All posts by Danny Bradbury

GoDaddy data breach exposes over 1.2 million customer details

Danny Bradbury

23 Nov, 2021

Hosting company GoDaddy has said that around 1.2 million users have been affected by a data breach on its managed WordPress hosting service.

The hack is said to have exposed email addresses, customer numbers, administrative login credentials, and in some cases SSL private keys.

The hosting company discovered that an intruder had gained access to its managed WordPress hosting environment on Nov 17, it said in a filing with the SEC. The intruder used a stolen password to access the provisioning system for the service.

Up to 1.2 million active and former users of the company’s managed service had their email addresses and customer numbers exposed, the company said, raising the possibility of further phishing attacks to come. The original administrative passwords for the managed WordPress accounts were also available to the hacker, putting the accounts themselves at risk if the credentials were still in use.

Also exposed were sFTP and database usernames and passwords, and an undisclosed number of users also had their SSL private keys exposed.

GoDaddy discovered that the intruder had been inside the system since September 6, meaning that the hacker has had access to the data for over two months. It worked with a forensics company upon discovering the incident, and has taken steps to safeguard its systems, including changing original administrative passwords that were still in use, resetting sFTP and database passwords, and installing new digital certificates for affected customers.

“We are sincerely sorry for this incident and the concern it causes for our customers,” the company said in its filing. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

In 2017, the company revoked thousands of SSL certificates after issuing them without proper checks and authorization. In January 2019, an independent researcher found a vulnerability in its process for handling DNS change requests that enabled hackers to hijack domains and create phishing campaigns. It also notified customers of a hack that exposed SSH login details in the same year.

Supreme Court denies Oracle appeal over JEDI contract

Danny Bradbury

5 Oct, 2021

The US Supreme Court has denied Oracle‘s petition against the Pentagon’s vendor selection for the Joint Enterprise Defense Infrastructure (JEDI) contract. 

The petition, filed in January 2021, followed the failure of Oracle’s legal appeal in federal court. After Microsoft won the JEDI contract, Oracle argued the awarding of the contract to a single source was unlawful according to Congressional restrictions on single-source awards. 

The company also accused federal circuit courts of taking a hands-off approach when evaluating the complaint and said several Pentagon officials had conflicts of interest concerning Amazon, which also bid on the project. 

“Federal contracting is rife with potential corruption, and nowhere is that truer than in defense procurements,” its petition concluded. “Each year, billions of dollars of governmental contracts are tainted by the misconduct of agency personnel.” 

The rejection was a foregone conclusion given the Pentagon scrapped the $10bn project following another protracted legal fight. Amazon challenged the Microsoft win twice, alleging political interference by then-president Donald Trump, who had a long-standing grudge against Amazon’s CEO, Jeff Bezos. The contract was crippled after AWS won its legal battle. 

The Department of Defense decided to divide the work on future cloud computing systems between multiple bidders. Changing technical needs played a large part in the decision to scrap the project, said Pentagon officials in July, citing new initiatives like the Joint All-Domain Command and Control (JADC2), which will be a single network connecting sensors from all the military services. 

JEDI’s successor is the Joint Warfighter Cloud Capability (JWCC), which will involve multiple cloud service providers. The Pentagon will consider both AWS and Microsoft. It said these were the only two providers that could meet its requirements. 

The federal circuit court had said that the original decision to award JEDI to a single vendor had not affected Oracle, which would not have been considered under a multi-vendor award. 

Oracle launches free cloud training

Danny Bradbury

9 Sep, 2021

Oracle is offering free worldwide training and certification in its Oracle Cloud Infrastructure. Learners now have free access to the company’s entire learning curriculum across all skill levels. 

The training catalog includes courses at all levels across a range of IT roles, the company said. It includes preparation courses and practice exams to prepare people for testing and gives learners access to live sessions and personalised feedback. Career resources will also help people to secure jobs with their Oracle Cloud Infrastructure skills. 

The online courses are available on demand in 13 languages. They include hands-on labs so learners can test their skills in a simulated production environment. 

While the cloud training is available at no cost indefinitely, there is a time limit on the free certification. Learners can only get certified from the Oracle University for free until December 31. 

Launched in 2016, Oracle Cloud Infrastructure is the company’s cloud computing service. It offers infrastructure, platform, and software as a service (SaaS) options. It also offers Oracle Data Cloud, which offers analytics services. 

