All posts by Connor Jones

Microsoft hit with formal complaint over “monopolistic” software bundling


Connor Jones

29 Nov, 2021

A coalition of EU-based tech firms has filed a formal complaint against Microsoft alleging anticompetitive conduct related to the bundling of its productivity apps with Windows.

German content collaboration platform Nextcloud is leading the complaint and is joined by nearly 30 additional companies in the software and cloud sectors.

The formal complaint has been filed to the European Commission’s Directorate-General for Competition and Nextcloud has also reported the coalition’s concerns to German antitrust authorities, the Bundeskartellamt.

The tech firms driving the complaint are against Microsoft’s “monopolistic” practice of bundling the likes of OneDrive, Teams, and other services with Windows 10 and Windows 11.

The companies claim the practice is pushing consumers to register for the services and hand their data over to Microsoft, stifling consumer choice and genuine market competition. 

The coalition said Microsoft has grown its market share to 66% of the EU market in the last few years while smaller vendors have seen their shares shrink by as much as 26%.

“This is quite similar to what Microsoft did when it killed competition in the browser market, stopping nearly all browser innovation for over a decade,” said Frank Karlitschek, CEO and founder of Nextcloud. “Copy an innovators’ product, bundle it with your own dominant product and kill their business, then stop innovating.

“This kind of behaviour is bad for the consumer, for the market and, of course, for local businesses in the EU,” he added. “Together with the other members of the coalition, we are asking the antitrust authorities in Europe to enforce a level playing field, giving customers a free choice and to give competition a fair chance.”

IT Pro contacted Microsoft for comment but it did not reply at the time of publication.

Microsoft is currently the subject of an EU probe into its alleged anti-competitive practices, first brought to the Bloc’s attention more than a year ago by workplace collaboration company Slack.

Slack originally complained of Teams, Microsoft’s own workplace platform, and how it is bundled with the market-dominant Office 365 productivity suite illegally forced its software on users

The complaint and resulting probe into Microsoft’s business is the latest development in a long-running feud between the two companies

Hacked Google Cloud Platform instances are riddled with cryptominers


Connor Jones

26 Nov, 2021

Google Cloud has revealed that 86% of hacked Google Cloud Platform (GCP) instances in 2021 led to cryptocurrency miners being dropped into customers’ environments.

Cryptocurrency miners being installed in cloud instances was the leading issue facing GCP customers this year with 58% of compromised instances having cryptominers installed within just 22 seconds of attackers gaining access.

Google Cloud’s Threat Analysis Group (TAG) said this led it to believe the process was script-driven without requiring human intervention.

GCP customers were targeted heavily with attackers attempting to leverage the high levels of compute available to them, without having to foot the bill.

Google Cloud also revealed cloud instances have been compromised in as little as 30 minutes, with the majority taking just eight hours.

The TAG at Google’s cloud arm noticed attackers are monitoring the public IP address space for signs of unsecured GCP instances, knowing how quickly they can compromise each one. 

“Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted,” the report read.

“The amount of time from the launch of a vulnerable Google Cloud instance until compromise varied with the shortest amount of time being under 30 minutes.”

TAG researchers also noted that threat actors gained access to GCP instances through exploiting poor customer security practices in almost 75% of all cases.

Half of these cases were compromised because of attackers exploiting instances with weak or in some cases no passwords for user accounts or API connections.

This meant unsecured GCP instances could quite easily be scanned by attackers and brute-forced with minimal difficulty.

Google Cloud customers were also at fault in 26% of cases for installing third-party software in their instance which was then exploited to gain access.

Google Cloud’s basic recommended mitigations to the flaws allowing attackers into GCP instances include ensuring accounts always have strong passwords, updating third-party software before a cloud instance being exposed to the web, and not publishing credentials in GitHub projects

Container Analysis is also available to GCP customers to perform vulnerability scanning and metadata storage for containers, while the Web Security Scanner in the Security Command Center can identify security vulnerabilities in their App Engine, Google Kubernetes Engine, and Compute Engine web applications.

IBM unveils world-first machine learning training method for GDPR-compliance


Connor Jones

25 Nov, 2021

IBM researchers have unveiled a novel method of training machine learning (ML) models that minimises the amount of personal data required and preserves high levels of accuracy.

