The UK government has opened an online scheme that offers discounts for small businesses and startups looking to adopt digital services.

The Help to Grow: Digital website launched on Thursday with a number of ‘approved’ software service packages and a range of video guides already available.

Small businesses can get discounts of up to £5,000 off the retail price for a selection of customer relationship management (CRM) and accounting services.

Approved CRM providers include UK-based companies Zemplify, Swiftcase, and Gold-Vision, while accounting deals are provided by Sage, Quickbooks, and a number of smaller British providers.

The government has also said that additional software categories will be available soon, but has only confirmed e-commerce so far.

The scheme was pitched as part of chancellor Rishi Sunak’s spring budget in 2021 as a response to the pandemic and the increased uptake of online and digital software. It’s aimed at SMBs and startups that are at least 12 months old and have between 5 and 249 employees.

Eligible businesses must also be purchasing the approved software for the first time, with the financial discount only covering 12-months worth of product costs (exclusive of VAT).

The scheme can be accessed through a government portal where applicants can search and compare all the ‘approved’ services. A tool has also been provided to help less experienced applicants find out what services they could use, although this does require handing over additional business information, such as how they typically engage with customers and the size of their IT teams.

Those that are new to digital tools can also browse a library of video explainers and tutorials that walk them through various elements of software adoption and how businesses can best make use of them. It also includes explainers on CRM software and guides to finding out which products are best, as well as a complete list of the ‘approved’ providers.

​

Singapore and Silicon Valley ranked joint second when it comes to data centres, with Northern Virginia taking first place and expected to become the world’s first two-gigawatt market.

A new report from Cushman & Wakefield, a global real estate firm, has ranked global data centres by scrutinising them against 13 factors, including political stability, connectivity, and sustainability.

The authors analysed 30 research sources, 55 global markets, and 1,333 data centres as part of the study.

Atlanta and Chicago were ranked in joint-fourth place, followed by Hong Kong, Phoenix, Sydney and Dallas. In joint tenth place were Portland and Seattle.

The report said it comes as no surprise that Northern Virginia finished in first place as it’s the largest data centre market in the world, with excellent connectivity, attractive incentives, and low-cost power. Demand for data centres is high, with operators and tenants alike interested in expansion. The report predicts the area will become the world’s first two-gigawatt market over the next two years.

Singapore moved up from fifth place last year to joint second with Silicon Valley, despite a lack of available development land in both. This is especially surprising in Singapore’s case, as it has had a ban on new data centre construction over the past year.

The report said both have strong ecosystems, excellent connectivity, consistent demand, and all major cloud services available and expanding where possible.

Hong Kong jumped into the top 10 for the first time this year, largely due to its robust development pipeline, excellent networks, and availability of all major cloud services.

However, Madrid was by far the largest gainer in the rankings, moving up to 19 from 34, thanks to it’s low-risk location in respect to natural disasters, and its support for major cloud services.

Singapore also came first when it came to fibre connectivity and smart cities. However, it also ranked in 53rd place when it came to land price for data centres, priced at just under $2,000 per square foot at land, compared to Columbus in first place which was priced at less than $5.

The city-state has had a moratorium on building new data centres for the past year, although the government is planning to lift this soon after constructing new rules that place strict energy efficiency requirements on all new sites. Singapore’s government plans to only authorise new data centres that are best in class in terms of resource efficiency, and it will be more selective of which data centres it can accommodate.

Google has said it will give those with free G Suite accounts until 1 July to upgrade their plans to a paid subscription, after which point they will lose access to most of its services.

Announced in an email to customers on Wednesday, the policy will not apply to those businesses in the non-profit and education sectors, which can continue to use the services free of charge.

The announcement comes a decade after the tech giant suspended the free basic tier for access to Gmail, Calendar, and Google Docs.

Prior to this, between 2006 and 2012, the tech giant allowed business users to create their own custom domain account for free, as opposed to using the gmail.com email address.

The service has been a paid privilege since 2012, yet legacy G Suite users have been able to continue using their custom domain accounts for free for ten years.

However, based on emails sent to account administrators yesterday, Google seems to have had a change of heart.