The company’s cloud service hasn’t seen the same traction as its competitors. Gartner placed the company in the “niche players” section of its latest public cloud infrastructure magic quadrant behind Alibaba Cloud. Google, Microsoft, and Amazon Web Services sat in the “leaders”’ section. Synergy Research Group placed the company eighth in market share terms based on its Q2 2021 research.

Oracle also lost its bid for the Pentagon’s since-disbanded JEDI cloud computing contract. 

Last year, German company Union Asset Management AG sued the software giant for allegedly misleading the market on its cloud revenues and bullying customers into cloud migrations with a strategy called Audit, Bargain, Close. 

This isn’t the first time Oracle has run free training. It also offered free Oracle cloud courses in spring 2020. 

IBM launches SASE services

Danny Bradbury

26 Aug, 2021

IBM has unveiled a set of secure access service edge (SASE) solutions to help customers secure complex distributed work environments. 

SASE is a concept first articulated by Gartner in a 2019 white paper. It combines security and SD-WAN in a cloud-based approach designed to embed security directly into the network. This enables companies to apply security policies in the cloud that govern users no matter where they are. 

Because the network and security are software-defined, administrators can manage them programmatically, making it easier to update these policies across the organisation. 

IBM Security Services for SASE is an end-to-end offering covering strategic consulting, design and integration, and application onboarding. It also encompasses a set of managed security services in the cloud to protect user sessions and data, such as secure web gateways, cloud-based firewalls, cloud access security broker services and data loss prevention. 

Zero-trust security is another big component of SASE. This part of the solution removes implicit trust for people that access the network and verifies their identity when accessing resources inside the company’s infrastructure. Zscaler, with which IBM partnered in May, will provide the zero-trust functionality for IBM’s SASE portfolio. 

IBM sees potential for its SASE services in areas such as hybrid workforce access, contractor and third-party access, and edge computing scenarios. It can also help to secure businesses undergoing mergers and acquisitions, the company said. 

IBM commissioned a study from Forrester to support its SASE roll-out, and it found 60% of companies lacked a clear security strategy spanning their entire cloud deployment.

Most companies (70%) found it challenging to implement centralised security controls across multi-cloud environments, while almost two-thirds found it difficult to secure their remote and in-office employees across multiple devices and locations. 

Managed edge services market primed for growth

Danny Bradbury

24 Aug, 2021

IDC has predicted a bright future for the managed edge computing services market as multiple drivers compel businesses to rethink their computing architectures. 

The market research company forecasts worldwide revenues of $445.3 million for the managed edge services market this year, up 43.5% compared to 2020. This positive trend will continue until at least 2025, with a compound annual growth rate of 55.1% during that period. 

Managed edge services are low-latency services that process data near the edge of a network, closer to where it is consumed and produced. Services in this emerging market range from content distribution through to edge application hosting and real-time data analytics

IDC has identified three types of managed edge services environments. On-premises or private deployments located at the customer’s facilities, such as production plants or health care facilities, will be the fastest-growing use case with a five-year CAGR of 74.5%. An example might be augmented reality services or industrial automation.

Service provider deployments in a public cloud service or telco’s premises will enjoy the second-fastest growth. IDC added that this use case will involve fixed and mobile deployments and would be significant for sector-specific applications. It expects a CAGR of 59.2%, making it the largest market segment by next year. 

Finally, IDC singled out content distribution network (CDN) services as a specific use case. CDNs will continue to refine their services with new edge technologies. IDC expects more personalized and interactive media experiences from the CDN managed edge services segment, enjoying a 41.9% CAGR over five years. 

A key driver for the deployment of managed edge services is the need for process efficiencies. Analysts also pointed to new consumer applications, such as augmented and virtual reality

Data sovereignty and security measures will also be big drivers as companies strive to maintain regulatory compliance while pursuing better customer experiences. 

5G will also play a big part in managed edge services, the company said. Cloud service providers will partner with 5G infrastructure companies — typically telcos. Data center operators will also be eager to participate, as will network equipment vendors and software companies. 

Salesforce launches a new streaming TV service, Salesforce+

Danny Bradbury

11 Aug, 2021

Salesforce is launching a streaming business TV service called Salesforce+ that will roll out as part of its Dreamforce conference in September. 