The research is thought to be a boon to businesses that need to stay compliant with data protection and data privacy laws such as the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

In both GDPR and CPRA, ‘data minimisation’ is a core component of the legislation but it’s been difficult for companies to determine what the minimal amount of personal data should be when training ML models.

It’s especially difficult when the goal of training ML models is usually to achieve the highest degree of accuracy in predictions or classifications, regardless of the amount of data used.

The findings from the study, thought to be a world-first development in the field of machine learning, showed that fewer data could be used in training datasets by undergoing a process of generalisation while preserving the same level of accuracy compared to larger ones.

At no point did researchers see a drop in prediction accuracy below 33% even when the entire dataset was generalised, preserving none of the original data. In some cases, the researchers were able to achieve 100% accuracy even with some generalisation.

In addition to adhering to the data minimisation principle of major data protection laws, researchers suggest that smaller data requirements could also lead to reduced costs in areas like data storage and management fees.

Data generalisation process

Businesses can become more compliant with data laws by removing or generalising some of the input features of runtime data, IBM researchers showed.

Generalisation involves taking a feature value and breaking it down into specific values and generalised values. For a numerical feature ‘age’, the specific values of which could be 37 or 39, a possible generalised value range could be 36-40.

A categorical feature of ‘marital status’ could have the specific values ‘married, ‘never married’, and ‘divorced’. A generalisation of these could be ‘never married’ and ‘divorced’ which eliminates one value, decreasing specificity, but still provides a degree of accuracy as ‘divorced’ implies that an individual has, at one point, been married.

The numerical features are less specific, adding three additional values, while the categorical feature is less detailed. The quality of these generalisations is then analysed using a metric. IBM chose to use the NCP metric over others in consideration as it lent itself best to the purposes of data privacy.

Credit
IBM

Researchers then selected a dataset and trained one or more target models on it to create a baseline. Generalisation was then applied, the accuracy was calculated and re-calculated (see diagram above) until the final generalisation was ready to be compared to the baseline.

Credit
IBM

The accuracy of the target model is calculated using decision trees (see above) which are gradually trimmed from the bottom upwards, taking note of any significant decreases in accuracy.

If accuracy is maintained or meets the acceptable threshold after generalised data is applied, the researchers then work to improve the generalisation by gradually trimming the decision tree from the bottom upwards, increasing the generalised range of a given feature, until the final optimised generalisation is made.

IBM launches its ‘most powerful’ quantum processor


Connor Jones

16 Nov, 2021

IBM has unveiled its latest and most powerful quantum computing chip to date, the 127-qubit Eagle processor.

Announcing the new piece of hardware at IBM Quantum Summit, it’s the first quantum chip developed by the company that surpasses 100 qubits.

Eagle is built using a new 3D packaging architecture developed by IBM which it says can support the development of future, more advanced quantum processors up to and including its proposed 1,126-qubit Condor chip, due for release in 2023.

The architecture is based on a heavy-hexagonal qubit layout – a setup that sees a qubit connecting to two or three neighbours. This configuration decreases the potential for errors caused by interacting neighbours and provides significant boosts in yielding functional processors, IBM said.

The architecture also places the qubits on a single layer while other components sit on different levels in a ‘stacked’ formation. 

The processor will be available to select members of the IBM Quantum Network starting in December.

The IBM Quantum Network is a collection of Fortune 500 companies, academic institutions, startups, and national research labs that work with IBM to advance the field of quantum computing. 

As part of IBM Quantum’s roadmap, Condor will mark a significant step in hardware advancements but further development depends on whether commercial dilution refrigerators can rise to the task of cooling such large, complex devices.

That said, the second announcement IBM made at its Quantum Summit may help towards that goal. The IBM Quantum System Two is designed to work with processors exceeding 1,000 qubits and will feature a more modular design with an overhauled cryogenic platform to optimise cooling performance.

IBM is on track to launch the system by 2023 which will help increase the scale of its chips.

The quantum computing capabilities of Eagle far exceed those of classical computers, Arvind Krishna, CEO at IBM, told HBO.

