Show Notes
A podcast about cloud adoption and cybersecurity.
Website: https://www.globaltech.tv/
Social networks: https://linktr.ee/globaltechtv
View Full Transcript
Episode Transcript
[00:00:03] Speaker A: Hello, everyone, and welcome to another episode of Global Tech tv. And today we are doing a special edition, the end of the year episode. Hopefully we will do it every year.
So we are at the end of 2024 and just before 2025. We should say 2025 right now. And we thought that it will very, very interesting to do a special something different that we do and not just summarize the things that happen in the months like we do every month. So bringing something special.
And I think that we will try to see also the trends that we saw in 2024, but also try to look at the Future and what 2025 will bring to us. So the first topic and most of the experts here are from the cyber security.
What was the biggest, biggest cybersecurity news do you think was in 2024?
[00:01:08] Speaker B: I have surprising news for you today. For 2024, I think that lots of people can summarize what was the biggest or the strongest or the most interesting one or the most positive one for you, Angie. But I'm not sure if I chose the relevant one. But I will try my best. Is it okay, Ariel?
[00:01:33] Speaker A: Yes, yes. You're always surprised.
[00:01:37] Speaker B: Okay. Okay, thank you. Thank you. So I look at different attacks that we spoke about during, during this show and you can rewind back to our episode and see that. But one of the things that was rememberable for me, and I think I did that show, by the way, with Uriel, when we spoke about Ticketmaster and the show, when we spoke about Coldplay and Taylor Swift. Do you remember this one? No, unfortunately you need to drink a different water. So maybe refresh your memory.
The attack basically was under Snowflake, one of the biggest vendors that holds databases and one of the biggest attacks driven by exposing legitimate credentials. The first bird, the first tweet that we got was after other Ticketmaster. But when we summarize this attack, the the attackers actually access accounts in various companies that are using Snowflake and they stole a very important data. The victims was not just Ticketmaster, as I mentioned. One of them is Santander Bank. I think you know them. They have account over there.
Sorry.
[00:03:10] Speaker C: It's the biggest Spanish bank in the world as far as I know.
[00:03:14] Speaker B: Yeah, yeah. I didn't want to put them on the spot. I just want to see if Ariel have an account over there.
[00:03:21] Speaker A: I. I will tell you in this forum, but maybe I have in Kaisha.
[00:03:26] Speaker B: Okay.
Ticketmaster and one of the leading compromise organization was at and T and that led to millions of records that have been compromised. And what AT&T actually discovered, they said that the amount of compromise data was for 7 month period from 2022.
Meaning that if you had an account in AT&T during the. Let's say they didn't sing from the beginning to the end or the middle, but they say seven months period in 2022. If you had an account over there, they have your credentials, you have your numbers, you have all your details what make it even much stronger and big attack that we can speak of. Let's speak about some of the key issues that we that we understand from this attack. So first of all they use an info stealer malware to steal the the credentials.
One of the issues and maybe it's a spoiler for the next points. There was a lack of MFA and I think ar gonna speak about it. I saw your notes spoiler.
So over 80% of the accounts were compromised for lacking of MFA.
And the second thing was misconfiguration of SSO single sign on. So it was easy first of all to steal the credentials, reuse them. There was no double verification. There is no single sign on. And come on, it's going to be easier and very attractive for the attackers to have a target like that. The impact again was the data breach. Sensitive corporate data customers that in risk they had a financial loss. I don't know if you had stocks with snowflakes but the stocks went down man.
Now it's back again. But back then it's impact very tough on the on slow Flake stock and the price of the of the company and of course reputation damage, loss of stress of the stakeholders either in the bank, in Santa Del bank, also in Ticketmaster and also in AT&T and of course in Snowflake.
What could be prevented? So first enable MFA multi factor authentication. Do you active your multifactor authentication today Ariel?
[00:06:11] Speaker A: In everything that also my daughter has my multifactor authentication TikTok and YouTube and everything.
[00:06:18] Speaker B: And Facebook.
[00:06:19] Speaker A: Yeah, she doesn't have. She doesn't like Facebook.
[00:06:22] Speaker B: I just see her pictures over there. That's the reason I asked.
Okay. Okay. So MFA audit credential regulatory meaning do an access review making sure that you rotate them. Have the relevant policy train the employees to recognize a phishing attempt and also advise them how to report on this phishing attack. Do they have an email to report on that?