“We are writing to let you know that your G Suite free edition will no longer be available starting July 1, 2022,” the email, seen by Google9to5, reads.

The message warns account administrators that, in order to maintain their services and accounts, they will have to upgrade to Google Workspace, which was launched in 2020 as a fully-integrated productivity platform containing widely-used G Suite apps including Gmail, Calendar and Drive, among others.

Users that upgrade to a paid business tier by 1 May 2022 will be able to use their new subscription for free until “at least” 1 July, the tech giant stated.

Meanwhile, those who don’t select a tier and have their billing details available will be automatically upgraded to a paid subscription by Google. If no billing information is available for an account, Google will suspend the account for up to 60 days, after which users “will no longer have access to Google Workspace core services, such as Gmail, Calendar, and Meet”.

However, they “may still retain access to additional Google services, such as YouTube and Google Photos”.

In order to restore their suspended account, users will have to provide a valid form of payment.

Google’s most basic tier, the Business Starter, costs £4.60 per user per month, and is currently discounted to £4.14. However, the tier only allows 30 GB cloud storage per user, with users wishing to upgrade their storage having to pay twice as much per user per month.

Rackspace has agreed to acquire cloud-based data, analytics, and AI firm Just Analytics as it aims to strengthen its APAC footprint.

Just Analytics was founded in 2011 and has over 100 employees headquartered in Singapore with others based in Vietnam and India. The company helps clients to design and create scalable data pipelines using its proprietary data platform Guzzle, paired with cloud-based data and analytics services that give customers a unified view of their information assets.

Rackspace said the acquisition brings strong regional ties into the Microsoft Azure ecosystem, as Just Analytics was recently awarded four regional Microsoft partner of the year awards.

The data platform is on the Microsoft Azure Marketplace and automates the movement and transformation of any volume, variety, and velocity of data from a range of sources to data pipelines at scale for production. Just Analytics AI also uses Guzzle to deploy predictive capabilities and business intelligence to analyse data from critical business and operational functions for business end-users.

“The acquisition of Just Analytics ties into our growing professional services focus and brings market-leading cloud-based data, analytics and AI capabilities that are in demand from our customers and prospects,” said Kevin Jones, CEO of Rackspace Technology. “In addition, we will benefit from the company’s strong APJ regional ties, talented employee base, and natural evolution up the IT services stack. These benefits will provide a clear tie between our services and important customer business metrics.”

For now, Rackspace will keep the Just Analytics brand for the foreseeable future as it said the company has built a well-known and respected brand among the leaders and customers of Microsoft Azure Data Analytics.

The APAC region continues to garner interest from technology companies, with Google Cloud opening a new region in Melbourne last July. This was the firm’s second region in Australia and its 11th in APAC overall, stating that its customers operating in Australia and New Zealand would now be able to benefit from low latency and high performance of their cloud-based workloads and data.

This was followed in September by AWS saying it would launch its first New Zealand data centre by 2024 by investing around £3.9 billion over the next 15 years and creating 1,000 jobs. The Auckland region is set to be made up of three availability zones and joined the existing 81 zones across 25 geographic AWS regions.

Microsoft has released an emergency out-of-band (OOB) update full to address an array of issues found in last week’s Windows Server patch, but IT administrators are in agreement that they will not apply them.

Last week’s Patch Tuesday fixed a host of issues across Microsoft products, including a number of zero-day vulnerabilities, but Windows Server administrators have complained that some of the patches released have created even more problems.

Because of the issues introduced by the most recent cumulative patches, IT administrators discussing the issues on Reddit are mostly in agreement that forgoing the patches and waiting for the next cumulative update in February is the best course of action to minimise operational disruption and complexity.

The patches issued last week have been breaking a number of key components in business environments and the solution many administrators have turned to is to uninstall the updates entirely. 

Four main flaws

The latest out-of-band update from Microsoft issued this week aims to address the issues faced by businesses running Windows Servers but in some cases, it first requires administrators to install the broken patch from last week.