Classical computers encode information into bits represented as either a 1 or 0, while quantum computers encode information using a quantum superposition of a 1 and 0. This means information can be seen as representing a 1 or 0 – not both at the same time – a superposition is broken down to reveal a probability of revealing a 1 or 0.

The method of encoding allows quantum computers to process more complex tasks. Classical computers will work through problems in an order but quantum computers will approach problems differently, modelling all potential workloads and workstreams at once to generate answers much quicker. 

It makes quantum computing ideal for working through large data sets and for tasks such as cracking cryptographic keys, for example.

Apple unveils Business Essentials suite for small businesses


Connor Jones

11 Nov, 2021

Apple has unveiled a new package of support services designed to help small business IT teams manage their employee devices.

Providing businesses use Apple hardware, IT teams will now be able to manage all their employees’ technology needs using the new suite of tools aimed at assisting the onboarding of new team members and providing oversight on the workforce’s IT.

Dubbed Apple Business Essentials, the package includes is 24/7 phone support for IT managers and end-users, business iCloud storage, device management capabilities, and on-site repairs for businesses of 500 employees or fewer.

IT administrators are also able to bundle certain rules and required apps to different types of employees. For example, if the design team needs a specific suite of apps, they can be bundled into a ‘Collection’ and sent automatically to the team members’ devices.

Specific VPN and Wi-Fi access configurations can also be pre-determined and added to a collection to easily apply those settings to the employees who need them.

Smart user groups also allow IT teams to group employees based on factors like location, department, and job role, which can make applying these collections much easier.

For users being imported from Microsoft Azure Active Directory, they will also receive their apps and settings once added to a smart user group.

Business customers will also eventually receive priority AppleCare support to resolve any issues quickly, although they will need to specifically purchase a plan featuring AppleCare+ for Business Essentials in order to be eligible. Details for these plans will not be unveiled until spring 2022.

Apple is also touting onsite same-day repairs available to businesses in as little as 4 hours to minimise downtime. The caveat is that onsite repairs are only available on certain iPhone models, which haven’t been specified, and will be supported only in specific cities. Apple said each plan will only have two repairs available and these refresh annually.

The service is now available in beta before the full launch in spring 2022. Currently only available to US-based SMBs, plans start at $2.99 (£2.23) per month for a single device, $6.99 (£5.22) per month for a multi device plan, and $12.99 (£9.70) per month for a multi device plan with extra storage.

IT Pro contacted Apple for more information on when the UK can expect to see the service but it declined to offer any further information at this time.

“As your business grows, you may find yourself managing an increasing number of devices for your expanding team,” said Susan Prescott, vice president of enterprise and education marketing at Apple. “We understand that the IT needs of your employees, on top of everything else you’re already doing, is a lot to take on.

“To help you with that, we’re introducing a new service which brings together device management, storage, and support into one simple subscription for small businesses with up to 500 employees.”

Microsoft and Meta agree integration deal between Teams and Workplace


Connor Jones

11 Nov, 2021

Microsoft and Meta have announced a partnership that will see features from both companies’ collaboration platforms integrate into one another to allow for cross-platform capabilities.

Formerly known as Facebook Workplace, Workplace by Meta will soon integrate features from Microsoft Teams into its own platform, such as livestreaming Teams video directly into Workplace groups.

The integration goes both ways and it will see certain Workplace content also becoming available to users on Teams.

Workplace will be integrated into Microsoft’s software using an app within Teams which can be pinned to its navigation bar, if a user wishes. Once selected, a Workplace ‘pane’ will become visible to the side of the UI, which can easily be hidden or re-opened.

The move is a significant step for the two platforms the collaboration software market as a whole. With the launch of Workplace by Facebook in late 2016 being closely followed by Microsoft Teams in March 2017, the two platforms were considered rivals in a contested market that had, up until then, been dominated by the likes of Slack.

Although Workplace is pitched as a much more rounded tool for creating company forums, and Teams is better suited for instant collaboration between smaller teams, the two platforms effectively target the same enterprise audience.