Can they send via Slack or any other communication tool to make sure and say hey, maybe there was a phishing attempt and that will assist a lot to the incident response to the sock to the Security management, the entire security team and last but not least, secure SSO configuration single sign on ensure the proper setup to avoid vulnerabilities.
Conclusions Proactive measures are essential to any vendor, especially the one that's responsible for multi functions and critical areas lack databases. So Snowflake, please be more sensitive with our data.
So and of course we're going to put in the notes the the link from Dark reading all the information about this attack.
This is my right.
[00:07:57] Speaker A: Right. So Ng please can you share your biggest or your important or your surprising event?
[00:08:04] Speaker D: I think I'm gonna focus this time in not such a positive news.
[00:08:09] Speaker A: Oh no no no no no no no no no no no no no.
[00:08:15] Speaker B: I wanna listen better, I wanna listen better to the news.
[00:08:20] Speaker D: Well it's positive for everyone who loves bug bounty and especially for me that loves these juicy vulnerable most professionals have found in the past year in 2024. And I would love to just touch upon one of the major vulnerabilities that affected the cybersecurity industry this year. And I would love to talk about Cash Breaker. So Cash Breaker has been such a major vulnerability. It has been identified. I know that you know I also like to get a bit technical so you might hear a lot of numbers throughout my news. This is identified as CVE 2024 of course 31901 and basically what this vulnerability tried to exploit is that it targeted Intel's and of course their AMD CPUs. I would love to walk you guys through how the attack occurred really briefly. I won't take much of your time. Basically it was a side channel attack which exploited specific execution to leak sensitive data across shared cloud environments. So this vulnerability raised alarms as it would potentially compromise data in multi tenant cloud infrastructures. Also this is a backbone of modern computing and on the same time while mitigations were swiftly rolled out via microcode updates and of course OS patches, the performance of these trade offs reignited multiple debates regarding security versus efficiency in hardware design. Also this discovery served as a stark reminder for all of the professionals in the industry and all of the vendors as ras mentioned to remind them of the persistent threats we are facing, especially at the hardware level. And also to emphasize more I would say the importance of secure by design principles.
[00:10:20] Speaker A: It is good that Russ didn't mention the number because he was testing me later. So Raz, do you remember the number of the CVE?
[00:10:29] Speaker B: Let me memorize it. 2024-901.
[00:10:36] Speaker A: It's good that we have the notes.
[00:10:39] Speaker B: Why are you telling my secrets? Ariel?
[00:10:42] Speaker A: Yeah, you Came with surprises today so I need to to attack a little bit.
Great. Anything for a UAL to note or to say something about this vulnerability. It doesn't go well for me regarding distancing vulnerability.
[00:11:03] Speaker C: I'm just wondering if it's somehow related to confidential computing and all the way that you do attestation at the CPU level Because I don't recall reading specifically about this vulnerability.
[00:11:17] Speaker D: Yes, definitely. As I mentioned this was targeting intel as an organization as a whole and it specifically targeted their biggest specialty or their money maker which is a AMD cpu. So that's what they tried to exploit and then later on leverage.
[00:11:33] Speaker A: Okay.
[00:11:34] Speaker C: Okay, great.
[00:11:36] Speaker A: Interesting. And what is the the biggest for you?
[00:11:41] Speaker C: So I was trying to think the thing we spoke about is in the past I just focus zooming in on one specific issue related to cybersecurity specifically to resiliency. In July 2024 the world suffered from the from a global IT outage due to malfunction software update in crowdstrike antimalware solution. We all heard about it.
Just to give you some numbers a promix around 8.5 million devices worldwide were affected. The outage caused disruption across various sectors including airlines, healthcare and financial institutions.
And the global financial damage was estimated to be at least $10 billion.
So huge number was still suffering from it. I know there's still a lawsuit between Delta airlines which they they sue Crowdstrike and Microsoft they they throwing mad on each other. I don't know how it's going to end it at court but I'm guessing in terms of the board of directors or their shareholders they had to do something about it. They couldn't just say we got we we were doing not the best work we can do in in terms of cyber security in terms of IT resiliency. So things going on in court some recommendation for future thinking about both for software companies but also for any organization who deals with software updates.
The recommendation are to in order to avoid similar events in the future to test all updates in isolated environment before deployment in security patches. It's something that makes sense with anti malware updates with signature updates getting more complicated. But at least this is the recommendation.
Release updates to a small subset of systems first then gradually expand to the entire network. Again you don't want to crash 20,000 machines just because of a software bug.
