It's not RCE. The commands are predefined RPCs written into the deployed code. Customers can review and approve them. Trust between the vendor and the customer is still required and Alien doesn't make it unnecessary.
It may not be arbitrary code but it's still remote code execution.
The service provider has direct access to my infrastructure. It's one supply chain attack, one vulnerability, one missed code review away from data exfiltration or remote takeover.
what better alternative do you have?
It's either you go full SaaS, which means you rely 100% on the vendor, or work like 20 years ago with fully on prem. BYOC is the fine balance imo, that requires proper infra and implementation.
The service provider has direct access to my infrastructure. It's one supply chain attack, one vulnerability, one missed code review away from data exfiltration or remote takeover.