“One thing I learned from the pandemic is that companies don’t just rely on one tool to get their work done, so it is our responsibility as leaders in the space to make sure the tools they use integrate and interoperate with each other,” said Jeff Teper, CVP product and engineering at Microsoft Teams.

Users on both platforms will also be able to interact with meetings hosted on the other, such as commenting and offering emoji-driven reactions, without having to swap apps.

Workplace by Meta said Vodafone, Flight Centre Travel Group, and Lockton – three of its customers – have already been trialling the integration. Flight Centre Travel Group said they use Workplace to foster a cross-company community and use Teams for cross-company collaboration, adding that the integration allows staff to access the information they need quicker.

Ujjwal Singh, head of Workplace at Meta, also said the integration had specifically been requested by Workplace customers Vodafone and Accenture, according to CNBC.

“The way our customers end up using it is customers use the complementary features, not the competing features,” he told the broadcaster. “There are customers that are just Workplace shops, and then there are customers that are just Teams shops. This is really for those customers that use both.”

The announcement deepens the partnership between the two companies as they vie for market share in the collaboration space. Workplace already supports integration into Microsoft SharePoint, OneDrive, and the Office 365 suite.

Workplace can also be integrated into Microsoft Azure AD and was named in the top 15 apps used on the platform in 2020. Additionally, Microsoft Teams will become available on Meta Portal starting in December.

The integration comes as a free update which is available to download now, though customers will have to wait until later in 2022 before they can stream meetings and broadcasts from Teams into Workplace.

A third of UK workers are surveilled by employers


Connor Jones

9 Nov, 2021

A third (32%) of UK workers are now being monitored at work using technology like tracking software and remotely controlled webcams.

The issue has worsened over the past six months, when workers being monitored stood at a quarter (24%) of those polled by Prospect.

The sharp increase comes amid a huge jump in webcam monitoring, with 13% of homeworkers currently being surveilled by their employer through their work-issued device. The figures have more than doubled in the past six months as just 5% of workers were monitored via video in April 2021.

The vast majority of those questioned thought the use of webcam monitoring by employers should either be banned (52%) or regulated (28%). Just 8% of employees reported feeling that employers should be able to monitor their webcam’s image at will.

Younger workers are thought to be particularly at risk of higher rates of monitoring by employers. Defined by an 18-34 age bracket, 48% of younger workers are believed to be monitored at home by employers, including 20% of those being monitored using a camera.

The latest findings have prompted Prospect to launch a campaign to help drive unionisation in the tech sector as it is affected by the recent upward home surveillance trend due to high levels of remote working and low levels of trade union membership.

Home surveillance will be investigated alongside other issues affecting the industry such as a culture of working long hours, workplace discrimination, and pay.

“We are used to the idea of employers checking up on workers, but when people are working in their own homes this assumes a whole new dimension,” said Mike Clancy, general secretary at Prospect. “New technology allows employers to have a constant window into their employees homes, and the use of the technology is largely unregulated by government.

“We think that we need to upgrade the law to protect the privacy of workers and set reasonable limits on the use of this snooping technology, and the public overwhelmingly agree with us. Prospect’s new tech workers sector will be campaigning on this issue and other issues affecting tech workers, and I encourage any workers who are worried about monitoring to join Prospect and support our campaign.”

The Information Commissioner’s Office (ICO) is currently reviewing guidance for employers on the use of technologies such as employee monitoring.

“People expect that they can keep their personal lives private and that they are also entitled to a degree of privacy in the workplace,” said an ICO spokesperson to IT Pro. “If organisations wish to monitor their employees, they should be clear about its purpose and that it brings real benefits. Organisations also need to make employees aware of the nature, extent and reasons for any monitoring.

“We are currently working on updating our employment practices guidance to address the changes in data protection law and to reflect the new ways employers use technology and interact with staff.”

Workplace monitoring saw a steep rise over the course of the pandemic which saw the nations’ workforce largely adopt a work from home policy.

Some business managers report using the technology to ‘feel closer to their workforce’ and have reported using the tools for good, offering bonuses and promotions for demonstrably good work.

Questions around the privacy and ethical issues of the technology’s use remain, however. Jim Killock, executive director at Open Rights Group, said to IT Pro: “employers think they have a free pass to monitor as they like, but they do not. They have to consider and consult about the impacts on workers, whose dignity and interests must be preserved. Employers are required to be transparent and accountable.