Ensure the ability to quickly revert changes in case of unexpected issues.
It's a very good best practice. I don't know if it will be relevant for this for the crowdstrike issue because they Got blue screen of death. So I'm not sure they can, they had the ability to roll back. But in software development you should always think about rollback and conduct regular disaster recovery drills.
Design system with built in redundancy to minimize the impact of potential failures.
And the most important recommendation, implement strict approval and documentation procedures for all, for all system changes so change management makes sense. But again we need to practice, we need to practice incident response and disaster recovery because eventually everything breaks. So this is my zoom in for the cybersecurity topics. At least for 2024.
[00:14:58] Speaker A: I can join the everything breaks eyal. And this is why I'm recording without the black shirt. But I am thinking a lot, a lot, a lot, a lot. Maybe because it's in the middle of my annually vacation about what to do next with my, with my career, let's say. And, and I look a lot at the organizations and I look a lot about this area of security, cyber hackers. And I see that companies are investing and investing and investing a lot. And I read all the, all the, every, every day, months or week about new attacks. So please, expert people tell me why should I invest so much if at the end they will attack me anyway? So this is my question. This is, I don't, I don't want to say that I understand as you this field but for me it's very important to see, okay, what as a ciso, as an organization, what should, should I do?
[00:16:13] Speaker C: Investing money in cyber security is the same way of doing like healthcare insurance. You pay money every month hoping you won't really need it sometime in the future. But this is one of the reasons to invest money in cyber security. Another issue is, I would say business wise you can see that whether you're a startup or an SMB software company who want to sell something to customers, whether they're SMBs, whether they are large organizations, at the end of the day they want to see that you're doing proper way of developing your software, protecting your software. And eventually whether you're selling some cybersecurity products or just any other kind of commercial products, the customer would like to know that the software they're using is safe, it's protected by default, and it's a way to show how you manage the risk as a vendor when you're selling it to customers. And from the customer size, customer would like to know that you're actually protecting their data.
So it's like two ways of looking at the same thing. But basically this is why you need cybersecurity. You Want to protect data and you want to prove to your customers that data is protected.
[00:17:42] Speaker A: Is it really protected?
[00:17:45] Speaker B: See, I have, I appreciate what they all said, but I have a bit different view.
The thing is that we cannot stand still, meaning when technology is moving forward, we as practitioners, CyberSecurity or either IT or Cloud architecture or experts, we need to keep on track. Meaning that we cannot just stand by and say hey, what we did yesterday, it's also going to affect the future, but the futures look different.
And this is one of the issues that I see. So if you don't adopt the new technologies that assisting the business, the one that's gonna adopt it is the attackers faster and they smart and they have a motivation for you as employee. I'm not saying you specifically what but this average employee, John Doe walking one of the biggest banks going every day to his office, he doesn't have the motivation to steal and the energy $1 million. And when or do anything that it's going to be bad that give him the rush or here and attackers and crime, they have this motivation.
Does it give you the answer?
[00:19:16] Speaker A: Yeah, yeah, yeah. I, I, I just, I am.
[00:19:19] Speaker B: Did you see the house of cards? House of cards in Spanish?
[00:19:23] Speaker C: Yeah.
[00:19:24] Speaker A: Yesterday I was, Yesterday I was talking to my brother. I said, okay. I told him if I will start again my career, I will be a hacker. And he told me no, don't, don't speak or this is what I want.
[00:19:39] Speaker B: Or you can be a drug dealer.
[00:19:41] Speaker A: Yeah, it's the same. Yeah.
I will not share more insights.
[00:19:48] Speaker B: That's joking. Okay.
[00:19:50] Speaker A: Yeah.
[00:19:51] Speaker B: Chiefly back to the, the topics.
[00:19:54] Speaker A: Yeah. Ng, please.
I, I don't know if you want to add something about what I said previously.
[00:20:04] Speaker D: Course. I would love to start with an advice towards you after hearing Ras in Eyal not to panic. There are a lot of advices that we can implement not only for vendors, for of course for organizations as well. Looking mostly towards 2025. I would love to, as we step through the new year of 2025 and of course keeping an eye back and keeping on perspective all the recent events from 2024, I would love to remind everyone how critical it is for both vendors and organizations as well to stay ahead in cyber security. What does it mean? Well, basically for vendors it's all about building trust. Whether that's through secure development or protecting the supply chain, or even using AI to anticipate counter threats. Transparency and adopting zero trust principles for me are no longer optional. Also for organizations, I think that the focus should be on getting the basic Rights. What do I mean by that?
