All posts by Keumars Afifi-Sabet

Facebook launches Portal for Business

Keumars Afifi-Sabet

22 Sep, 2021

Facebook has unveiled a Portal for Business device management suite that allows businesses to deploy and oversee a fleet of Portal devices across their business. 

Aimed primarily at small and medium-sized businesses (SMBs), Portal for Business allows organisations to manage Portal+ devices across their workforce, so users can collaborate, communicate and manage workflows on a separate display to their workstations.

With this service, IT admins can manage devices that have been set up by employees who have access to Portal for Business. The platform allows them to deploy and manage the hardware, control work accounts, manage device settings, check device status and reboot devices remotely, regardless of where the workforce is based.

Portal is a family of smart displays that launched in 2018 as a means for people to engage in video calls independently of their PCs, laptops or tablets. Portal for Business represents an evolution into the realm of productivity, with Portal complementing Facebook’s existing Workplace collaboration suite.

However, from December, Facebook is also adding support for Microsoft Teams for all Portal devices, in a bid to entice more prospective customers, and entire organisations, who don’t buy into Facebook’s core collaboration platform. This also hints at more integrations with third-party services later down the line.

The expansion of Facebook Portal into the productivity sphere comes alongside two new additions to the hardware family, including Portal Go and Portal+. 

Portal Go is a 10in portable system that’s designed for people who move around their home or workspace frequently. This includes a 12MP camera and an ultra-wide field of view, as well as doubling as a portable speaker.

The 14in Portal+ device, meanwhile, features a 12MP smart camera with an ultra-wide field of view alongside stereo speakers. Facebook is touting this iteration as the ideal workplace companion to dial into work calls, take notes, view a presentation or multitask, aided by the fact this display is larger than many conventional business notebooks.

Facebook’s launch of Portal for Business comes only shortly after it announced its Horizon Workooms hybrid work virtual reality (VR) product, which involves distributing Oculus headsets to a team and beaming them into a digital office. 

This is quite different, however, from its latest Portal hardware and SMB service, which rather resembles Zoom’s strategy of releasing hardware and services so users can build the ‘ultimate home office’.

Nutanix and Citrix forge partnership over hybrid work technology

Keumars Afifi-Sabet

22 Sep, 2021

Nutanix and Citrix are joining forces to provide both the infrastructure and software to support customers as they transition to hybrid working arrangements.

The two companies will offer secure, on-demand and elastic access to apps, virtual desktops and data across all kinds of devices, from any location, and at any scale, Citrix and Nutanix have announced. 

This partnership sees Nutanix providing hyperconverged infrastructure (HCI) with the virtualisation firm Citrix bringing desktop as a service (DaaS) and virtual desktop infrastructure (VDI) deployments to the table. 

Under the agreement, Nutanix will become a Citrix preferred choice for HCI hybrid and multi-cloud deployments through the Nutanix Cloud Platform. This will support Citrix’s Virtual Apps and Desktops services on top of these cloud environments, with customers able to take advantage of Nutanix’s HCI, whether on-prem or in the public cloud.

Citrix will, in turn, become the preferred enterprise end-user computing system on the Nutanix Cloud Platform. Citrix Virtual Apps and Desktops, which is part of the flagship Citrix Workspace productivity suite, allows businesses to access their systems, information and tools in a singular experience, with contextual security policies layered on top. 

The two companies claim that customers will be able to take advantage of a unified digital workspace platform that delivers both applications and security, as well as IT efficiency and productivity across a variety of sectors.

This venture means Citrix and Nutanix are the latest firms to attempt to enact a hybrid work strategy in the products and services on offer. This effort sees the companies throwing their weight behind desktop as a service (DaaS) and virtual desktop infrastructure (VDI) as a means for workers to access essential tools and services in a secure manner across all kinds of environments, including the office, the home, and otherwise.

In the delivery of these services, Citrix and Nutanix will also collaborate on go-to-market programmes and enablement, as well as product roadmaps and customer support.

Earlier this month, both Google and Microsoft independently announced their own hybrid work products through a reconfiguration of their core Workspace and Teams platforms.

Facebook, too, is trying to tackle hybrid work through its Horizon Workrooms virtual reality (VR) experience, which beams workers into a cartoonish office-type environment where they can socialise and collaborate with their colleagues.

Citrix mulling potential sale after tumultuous 2021

Keumars Afifi-Sabet

15 Sep, 2021

Citrix is considering finding a buyer for itself to rejuvenate its fortunes after a shaky 2021 in which its share price has fallen to levels not recorded since mid-2019.

The virtualisation and workplace collaboration software firm is working with advisers to consider the benefits and drawbacks of selling itself, according to Bloomberg, with plans to approach potential buyers within weeks.

A final decision hasn’t been made on whether to proceed with a sale, regardless of whether the company finds a buyer, however. Citrix might also yet remain a standalone firm.

The firm has, in recent months, struggled to capitalise on a catalogue of successes over the last couple of years, with share prices dropping sharply in April 2021. Citrix encountered supply chain issues in the first three months of the year, which led to the company missing its revenue targets

These supply chain issues affected hardware shipments and the company also generated a lower-than-expected duration of on-premise licenses. This is despite the company handling a much higher demand for its software and services during the pandemic than Citrix otherwise would have expected.