“The government plans to scrap such restraints in their current GDPR consultation, but people should get on and use their rights,” he added.

The sentiment is echoed by Chi Onwurah, MP and shadow digital minister, who said: “This deeply worrying research shows just how anxious many people are about the use of invasive surveillance whilst they work. Ministers must urgently provide better regulatory oversight of online surveillance software to ensure people have the right to privacy whether in their workplace or home.

“The bottom line is that workers should not be subject to digital surveillance without their informed consent, and there should be clear rules, rights and expectations for both businesses and workers,” she added.

Microsoft is ending OneDrive desktop support on older Windows versions


Connor Jones

8 Nov, 2021

Microsoft is ending support for the OneDrive desktop application for users of older Windows versions starting in 2022.

Updates for the personal version of the application will cease on 1 January 2022 for anyone still using Windows 7, 8, and 8.1.

Microsoft suggests upgrading to a newer version of its operating system (OS) to keep the same secure experience, according to a blog post making the announcement.

OneDrive for business users will receive support for the desktop application aligned with the respective support lifecycles of the OS their devices run. 

Windows 7 and Windows 8.1 users will see extended support until 10 January 2023, while Windows 8 reached the end of support on 12 January 2016.

All personal OneDrive applications will stop syncing to the cloud on 1 March 2022 as Microsoft appears to be making the next step towards shifting its users to newer versions of Windows. 

All files stored locally on the OneDrive desktop app will remain accessible in the app however, users will either have to upgrade to a newer OS or upload their files via OneDrive for web in order to sync files to the cloud.

Mainstream support ended for Windows 8 in 2016, Windows 8.1 two years later in 2018, and Windows 7 in 2020 – the more popular of the three versions.

Microsoft announced earlier this year, ahead of the Windows 11 launch announcement, that Windows 10 will also be going ‘end of life’ in 2025.

Currently, the most popular OS used worldwide, Windows 10 has just a few years of security updates left before the 14 October 2025 end date.

Windows 11 launched on 5 October 2022 with a new look and strong UI improvements, such as better window management. Experts said at the time there was a strong likelihood that businesses will be slow to adopt the new OS – perhaps taking a year or longer – due to concerns over availability and app compatibility. 

Microsoft unveils Defender for Business at Ignite 2021


Connor Jones

2 Nov, 2021

Microsoft has announced a brand-new security suite designed specifically for the threats faced by small and medium-sized businesses (SMBs).

Microsoft Defender for Business was announced at Microsoft Ignite 2021 today and it will aim to bring what Microsoft is calling its “enterprise-grade endpoint security” found in Microsoft Defender for Endpoint and optimising it for companies with 300 employees or fewer.

Entering public preview later this month, it will be available as a standalone product for businesses to purchase at a rate of $3 (£2.20) per user, or alternatively the new tools will be available as part of a Microsoft 365 Business Premium subscription.

Specifically designed to protect businesses against malware and ransomware across Windows, macOS, iOS, and Android devices, Defender for Business will have the following features:

  • Threat and vulnerability management: allows customers to build a secure foundation by identifying and addressing software vulnerabilities and misconfigurations
  • Attack surface reduction: Using capabilities such as ransomware mitigation, application control, web protection, network protection, network firewall, and attack surface reduction rules, SMBs’ attack surface can shrink
  • Endpoint detection and response (EDR): Behavioural-based detection and response alerts allowing SMBs to identify persistent threats and remove them from their environments
  • Automated investigation and remediation: reduces alert volume and remediates threats. SMBs can automate Defender for Business to carry out tasks automatically, allowing them to prioritise the most important tasks
  • APIs and integration: allows SMBs to automate workflows and integrate security data into their existing security platforms and reporting tools

IT managed service providers will also have the option to use Microsoft Defender for Business with Microsoft 365 Lighthouse, applying the product’s endpoint security production for multiple customers as they monitor security events with a multi-customer view.

“Small and medium businesses will be empowered to elevate their security by moving from traditional antivirus to next-gen protection, endpoint detection and response, and threat and vulnerability management – all while taking advantage of simplified setup and management,” said Microsoft on the announcement.

