Containerization - gettectonic.com
Salesforce Heroku
09Dec

Salesforce Modernizes Heroku

Salesforce Modernizes Heroku PaaS with Kubernetes, .NET, and More Salesforce is rolling out a significant upgrade to Heroku, its popular Platform-as-a-Service (PaaS), to better align with modern developer needs. Key enhancements include support for Amazon Elastic Container Registry (ECR), AWS Global Accelerator, Elastic Kubernetes Service (EKS), AWS Graviton processors, and AWS Bedrock. The revamped platform, dubbed the Heroku Next Generation Platform, was unveiled at the AWS Re:Invent 2024 conference. While some features are in public beta, Salesforce plans to fully release additional capabilities by 2025. Catering to the Modern DeveloperHeroku’s overhaul reflects the growing dominance of Kubernetes and the increasing demand for AI-enabled applications, including autonomous ones built in Salesforce’s Agentforce. Rebecca Wettemann, founder of Valoir, notes that these trends required Salesforce to evolve Heroku to remain competitive in the PaaS market. Kubernetes, for instance, is widely used for app containerization across clouds, while AI applications are becoming a focal point for many developers. “The update broadens Heroku’s appeal to developers who rely on Kubernetes or are building AI applications,” Wettemann said. Another notable addition is support for open telemetry, a standardized approach to monitoring app performance. Developers can now stream real-time metrics such as app health and container logs into their preferred visualization tools. “This integration offers unparalleled flexibility for our customers to work with a wide ecosystem of telemetry collectors,” said Gail Frederick, Heroku’s CTO at Salesforce. Introducing .NET SupportOne of the standout updates is the inclusion of .NET, a widely used open-source framework. Developers can now use .NET languages such as C#, F#, and Visual Basic alongside Heroku’s existing support for languages like Python, Ruby, Java, Node.js, and Scala. This strategic move aligns Heroku with a broader audience, especially developers familiar with Microsoft’s ecosystem. “Heroku is all about developer choice,” said Frederick. “Adding .NET ensures we continue to serve diverse needs.” Streamlining Development and DeploymentHeroku aims to simplify app development by automating infrastructure management and lifecycle tasks. “Heroku is the platform developers turn to when they need things to work without thinking about infrastructure,” said Adam Zimman, Senior Director of Product Marketing at Heroku. The platform abstracts complex deployment steps, such as configuration, provisioning, and autoscaling, enabling developers to focus on coding and innovation. Apps are deployed as pre-packaged “slugs” that run on Heroku’s dynos, isolated Unix-based containers. Developers can scale their apps dynamically by adding or removing dynos via the platform’s management interface. Efficiency Gains for BusinessesZimman highlighted the efficiency benefits of Heroku’s approach, projecting up to a 40% boost in developer productivity and a 30% reduction in developer expenses. “By taking care of the heavy lifting, we enable businesses to deliver applications faster and more cost-effectively,” he explained. Heroku also offers over 500 pre-built add-ons and build packs, covering functions like messaging, database management, and email services. These integrations provide additional flexibility and speed up the development lifecycle. Scaling Beyond StartupsWhile Heroku is often associated with startups, Salesforce has scaled the platform to accommodate enterprise-grade applications. “Heroku now evolves with your business,” said Chris Peterson, Senior Director of Product Management at Heroku. The platform has powered over 13 million applications and 38 million managed data stores since its launch in 2007. Many Salesforce applications also run on Heroku, leveraging deep integrations to extend the Salesforce ecosystem seamlessly. Heroku’s pricing starts at $7 per month for a basic plan and scales up to $40,000 per month for enterprise-grade solutions, ensuring it meets the needs of organizations of all sizes. With these updates, Heroku continues to position itself as a go-to platform for developers, enabling faster time-to-market, reduced operational complexity, and a better overall development experience. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
December 9, 2024in Data, Enterprise0 Comments
AI Infrastructure Flaws
08Aug

AI Infrastructure Flaws

Wiz Researchers Warn of Security Flaws in AI Infrastructure Providers AI infrastructure providers like Hugging Face and Replicate are vulnerable to emerging attacks and need to strengthen their defenses to protect sensitive user data, according to Wiz researchers. AI Infrastructure Flaws come from security being an afterthought. During Black Hat USA 2024 on Wednesday, Wiz security experts Hillai Ben-Sasson and Sagi Tzadik presented findings from a year-long study on the security of three major AI infrastructure providers: Hugging Face, Replicate, and SAP AI Core. Their research aimed to assess the security of these platforms and the risks associated with storing valuable data on them, given the increasing targeting of AI platforms by cybercriminals and nation-state actors. Hugging Face, a machine learning platform that allows users to create models and store datasets, was recently targeted in an attack. In June, the platform detected suspicious activity on its Spaces platform, prompting a key and token reset. The researchers demonstrated how they compromised these platforms by uploading malicious models and using container escape techniques to break out of their assigned environments, moving laterally across the service. In an April blog post, Wiz detailed how they compromised Hugging Face, gaining cross-tenant access to other customers’ data and training models. Similar vulnerabilities were later identified in Replicate and SAP AI Core, and these attack techniques were showcased during Wednesday’s session. Prior to Black Hat, Ben-Sasson, Tzadik, and Ami Luttwak, Wiz’s CTO and co-founder, discussed their research. They revealed that in all three cases, they successfully breached Hugging Face, Replicate, and SAP AI Core, accessing millions of confidential AI artifacts, including models, datasets, and proprietary code—intellectual property worth millions of dollars. Luttwak highlighted that many AI service providers rely on containers as barriers between different customers, but warned that these containers can often be bypassed due to misconfigurations. “Containerization is not a secure enough barrier for tenant isolation,” Luttwak stated. After discovering these vulnerabilities, the researchers responsibly disclosed the issues to each service provider. Ben-Sasson praised Hugging Face, Replicate, and SAP for their collaborative and professional responses, and Wiz worked closely with their security teams to resolve the problems. Despite these fixes, Wiz researchers recommended that organizations update their threat models to account for potential data compromises. They also urged AI service providers to enhance their isolation and sandboxing standards to prevent lateral movement by attackers within their platforms. The Risks of Rapid AI Adoption The session also addressed the broader challenges associated with the rapid adoption of AI. The researchers emphasized that security is often an afterthought in the rush to implement AI technologies. “AI security is also infrastructure security,” Luttwak explained, noting that the novelty and complexity of AI often leave security teams ill-prepared to manage the associated risks. Many organizations testing AI models are using unfamiliar tools, often open-source, without fully understanding the security implications. Luttwak warned that these tools are frequently not built with security in mind, putting companies at risk. He stressed the importance of performing thorough security validation on AI models and tools, especially given that even major AI service providers have vulnerabilities. In a related Black Hat session, Chris Wysopal, CTO and co-founder of Veracode, discussed how developers increasingly use large language models for coding but often prioritize functionality over security, leading to concerns like data poisoning and the replication of existing vulnerabilities. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
August 8, 2024in Salesforce

Subscribe to our mailing list. Join our mail list to receive our newsletter

We'll keep you up to date with our latest news, insights, free resources, and much more.
Don't worry, we won't spam you.
gettectonic.com