The issues businesses are currently facing include domain controllers unexpectedly restarting and entering boot loops every few minutes. The issue is thought to affect all supported Windows Server versions and the failure in the LSASS.exe process means Windows cannot run correctly.

Microsoft Hyper-V is also affected by the patches, with enterprise virtual machines (VMs) failing to start on some Windows Servers. In addition, ReFS-formatted removable media is failing to mount post-patch, which has caused issues for administrators thinking their external drives were corrupted. Numerous reports of experts formatting their drives after applying last week’s patches, only to realise it was in vain, have appeared on social media, too. 

To cap off a bug-laden release of patches, some L2TP VPN connections are also failing across Windows 11, Windows 10, and certain Windows Server versions. 

Microsoft has issued fixes the all of the aforementioned issues and aside from the ReFS-formatted media issues, they are cumulative updates which means they do not require administrators to install the broken patch from last week first. 

The updates are available in the Microsoft Update Catalogue which also has instructions on how to install the updates manually into Windows Server Update Service (WSUS).

A risky response?

Despite most of the updates being cumulative, IT admins are seemingly still in agreement that they will be waiting until February, or until a fully safe wave of patches arrives, to fix the Windows Server issues.

One user said: “I’ll be waiting on the cumulative… I’m not reinstalling a broken patch I just removed from a bunch of servers to then have to immediately apply a fix to said patch.”

Another user said installing the out-of-band update made matters worse: “[We] received the bad updates this morning, and Exchange wouldn’t see the Active Directory (AD) environment anymore. I saw the optional OOB update and installed that – [it] actually made the problem worse. I removed all of the updates and AD was back to being seen and Exchange was finally working.”

Weighing in on the matter, outside experts have said the idea of forgoing updates is one that shouldn’t be taken lightly and the risks of leaving environments open to known vulnerabilities need to be considered on balance with the potential disruption the updates themselves could cause an organisation.

“This is very much a question of risk management and risk assessment,” said Andy Norton, European cyber risk officer at Armis to IT Pro. “Clearly the risk from installing the patch is one of disruption to the organisation. If you balance that with the risk from a cyber attack stemming from the issues that are not addressed by failing to patch, you then have both sides of the equation and are able to make a decision. 

“There were six zero-day flaws addressed in the January patch, however, none of these zero-days are actively being exploited currently, and so it may appear that the consensus is to delay the patching process as it is riskier than being exposed to the zero days.”

Alan Calder, CEO at GRC International Group, added:  “If it were my business, and a sysadmin said they thought it might be ok to continue with critical vulnerabilities unpatched until Patch Tuesday in February, we would have had a very blunt conversation about taking cyber security seriously.”

In a statement given to IT Pro, Microsoft said: “We recommend customers install updates released on January 17.”

Researchers have found a bug in Apple’s Safari browser that allows websites to track a user’s browsing activities across other sites.

The bug, discovered by browser fingerprinting service FingerprintJS, also exposes a user’s unique ID for some websites to other sites that they visit.

The flaw, found in Apple’s WebKit browser engine, affects Safari 15 on macOS and all browsers on iOS and iPadOS 15. It lies in WebKit’s implementation of the Indexed Database API, commonly called IndexedDB, a JavaScript API that browsers use to access a database of objects, and it frequently stores data generated while interacting with a web application. This includes a user’s unique ID for interacting with web applications, such as their Google ID.

When properly implemented, IndexedDB follows the same-origin principle. This ensures that information stored from a web page is only available to web pages from the same domain. It stops over-inquisitive web pages from accessing other domain’s stored information, which could include sensitive user or session data.

FingerprintJS found that WebKit’s IndexedDB implementation fails to observe the same-origin principle, instead making stored information available to web sites from other domains.

FingerprintJS called the bug a privacy violation. “It lets arbitrary websites learn what websites the user visits in different tabs or windows,” the company said in its analysis of the bug. “This is possible because database names are typically unique and website-specific.”

The company found some websites using user-specific IndexedDB data such as ID numbers in their IndexedDB database names, making it easy for any other website to find out a user’s ID on other sites. Using this ID to look up the user’s assets (such as profile pictures) could allow identification of the user, the company warned. Google websites store ID numbers in this way, making it possible for other sites to harvest Google IDs using the bug.