According to Microsoft’s own research, almost 60% of SMBs report not feeling adequately equipped to contend with today’s ever-widening cyber security threat landscape, citing insufficient resources and a lack of specialised security skills as the reason. 

Microsoft said Defender for Business requires no specialist knowledge in order to install and manage effectively. It has a wizard-driven set-up and it will recommend security policies out of the box to expedite the process.

Among Microsoft’s myriad Ignite 2021 announcements, on the security side of things Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) has added a new
application governance capability which is generally available as of today. It aims to help identify and alert the customer to risky behaviour across data, users, and applications.

Defender for Cloud also received an update to multi-cloud environment control. Customers can now secure Azure and Amazon Web Services (AWS) environments from one place, giving users the same experience as they would find in AWS Security Hub.

Google and Microsoft smash estimates on strong cloud growth


Connor Jones

27 Oct, 2021

Google and Microsoft reported their latest quarterly earnings on Tuesday with cloud services and hybrid work proving a boon for both tech giants. 

Microsoft announced that for Q1 2022, it recorded $45.3 billion (£32.9 billion) in revenue, an increase of 22%, while profits were also up an impressive 48% at $20.5 billion (£14.9 billion).

Google’s Q3 2021 earnings revealed a continuation of its long-running track record of smashing revenue figures year after year. It amassed reveue of $65.1 billion (£47.4 billion) for the three month period, which represents a a 41% increase compared to Q3 in 2020 which stood at  $46.1 billion (£33.5 billion).

Following the earnings announcement, Google’s share price soared just shy of 18 points (0.65%) while Microsoft enjoyed a similar increase of 0.64%.

Commenting on the news, Sundar Pichai, CEO at Alphabet and Google, said: “Five years ago, I laid out our vision to become an AI-first company. This quarter’s results show how our investments there are enabling us to build more helpful products for people and our partners.

“Ongoing improvements to Search, and the new Pixel 6, are great examples. And as the digital transformation and shift to hybrid work continue, our Cloud services are helping organisations collaborate and stay secure.”

Satya Nadella, CEO of Microsoft, said: “Digital technology is a deflationary force in an inflationary economy. Businesses – small and large – can improve productivity and the affordability of their products and services by building tech intensity.

“The Microsoft Cloud delivers the end-to-end platforms and tools organisations need to navigate this time of transition and change.”

One commonality from both companies’ earnings is that cloud services drove figures higher, and in Google’s case, much higher than ever before.

Google generated an additional $1.5 billion (£1.09 billion) revenue for Google Cloud this quarter compared to Q3 2020 with a total $4.9 billion (£3.5 billion). That said, Google Cloud is still operating at a loss with income down $644 million (£469.06 million) – quite a considerable drop and a bigger loss than last quarter which stood at $591 million (£430.6 million). Though the figures are improving year-on-year as Q3 2020’s losses stood at $1.2 billion (£874.6 million).

“With more than 40% year over year growth, Google experienced a huge jump, and one that even surpassed Wall Street’s original forecast,” said Anthony Denier, CEO at trading platform Webull.” The company’s earnings per share grew 71% year over year to $27.99 (£20.38) – way past the original estimate of $23.48 (£17.10).”

Microsoft’s cloud revenues continued to impress investors with Intelligent Cloud up 31% to $17 billion (£12.3 billion) while revenue from server products and cloud services increased 35%, driven by a business-leading revenue growth rate of 50% thanks to Azure and other cloud services.

Consumer and business Office services also enjoyed a strong quarter, factoring into rising cloud revenues too. Office Commercial products and cloud services revenue increased 18%, largely driven by the 23% revenue growth of Office 365 Commercial. Office Consumer products and cloud services revenue increased 10% with consumer subscribers increasing to 54.1 million.

Other strong areas for Microsoft included LinkedIn revenue which increased 42% and Windows OEM revenue which increased 10%. Google reported consistently better results across most corners of the business. Search revenue was up to $37.9 billion (£27.6 billion) this quarter, a staggering $11 billion (£8 billion) increase year-on-year.