Mostly strong cyber.
[00:21:09] Speaker A: What do you mean by that?
[00:21:10] Speaker D: I was waiting for you, please.
Well, I would love to remind the basics. I think in building a great cyber security organization or even an organization which is trying to implement cyber into its hierarchy. I think that strong cyber hygiene, solid incident response plans, this is very, very important to invest into this especially and of course preparing for challenges of quantum computing which has been one of the recent trends that has followed throughout the whole year of 2024. And above all, I think that we all need to implement the human factor and understand how crucial it is and how much importance should be put onto it to of course work, share real time threat intelligence and also foster a culture where I think that cybersecurity, it's not only a priority, but it's a shared responsibility.
[00:22:09] Speaker A: Yeah, yeah, shared responsibility is the key. And I can say that you stole the question focusing what can we advise to organizations and also to vendors for what to do in 2025? Again, I'm not stealing the focus of this episode. I'm really thinking about trying to solve things to the end and I know that we can't in technologies but I think that really what I would like to ask the vendors is from one side to make things simpler if they can and also put a lot of time for education, not selling but to educate and try to, you know, not. I think that the security landscape is went from a few years ago to hundreds of hundreds of best of breed and now trying to make some consolidation. I think that at least from again I'm not an expert at CEO. This is what I see and I encourage companies to buy more startups to make this consolidation. That I think is very important. And you said after 26 minutes of this episode the Ngai so I think that companies, organizations should focus really on the AI strategy, not as a buzzword to plan well what they will do and to plan what not to do in AI because a lot of companies are wasting a lot, a lot, a lot of money and in the end getting nothing from this AI. And so there are my coupons from the recommendations and Eyal, please if you can share yours.
[00:23:59] Speaker C: Okay, so my recommendation, I'm talking from two different angles.
A trend that we saw in 2024 we mentioned in the beginning of this conversation. Cloud providers began forcing the use of MFA for any interactive login.
So far it was like optional. But starting 2025 the use of MFA will no longer be optional but mandatory. And I'm expecting more and more vendors, both cloud Providers and cybersecurity vendors to put more efforts into releasing their products with security settings enabled by default. Allow customers to have documentation about how to configure the system. That's fine, but make sure the security is enabled by default and not something that requires manual opt in. So this is from the, let's say from the commercial or vendor side.
If I'm zooming in into organization side into customer side. So I would look at, I would say it's crucial to embed security controls in all stages of the development lifecycle. And I'm specifically talking about organization who actually build their own applications for internal use or for external customers from running code scanning directly from the developer's ide, implementing vulnerability scanning on any third party packages.
Naturally we're all open source today and there's no really a development team who doesn't use open source libraries or packages from whatever source they found on the web. There are ways to do scanning and decrease the amount of the chance of having vulnerable packages inside of our application before they reach production.
Something again, if we're talking about a few years ago about the log 4J vulnerability and we see it every time somebody tried to inject a malicious code into our applications. So we need to have a documented social bill of materials or SBOM to have an asset management repository so that if tomorrow we get a release about a new vulnerability about specific package, at least we'll have a document that will say okay, are we using it or not? If we're not using it, I don't care if I am using it. Maybe we should look whether or not it's being actually being in use, not just as part of my packages and is it actually exposed so I'll know if I need to patch it right away or maybe I can, I don't know, do something else and within a few weeks only then replace it with a clean version.
And we need to continuously monitoring application and infrastructure as they are running in production until we decommission all systems. So these are my recommendation both from vendor and organization side.
[00:26:59] Speaker A: Okay, great. And Raz, what about you? You were a little quiet in the last few minutes.
[00:27:06] Speaker B: I'm listening carefully. I don't want to repeat my friends and the thing that I was thinking about because I was listening to Angie and I was listening to AR and of course I was listening to you Ariel, when you spoke about education.
Yeah but when I'm thinking and I've been in two sides of the, of the, of the road, I've been a vendor and I'VE been a customer and one of the things and all them were surrounding, you know, cybersecurity. One of the biggest issues that I had myself and I put in one of my pains is how to bridge the gap between cyber security and the business risks. Because c and this what I'm trying and expecting the vendors let's Assist us the CISOs develop tools that can assist the CISO to be more aligned with the cyber security strategies and showing the business objective. So it's going to be easy to show.
I don't want to say easy to show but how we can use our budget for next year.
Maybe we will be able to show cost reduction.