The bug affects all browsers on iOS 15 because Apple mandates the use of WebKit on this platform in its developer guidelines. Section 2.5.6 says “Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript.”

FingerprintJS said that it had notified Apple of this bug on November 28 but Apple had not not patched it. Apple’s engineers began creating a patch on Sunday February 17, the day that FingerprintJS published details of the bug.

​

UK businesses are being urged to join a six-month trial of a four-day working week, as organisers aim to sign up at least 30 companies by June.

Organised by the 4 Day Week Global organisation and the Autonomy thinktank, the pilot programme will be monitored by Cambridge and Oxford Universities in order to measure the four-day working week’s impact on staff productivity and wellbeing, as well as the impact on the environment and gender equality.

​

Participating employees will receive 100% of their usual pay for only four days at work, in exchange for their commitment to maintain “at least” 100% productivity.

Autonomy co-director Kyle Lewis said that organisations taking part in the trial will benefit from “unparalleled access to the expertise, tools and resources they will need to run a smooth and successful trial”.

“This is a fantastic opportunity for organisations who want to be pioneers and trial a four-day week as a way of supporting and empowering workers, enhancing organisational productivity and having a positive impact on our society and the environment,” he added.

In 2019, prior to the mass shift to remote working, Autonomy authored a report which found “strong indications that reducing the working week can help reduce air pollution and our overall carbon footprint”.

According to Brendan Burchell, professor in the Social Sciences at Cambridge University, with the rise of technology allowing to maintain productivity, “the time has come for more organisations to take the leap and unravel the practicalities”

“This scheme has tremendous potential to progress from conversations about the general advantages of a shorter working week to focussed discussions on how organisations can implement it in the best possible way,” he added.

One of the businesses taking part in the pilot programme is the Edinburgh-based Canon, which found that the work-life balance of its 140 employees had changed “substantially” during the pandemic.

“As a responsive employer we are always looking at how we can adapt our working practices to ensure that employees find their time with us is meaningful, fulfilling and productive. For this reason, we’re keen to pilot a four-day week to see if it can work for us,” said president Ken Sutherland.

Last year, UK-based fintech Atom bank garnered headlines for introducing a four-day working week for all its employees with no change in salary. Prior to that, UK supermarket Morrisons also announced plans to shift to a four-day working week, keeping employee pay the same. However, this was only made available to head office staff in Bradford, who also had to work one Saturday per month to recoup the lost time.

Businesses can sign up for the trial until the end of March. 

​

Google Drive accounted for the most malware downloads in 2021, taking the top spot from Microsoft OneDrive.

The cloud storage service accounted for 37% of all malicious downloads last year, according to the January edition of Netskope’s Cloud and Threat report. 

CloudPro contacted Google, Microsoft and Amazon for comment but had not received a response at the time of publication. 

Netskope, a US-based cyber security provider, noted that cloud storage apps gained even greater adoption in 2021, with 79% of customers analysed using at least one cloud storage app, which is up from 71% in 2020. The number of cloud storage apps in use also rose, with organisations with 500 to 2,000 employees using 39 different cloud storage apps last year.

What’s more, cloud-delivered malware is now more prevalent than variants are downloaded via the web. In 2021, cloud app malware accounted for 66% of all malware downloads, up from 46% at the start of 2020. 

Aside from its increasing popularity, there are other reasons why Drive surpassed other services when it came to malware downloads, according to Netskope. For example, the Emotet botnet that used Box to deliver malicious Office document payloads was taken down early in 2021 but ended up inspiring hackers to use Google Drive to share malicious Office documents.

“The increasing popularity of cloud apps has given rise to three types of abuse described in this report: attackers trying to gain access to victim cloud apps, attackers abusing cloud apps to deliver malware, and insiders using cloud apps for data exfiltration,” Netskope Threat Labs threat research director Ray Canzanese said. 

“The report serves as a reminder that the same apps that you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help to prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration.”

IBM has acquired Envizi, an Australian data and analytics software provider for environmental performance management, as it looks to help customers better measure their environmental impact.

