problem.

00:07:51: Can you unpack that a little?

00:07:52: Because I think every engineer listening has probably spun up an EC-II instance and forgotten about it.

00:07:57: That is exactly it.

00:07:58: Isaiah listed all the classics, EC-II instances running just in case, massive RDS databases sitting idle because no one wants to be the one to delete them, snapshots that are five years old.

00:08:08: Right.

00:08:09: His point is, the cloud is doing exactly what you told it to.

00:08:12: It's running the servers.

00:08:13: The fact that you're not using them is a human process glitch, not a software glitch?

00:08:17: It's like a gym membership.

00:08:18: You can't blame the gym for charging you if you never show up.

00:08:22: You signed the contract.

00:08:23: It's the perfect analogy, and this ties directly into a really insightful point by Mohamed C. or Moe about dockboards.

00:08:30: He calls it the dashboard fallacy.

00:08:32: We do love our dashboards.

00:08:33: Green is good, red is panic.

00:08:35: But Moe are used, most of them are useless.

00:08:38: They answer the wrong question.

00:08:39: They answer a finance question, which is how much did we spend?

00:08:42: Instead of the engineering question, what changed and why?

00:08:45: That's the critical distinction.

00:08:47: As a developer, knowing the bill went up five thousand dollars doesn't help me fix anything.

00:08:52: Engineers need signals, not receipts.

00:08:55: They need a dashboard that says, hey, that microservice you deployed yesterday, your data transfer costs just spike four hundred percent.

00:09:01: That connects cause and effect.

00:09:02: So we need better signals.

00:09:04: But to get those, we all need to speak the same language.

00:09:07: Ruben van der Stokt was pushing very hard for something called focuses.

00:09:11: Yes, focuses.

00:09:13: Finops, open cost and usage specification.

00:09:15: That's a mouthful.

00:09:17: Why should we care about another acronym?

00:09:18: Because right now, the billing data from AWS looks totally different from Azure, which looks different from Google Cloud.

00:09:25: If you're a multi-cloud company, trying to merge those bills is a complete nightmare.

00:09:30: Focus is just an attempt to standardize it.

00:09:32: So it's like agreeing that a meter is a meter, no matter whose ruler you're using.

00:09:37: Exactly.

00:09:38: But just as we're getting our heads around that, twenty twenty six throws us this huge curveball,

00:09:43: AI

00:09:44: fine ops.

00:09:45: This is the new frontier.

00:09:47: Nicholas Sondrini wrote a deep piece on this, and it's a real mind-bender.

00:09:51: The old Finops model is all about, you know, provisioned infrastructure.

00:09:54: I bought a server.

00:09:55: What does it cost per hour?

00:09:56: But with generative AI, the cost driver changes completely.

00:10:00: It's not about the server anymore.

00:10:01: It's just to the inference level, right?

00:10:03: Correct.

00:10:03: It becomes about decision costs.

00:10:05: Every single time the AI answers a query, that costs money, but not all queries are equal.

00:10:10: Right.

00:10:11: If I have to write a haiku, that's cheap.

00:10:12: If I ask it to analyze a fifty-page legal contract, That's expensive.

00:10:16: Exactly.

00:10:17: And Nicholas suggests we need totally new metric.

00:10:19: Things like cost per answer and my favorite accuracy adjusted cost.

00:10:23: Accuracy adjusted cost.

00:10:25: I love that.

00:10:26: Because if you use a cheap small model, but it gives you the wrong answer three times and you have to re-prompt it.

00:10:31: Then your so-called cheap model just became more expensive than the premium one that would have gotten it right the first time.

00:10:37: Mirko Taktimon from OneAI also chimed in here, calling out the black box.

00:10:43: of API calls.

00:10:44: It really is a black box.

00:10:45: You send a prompt into the void, you get an answer, and then later you get a bill.

00:10:48: You don't know the token count until it's too late.

00:10:51: And

00:10:51: for a business trying to budget, that is a nightmare.

00:10:53: Mirko is arguing for transparent pricing so businesses can actually calculate the ROI of an AI feature before they build it.

00:11:01: Wow.

00:11:01: So the days of just build it and see are over.

00:11:04: We're moving into an era of like unit economics for thoughts.

00:11:08: Unit

00:11:08: economics for thoughts.

00:11:09: I like that.

00:11:10: That's exactly what it is.

00:11:11: Okay.

00:11:12: On to our third and final pillar.

00:11:15: We've locked down the data, we're counting the panties.

00:11:18: Now how do we stop the bad guys from burning it all down?

00:11:20: Security.

00:11:21: SecOps.

00:11:21: There

00:11:21: was a piece of advice from Taymor Ejalal that I think every junior cloud engineer and frankly a lot of senior ones really needs to hear.

00:11:29: I know the one.

00:11:30: Stop learning more AWS services.

00:11:33: It sounds so counterintuitive for a career in cloud, doesn't it?

00:11:36: Stop learning cloud.

00:11:37: But his point is profound.

00:11:38: He argues that engineers are too focused on collecting badges.

00:11:42: I know fifty AWS services.

00:11:44: Right.

00:11:45: And not focused enough on understanding how breaches actually happen.

00:11:48: He listed the classics, didn't he?

00:11:50: Leaked credentials in a public GitHub repo, overly permissive IAM roles exposed S three buckets.

00:11:57: Exactly.

00:11:57: It is almost never some mission impossible zero day exploit.

00:12:01: It's almost always someone leaving the keys in the front door.