Always think that maybe we're not just utilizing your tools, your vendor tools the way we wanted to do and just give us maybe different feature discounts and maybe then we're gonna use better and bigger features that you're gonna put on your roadmap on 2025. But then I'm gonna actually bring a value.
So think about the customers, not just how to expand your platform. So this is one thing, second thing. One of the biggest concerns that I saw as, as as a customer and I was expecting the vendor to assist me. I want to know and understand better the threats that fit to my organization. Don't send try to sell me product that gonna give me threat intelligence from the dark web or other places which are not relevant to protect my business.
I want you to see more AI driven solution that deliver actionable insights and improve the politicization of how we, how we deal with threat intel and not just splatters with lots of non relevant threats. And then based on that we actually buy non relevant tools and then we spend money. Yeah, because it's always driven, hopefully supposed to be driven by tracks.
[00:29:55] Speaker C: Okay.
[00:29:56] Speaker B: This is the second thing, third thing.
In the end of the day when there are so many tools it's tough to connect each other. So yeah, you have integration, you have APIs and everything looks so fine when you do your speech decks. But in the end of the day some plumber, what we call DevOps actually connecting the dots in the back scene. It's so tough to integrate the solution. So I'm expecting to have more seamless existing integration and workflow. It's going to be easier on the, the sock. I want to say poor sock people but I don't want to say poor. But these people that need to connect all this type of Grafana together with splunk, together with the alerts, nobody speaks about it. Please assist come with a Very creative idea to make it easy to find the relevant threat and then protect better on any organization out there.
So this is my three suggestion for vendors organizational side. There are a few fundamentals that I like to implement. Identities are everything back in the 90s, 2000, firewalls, perimeter, all these type of things. We all know it doesn't matter if it's non human identity which is very buzzy right now. A human identity. In the end of the day we have so many identities and this is the number one priority to focus on. And this is what I will tell any organization out there in different ways. There are so many subcategories that you can protect, so many frameworks that can assist you to implement.
But for me, identities, this is the first and number one priority to focus in any organization because it's changing all the time.
Second thing, we're speaking about cloud a lot aligned with security but what we forget that most of the security team are very look like this team. Some of us specialize in cloud, some of us specialize in cyber, but sometimes we don't speak the same language.
How we can take these two words and upscale the talent by using your words. Educate them while it's cloud how to mix it together with threats. And this is a challenge and understanding both ways because cloud so complex. It's not enough to have your certification online and say I'm a cloud architect.
No, it's much more tougher than that. And I think there is a gap and if I was an organization right now I would invest a lot in education and education and upskill my threat people to be more understanding on the cloud or either way taking the cloud people understand better threat. And this is a different debate that I'm not going to open right now. And the third one is the sock. This is the heart and the soul of any organization. Cyber security focus over there bring export experts put more attention.
Please understand that these people have a very tough job to make and we need to improve their capabilities to give them more tools so they can have better detect and respond capabilities.
Okay, okay, dropping the mic.
[00:33:59] Speaker A: Like all the the insights that all of you gave to vendors and organizations. Hopefully we will see the implementation in some places. And now you speak about cloud. So let's move to the cloud. Not dialing people, just cloud computing Following Microsoft Ignite and AWS Re invent. Eyal, please share us what are the most important announcements that we had in 2024.
[00:34:30] Speaker C: So it took me a while to look for to pick things that were impacting us or Announcement or critical or biggest one if we're looking at Microsoft Azure. So one of the biggest announcement from 2024 is the Azure AI Foundry. It's a comprehensive platform that consolidates Azure AI models, tools and safety solutions to facilitate enterprise AI development.
Ariel, what happens to your camera? You're flipped aside.
[00:35:07] Speaker A: Yeah, sorry. Sorry about that.
[00:35:11] Speaker C: Okay. As is.
[00:35:12] Speaker A: You can continue. Yeah, you can continue.
[00:35:14] Speaker C: Okay, so Moving on to AWS one of the biggest announcement from AWS in 2024 was the AWS Security Incident Response Service. They had a lot of genuine But I'm trying to focus something else.
This specific incident response service helps organizations to quickly prepare and respond to security incidents in their AWS environments. It features integration with Amazon GuardDuty and AWS Security Hub automated monitoring and triaging of security findings. So from my perspective these were probably their biggest announcement and if we're moving on to Google Cloud One of the biggest announcements From Google in 2024 was the release of Google Axion processors. They are ARM based CPUs designed to enhance performance and energy efficiency for cloud workloads. It's not the first ARM based processors, naturally not the first processors that ever did, but it's an interesting announcement. These processors are approximately 60% more energy efficient than traditional CPUs and have been integrated into Google's infrastructure.