The company said the acquisition adds to its investments in AI-powered software to help organisations create more resilient and sustainable operations and supply chains. It added that companies are under mounting pressure from regulators, investors, and consumers to progress towards more sustainable and socially responsible business operations while demonstrating these measures in a robust and verifiable way.

Financial terms of the deal were not announced. CloudPro contacted IBM for more information, but the company had not responded at the time of publication.

Envizi’s software automates the collection and consolidation of over 500 data types and supports major sustainability reporting frameworks. It helps companies analyse, manage, and report on environmental goals and identify efficiency opportunities while assessing sustainability risk. 

IBM said by using Envizi with its broader AI-powered software, companies will be able to automate feedback generated between their corporate environmental initiatives and the operational endpoints being used in daily business operations. Envizi is set to be integrated with IBM Maximo, IBM Sterling, IBM Environmental Intelligence Suite, and IBM Turbonomic and Red Hat OpenShift.

“To drive real progress towards sustainability, companies need the ability to transform data into predictive insights that help them make more intelligent, actionable decisions every day,” said Kareem Yusuf, general manager of IBM AI Applications.

“Envizi’s software provides companies with a single source of truth for analyzing and understanding emissions data across the full landscape of their business operations and dramatically accelerates IBM’s growing arsenal of AI technologies for helping businesses create more sustainable operations and supply chains.”

Envizi is available as a SaaS product and runs in multi-cloud environments, serving companies like Microsoft, Qantas, and Uber.

In February last year, IBM vowed to become carbon-neutral by 2030. It planned to procure 75% of its electricity from renewable sources and cut its greenhouse gas emissions 65% from its 2010 emission levels by 2025. By 2030, it plans to reach its carbon-neutral goal by obtaining 90% of its electricity from renewable sources and implementing tech to neutralise residual emissions.

IBM isn’t the only tech company helping customers to monitor their emissions. In October, Microsoft launched a preview of Microsoft Cloud for Sustainability to help organisations more effectively record, report, and reduce their carbon emissions on a path to net-zero. The SaaS product connects to data sources and centralises and organisations data in a common format to provide a more accurate system of record that enables more comprehensive sustainability management.

Nvidia has announced the acquisition of high-performance computing (HPC) systems management provider Bright Computing for an undisclosed sum.

The deal will see Nvidia open new markets for Bright Computing, which in turn will help expand Nvidia’s accelerated computing portfolio with its Bright Cluster Manager product.

The two companies had been collaborators for more than a decade, with Nvidia integrating Bright’s Cluster Manager with its CUDA parallel computing platform and programming model, and most recently its deep learning-focused DGX systems.

Commenting on the acquisition, vice president and general manager of DGX Systems at Nvidia, Charlie Boyle, said that Bright Computing’s software and expertise will enhance the company’s growing DGX and data centre businesses,

“Now we see an opportunity to combine our system software capabilities to make HPC data centres easier to buy, build and operate, creating a much larger future for HPC,” he added.

Bright Computing CEO Bill Wagner said that “Nvidia is changing the world as we know it”, adding that the company “couldn’t be more excited for our team and software to play a part in that”.

Founded in 2009 and based in Amsterdam, Bright Computing services are used by more than 700 organisations worldwide, including Microsoft,, Samsung, Boeing, NASA, and Tesla.

The acquisition will see Bright’s workforce transferred to Nvidia. The company wasn’t immediately available for comment regarding the future of Bright’s employees or its Amsterdam office and didn’t disclose the financial details of the deal. Nvidia’s current Netherlands headquarters are based in Delft.

The news comes weeks after the UK government ordered a “phase two” investigation into Nvidia’s $40 billion (£30 billion) acquisition of Cambridge-based ARM. Over a period of 24 weeks, the Competitions and Market Authority (CMA) will consider evidence whether the acquisition of the Cambridge-based semiconductor company by the US chip giant is a threat to competition and national security.

The first phase of the CMA’s investigation, which concluded in August and covered competition and jurisdictional issues, determined that the deal could lessen competition across four markets: data centres, Internet of Things, automotive, and gaming.