00:12:04: Tamer's point is.

00:12:05: master the fundamentals, identity, networking, encryption.

00:12:09: If you get those, the specific service doesn't

00:12:11: matter.

00:12:12: It's about the mechanics of the breach.

00:12:13: But the industry just keeps trying to solve this by buying more tools.

00:12:17: Constantino's Evangelacos, he goes by Gus, had this really sharp critique of the whole runtime security market.

00:12:23: Oh, the

00:12:23: agents break things discussion.

00:12:24: If you have ever worked in operations, you felt this in your soul.

00:12:27: Give us the context.

00:12:28: What's runtime security?

00:12:30: So traditionally to secure a server, you install software on it, an agent.

00:12:35: And this agent watches everything the server does and stops bad things.

00:12:39: Sounds great, right?

00:12:40: In

00:12:40: theory, yes.

00:12:41: But in practice, Gus paints a picture we all recognize.

00:12:44: A company buys a fancy runtime tool.

00:12:47: Three years later, they've deployed it to maybe ten percent of their servers.

00:12:52: Because the developers are an open revolt.

00:12:53: Exactly.

00:12:54: The developers are saying, that agent uses twenty percent of my CPU, or it crashed my build, or it caused a kernel panic and prod.

00:13:02: So they just block the rollout.

00:13:04: The company thinks it's secure, but the tool is sitting on a shelf.

00:13:07: So what's the alternative?

00:13:08: If agents are the problem, what do we do?

00:13:11: Gus advocates for agentless scanning.

00:13:14: This is what companies like Orca Security popularized.

00:13:17: Instead of installing software inside the server, you take a snapshot of the server's disk from the outside, at the cloud provider level, and you scan that.

00:13:25: Ah, so it's non-intrusive.

00:13:26: The application has no idea it's even being scanned.

00:13:28: No performance hit, no crashes.

00:13:31: Gus points out this means you get one hundred percent visibility during a proof of concept.

00:13:36: You don't wait a year for a rollout.

00:13:38: You see all the problems on day one.

00:13:40: That speed to value is critical.

00:13:42: But even that feels reactive.

00:13:44: Lefteris Karagorju brought this back to the absolute fundamentals.

00:13:48: Yes, the napkin phase.

00:13:50: His whole thing is, create architectural diagrams before you build anything.

00:13:54: It seems so obvious.

00:13:55: But be honest, how many times do people just start coding terraform without ever drawing the box first?

00:14:00: All the time.

00:14:01: And Lefteris' quote is one for the wall.

00:14:04: You cannot secure a request flow.

00:14:05: you don't understand.

00:14:07: If you can't trace the data path, you don't know where your attack surface is, you're just guessing.

00:14:11: And

00:14:11: finally, Rami Akifaji rounded this out by listing the core AWS principles.

00:14:16: Automation, visibility, and auditability.

00:14:19: The automation part is key.

00:14:20: If you're clicking around in the console to secure things, you have already lost.

00:14:24: Humans make mistakes.

00:14:25: Security has to be code.

00:14:26: It has to be reproducible.

00:14:28: So

00:14:28: pulling this all together.

00:14:29: We had these three massive themes colliding in January, twenty twenty six.

00:14:33: Sovereignty, phenops, sick ops.

00:14:35: And if you connect the dots, it's really a story about maturity.

00:14:39: Also,

00:14:40: look at sovereignty.

00:14:41: We're moving from vague promises to hard legal and technical partitions.

00:14:46: We're maturing from trust us to verify

00:14:49: us and in phenops.

00:14:51: We're moving from the immature question of how much did we spend to the mature question of what is the business value of this specific AI decision.

00:14:58: And in security, it's moving from collecting tools to understanding architecture.

00:15:02: Exactly.

00:15:03: Sovereignty provides the legal framework.

00:15:05: Finops provides the economic discipline.

00:15:08: And sickups provides the operational integrity.

00:15:10: You can't excel at cloud in twenty twenty six without doing all three at once.

00:15:15: It's not enough to just be in the cloud anymore.

00:15:16: You have to be sovereign, solvent and secure.

00:15:19: That's

00:15:19: the trifecta.

00:15:20: Before we wrap, I want to leave our listeners with one last thought.

00:15:23: We talked about the decision cost of AI.

00:15:26: We talked about these sovereign clouds in Europe.

00:15:28: As those trends converge, I wonder, are we going to start seeing a sovereignty premium on AI?

00:15:35: That's

00:15:35: a really interesting angle.

00:15:36: Think about it.

00:15:37: Will a decision made by an AI hosted in that secure Brandenburg cloud cost more than one from a massive shared farm in Virginia?

00:15:47: And if it does, is that a price?

00:15:49: businesses will pay for privacy?

00:15:51: That raises a fundamental question about the economics of privacy.

00:15:54: Is privacy a luxury good?

00:15:55: I suspect the market will answer that question very soon, and the answer might be expensive.

00:16:00: Indeed.

00:16:01: Well, that brings us to the end of this deep dive.

00:16:04: If you enjoyed this episode, new episodes drop every two weeks.

00:16:08: Also check out our other editions on ICT and tech, digital products and services, artificial intelligence, sustainability, and green ICT, defense tech, and health.

00:16:17: Thank you so much for listening.

00:16:18: There's always more to learn, so keep questioning and keep exploring.

00:16:21: Don't

00:16:22: forget to subscribe.

00:16:22: We'll catch you in the next one.