So this is my perspective from the cloud vendors and something that is cloud related but not to cloud vendors specifically.
In the mid year of 2024 IBM announced its plan to purchase Hashicorp. One of Hashicorp's most commonly known services is Terraform and infrastructure as code language supporting multiple cloud providers backed by strong community support.
As a result like few days later the Linux foundation announced a forked version of Terraform called opentofu which is now being supported by several startups which which will remain open source. So they're saying we're for the community less for the commercial side.
Many customers who already used to deploy an automated workloads using Hashicorp Terraform are now debating if they want to pay for the commercial license which HashiCorp, IBM or switch to the Open Source edition.
I'm assuming we'll hear more about it where the industry is going in 2025 about infrastructure as code.
[00:37:54] Speaker A: I think that the name Tofu is a great one. I think that Raz and myself invented it but okay.
[00:38:00] Speaker B: Tofu is very healthy.
[00:38:05] Speaker A: Yeah and thank you Eyal for sharing the important announcement. What about you Raz?
[00:38:16] Speaker B: Most of my understanding on the cloud is actually I think that the problem and I like to look at problems and more lesson announcement is that and back to identities in cloud they're trying to bring you some features and say especially in AWS gcp I'm not talking about Microsoft the announcements of giving you the way to track assets or giving you the way to track users that not bring you a full suite of capabilities or platform to leverage and actually manage. I know that AWS have that entity center. Yeah right. But it's not something that can be compared to what Microsoft can can give you. And one of the things that I hopefully that was few features that was was announced over there in re invent but still I was expecting to see much more larger platform in the same breath I can say it gives opportunity maybe to the next startup to do that.
[00:39:34] Speaker A: Yeah yeah it's good always to have more and more startup. Angie, what about you?
[00:39:42] Speaker D: I think that this year regarding AWS Reinvent and Microsoft Ignite not only Tofu has been really healthy in our lives, but also these events. I think that they beside the jokes, they have shaped our industry. And also our podcast, why not. We have had news from these venters almost on each episode that we have uploaded. And if we keep on reflecting on 2024 and focusing on these two main events, I would say that the cloud space was brimming with innovation and it has been highlighted by the announcements of Microsoft Ignite and also AWS Invent. And I would like to say that going into correlation with what AI was mentioning, the biggest highlight that came out of Microsoft Ignite was pushing the envelope with new AI powered security tools and also these tools mainly being integrated with Azure. These tools were mostly promising deeper threat detection and automation for the cloud workloads. On the other side, one of my specialties, AWS brought us way more news and way more updates and a focus in a different sphere that we haven't talked much of it yet. AWS basically focused on unveiling advanced quantum computing services. This has been the highlight and I think it's a trend that is here to stay and follow us for the years to come.
They also revamped their Nitro system. They enhance performance and security for the EC2 instances. And of course both these giants as they are, they emphasize sustainability. They kept having commitments to greener data centers and also more efficient cloud operations. On the other side, all these developments have signaled an existing shift, I would say, where security, performance and sustainability are coveraging the shape of the future of cloud computing.
[00:41:49] Speaker A: Okay, I'm reading a lot about quantum computing later.
[00:41:56] Speaker D: Yes.
[00:41:57] Speaker A: Yeah. And let's see if this all the gen AI and AI will move it faster. But yeah, it will follow us for the next few years at least from my point of view, as I mentioned before and we talk also with Eyal in a previous episode around the complexity and what is going on around I think enterprises that want to adopt cloud and I think that lately I'm talking to more and more decision makers that bring it a lot to the table. It's coming I think back to a few years ago why to use cloud if we need cloud, when we need cloud. And it's really a talk that I think that forgot for a few years because it was like in hype. Everybody must be in the cloud. And lately I am having more and more talks around this cloud journey and how difficult it is and again more from the enterprises, right? And with all the legacy and not with startup that they will keep using the cloud.
So this is my point of view and the important thing to take from 2024 and going to 2025 thinking again how to do the things more simpler and help companies to do better. You know, business side, technologies side and taking all this thing together.
I would like now to make a small stop because we are almost at an hour. I think we have more to talk about 2024and 2025. So we will stop for for now. But don't worry, we will come very shortly. So bye only for now. Bye.