The company is designing the service on the digital content models used by companies like Netflix and Peloton but aimed at a business audience. The content will initially be created entirely using its internal team, under the brand name Salesforce Studios. Over time, though, it hopes to encourage more community content.

“The people watching Disney+, the people watching ESPN+, are the same people watching Salesforce content in a business setting, so why wouldn’t we follow that sort of direction? That’s really the genesis of this idea,” explained the company’s senior VP of brand marketing Colin Fleming in an interview about the new service. 

The initial Salesforce+ content features new shows and content the company has already produced and distributes through its YouTube channel. One example is its 70-episode-strong Leading Through Change series, which launched in March 2020. 

Other content on the service will include Connections, which features innovations with marketing executives from different companies, and a career advice series called Boss Talks. Another show, Simply Put, will be a short form program featuring simple explainer videos for complex business topics. 

The initiative will be the conduit for the company’s Dreamforce event next month, which moved online last year due to the pandemic. The event will be mainly online this year, with in-person attendance by invitation only.

Salesforce+ Dreamforce coverage will feature four broadcast channels with a combined 100 hours of initial content: Prime Time, Trailblazer, Customer 360, and Industries. 

Prime Time will feature news announcements and customer case studies. Trailblazer will feature interviews with industry leaders and previews of Salesforce products. The Customer 360 and Industries channels will feature more case studies and innovation stories. 

The company added that viewers would be able to customize their content into collections focusing on different topics, such as artificial intelligence (AI) and financial services. They will also be able to ask questions via the platform and get live answers from presenters during the Dreamforce event.

Salesforce enhances cloud-based health care offering

Danny Bradbury

10 Aug, 2021

Salesforce has expanded Health Cloud, its cloud-based service for health care organisations, with several new features targeting remote patient management and data protection. 

The company has added four enhancements to Health Cloud. The first addition, remote patient exception monitoring, harvests data from connected health care devices and presents it in a single dashboard interface targeting care coordinators. 

Metrics displayable in the dashboard include heart rate and blood glucose levels. This will enable health care workers to better understand patient conditions without needing physical visits, Salesforce said. 

Salesforce’s new appointment management feature suggests remote and in-person appointment times for patients. Users can select available appointment types and times via any device, and the system can also offer pre-appointment questionnaires to help gather the necessary data ahead of the appointment. 

The cloud service provider says this will reduce no-shows and administrative costs incurred through manual back and forth with human schedulers. 

The third new feature, medication management, tackles the management of medication lists. Many clinics still use manual, paper-based systems to track patient medication, making it difficult to monitor medication adherence, Salesforce said. 

Targeting pharmacies, small clinics, and retail outlets, medication management will reduce the administrative overhead of tracking patient medication lists. The service will also integrate with RXNorm, a system that standardises naming conventions for generic and brand name drugs in the US. 

The final enhancement focuses on regulatory compliance and helps in-home patient care companies protect patients’ health information. Salesforce is certifying Salesforce Maps, B2C Commerce, and Order Management services as compliant with the US government’s HIPAA health care privacy regulations. 

This certification gives mobile health care workers access to sensitive patient data on the move via Salesforce Maps while staying compliant with regulations, the company said. It also enables companies, including retail health locations and pharmacies, to set up e-commerce stores dealing with sensitive patient orders via HIPAA support in Salesforce B2C Commerce and Salesforce Order Management. 

Microsoft suspends Windows 365 trials

Danny Bradbury

5 Aug, 2021

Microsoft has suspended its Windows 365 trial just a day after launch due to heavy demand. 

In a tweet, the company said it was experiencing “significant demand” for the service, which offers easy-access virtual desktops in the cloud accessible via a browser or Microsoft’s Remote Desktop application. It added it reached capacity for Windows 365 trials. 

This morning, Scott Manchester, director of program management for Windows 365, added that the company saw an “unbelievable response.” People should still sign up for the service to be notified when it resumes, he added. 

Microsoft announced Windows 365 on July 14 and took it live Monday, August 2, providing an easy way for smaller businesses to access virtual Windows desktops in the cloud. The service runs on a virtual machine Microsoft calls a Cloud PC, which is available in various configurations up to eight cores with 32GB of RAM. 

Windows 365’s Business Edition is configurable using a self-service portal, and the Enterprise Edition is configurable using Microsoft’s Endpoint Manager tool. The latter also features integrations with Azure Active Directory and Defender for Endpoint. 

Microsoft already offers a desktop as a service (DaaS) option in Azure Virtual Desktop, which the company used to call Windows Virtual Desktop. However, Microsoft sells this on a consumption-based pricing model, plus it’s more complex to administer. Windows 365 is available for a flat monthly fee.

Initial reactions to the service were mixed. “I’ve just had it for a day but it’s already been useful,” tweeted one user in response to Manchester. “Full coding on my iPad.” 

Another user was less impressed. “Is this why my Cloud PC refuses to reset? I’ve been waiting 30 hours for it to reset and no one from support has answered me,” they said. 

It’s still early days for Windows 365, which will receive more features over time. Microsoft promised support for offline working, along with potential GPU options for Cloud PC power users.

MuleSoft buys automation company Servicetrace

Danny Bradbury

3 Aug, 2021

Salesforce-owned MuleSoft has announced it will buy robotic process automation (RPA) company Servicetrace for an undisclosed amount.

The acquisition will complement MuleSoft’s application composition platform, explained executives.

MuleSoft sells Anypoint, an application programming interface (API) development platform for building reusable connections between applications and data so developers can compose applications more easily. Salesforce acquired MuleSoft in 2018.

Servicetrace offers the XceleratorOne RPA tool. RPA helps companies to automate manual processes by copying human activities, cutting down on manual labour and human error.

The Servicetrace tool enables companies to identify processes that would benefit from RPA and model them for automation. Servicetrace says that the tool can automate long, complex processes and connect artificial intelligence (AI) solutions for automated decisions. It also organises those automations across a company and enables managers to assess the return on investment from automated processes.

The RPA product will integrate with Salesforce’s Einstein Automate solution, which already handles automation tasks for the company’s clients.

“Our platform makes it easy to unlock and integrate data from anywhere — wherever it resides — and manage, monitor, secure, and govern that data at scale,” said MuleSoft CEO Brent Hayward in an announcement.

MuleSoft will now also make it easy for line of business and knowledge workers to automate business processes and dramatically increase efficiency and speed.”

Servicetrace also offers automated software testing tools and application performance monitoring tools that use bots to monitor users’ experience across complex software architectures.

The acquisition will close by the third quarter of Salesforce’s fiscal year, ending October 31, 2021.

IBM snaps up DevOps services specialist BoxBoat

Danny Bradbury

9 Jul, 2021

IBM is acquiring DevOps consulting company BoxBoat Technologies as part of an ongoing effort to bolster its cloud software capabilities.

BoxBoat was founded in 2016 to help create strategies for container-based software development. It advises companies on how to build software development pipelines for cloud-native applications and on how to convert existing applications for container-based environments, and offers a range of training services to support this.

This is the latest acquisition in IBM’s push to establish dominance in the cloud software development space, which has seen it invest heavily in Kubernetes-based container infrastructure, on which many modern cloud applications depend.

IBM has said it will fold BoxBoat into its Global Business Services unit to bolster its hybrid cloud portfolio, focusing on container strategy and services. The deal’s value has not been disclosed.

One of BoxBoat’s focal areas is increasing the security of DevOps processes and has spent time recently addressing software supply chain security following the SolarWinds attack. Security experts are increasingly worried about adversaries compromising software development processes and inserting malicious code into software before it is deployed.

BoxBoat has been working closely with the Cloud Native Computing Foundation (CNCF) on its Secure Production Identity Framework for Everyone (SPIFFE) project. This is an open-source initiative that assigns secure identity certificates to cloud workloads, making it easier for microservices to authenticate with each other securely in the cloud.

The company also works with another Linux Foundation initiative called in-toto, to help secure DevOps pipelines from intruders who might try to compromise software in development.

BoxBoat has parlayed some of this work on third-party software security into a contract with the US Department of Defense under its Small Business Innovation Research (SBIR) initiative to help secure software supply chains.

This is the latest acquisition in a series for IBM, which acquired Red Hat in 2019 for $34bn. More recently, it acquired cloud implementation services company Nordcloud in a December deal that closed in Q1 2021. It also bought cloud managed services provider Taos a month later.