Exemplifying this decline was the fact its flagship Workspace suite of tools and services recorded declining year-on-year revenues of 11%, while its app delivery and security revenues also fell by 6% against the first three months of 2020.

It was a similar story for the second quarter of the year, with shares falling further thanks to a “mixed” financial performance. CEO David Henshall pinned these difficulties on “sales execution challenges” caused by complexity in managing a rapid transition to the cloud among customers while managing different license model types.

The company has also had to endure a rocky few months due to a string of security issues, most notably in May 2019 in which an attack saw hackers seize 6TB of sensitive data. Since then, there have been a number of minor incidents, with cyber criminals taking advantage of flaws in Citrix systems.

The potential move comes after Elliot Management recently took more than a $1 billion stake in Citrix, as of last week, according to the Wall Street Journal (WSJ).

The firm has previously explored the option of selling itself in 2017, Bloomberg adds, although discussion with potential buyers stalled at the time due to differences in opinion over the valuation of the company.

Citrix has yet to respond to CloudPro’s request for comment. 

Intuit eyes SMBs with $12 billion Mailchimp acquisition

Keumars Afifi-Sabet

14 Sep, 2021

Intuit has agreed to purchase global customer engagement and marketing platform Mailchimp for $12 billion as it sets to cement its market position among small businesses.

Intuit and Mailchimp will combine their respective technologies to build an end-to-end customer growth and engagement platform for small and medium-sized businesses (SMBs), the company said. 

Founded in 2001, Mailchimp began offering email marketing services and has now evolved into a major name in customer engagement and marketing automation with AI-driven tools and services. Intuit, meanwhile, is most well known for its QuickBooks small business accounting software.

A unified platform between these two entities would allow customers to get their business online, market their business, manage customer relationships, benefit from analytics, get paid, access finance, optimise cash flow and remain compliant. This is alongside access to expertise the firm will provide in the form of a services offering.

Through this joint platform, SMBs can also combine customer data from Mailchimp and purchase data from QuickBooks to gain insights that can be used to grow their businesses.

“We’re focused on powering prosperity around the world for consumers and small businesses. Together, Mailchimp and QuickBooks will help solve small and mid-market businesses’ biggest barriers to growth, getting and retaining customers,” said Intuit CEO Sasan Goodarzi.

“Expanding our platform to be at the centre of small and mid-market business growth helps them overcome their most important financial challenges. Adding Mailchimp furthers our vision to provide an end-to-end customer growth platform to help our customers grow and run their businesses, putting the power of data in their hands to thrive.”

The firm has committed to another large-scale acquisition only months after completing its $8.1 billion purchase of Credit Karma, a startup with 110 million members. This firm offers financial services, including credit and loan comparison, alongside free credit score tracking. 

Intuit was mostly intrigued by the firm’s reach, according to Forbes, as it embarked on its vision to expand among smaller businesses.

The Mailchimp acquisition allows Intuit to build on these ambitions, given the company’s own global customer reach comprising 13 million users. Intuit will also benefit from taking over 2.2 million daily AI-driven predictions.

As part of its ambitions to target SMBs with a unified platform, the firm has embarked on an acquisition spree in recent years, also purchasing OneSaas in February and TradeGecko in August 2020.

Intuit expects the Mailchimp acquisition to close during the second quarter of the 2022 fiscal year, with the deal subject to standard regulatory hurdles.

WhatsApp activates end-to-end encrypted cloud backups

Keumars Afifi-Sabet

13 Sep, 2021

Facebook is launching end-to-end encryption protection for WhatsApp users who want to back up their chat histories to the cloud.

The firm has devised an entirely new system for encryption key storage that means end-to-end encrypted backups will be protected with a randomly generated 64-character encryption key. 

The firm’s two billion users will be able to benefit from this optional feature on their primary devices when it launches in the coming days.

“For years, in order to safeguard the privacy of people’s messages, WhatsApp has provided end-to-end encryption by default ​​so messages can be seen only by the sender and recipient, and no one in between,” said WhatsApp software engineer managers, Slavik Krassovsky and Gabriel Cadden. 

“Now, we’re planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well.

“People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services. But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.”

All users can activate this method of backup to secure their accounts either with the key directly, or with a user password. If users choose a password, the key is stored in a Backup Key Vault that’s built on a component called a hardware security module (HSM). 

When the owner needs to access their backup, they can access it with the encryption key, or use their password to retrieve their key from the HSM-based vault. 

The vault enforces password verification and permanently disables the key after a number of failed attempts, however, meaning the backup will be lost forever. WhatsApp itself will only know that a key is being stored in the vault, and not what the key is. 

WhatsApp isn’t the first company to enforce end-to-end encrypted backups, with Apple enforcing encryption on iCloud backups.

However, the fact Facebook’s messaging service has expanded the level of encryption it uses on its service will likely anger law enforcement agencies across the world which have railed against the technology.

The Five Eyes nations of English-speaking countries, for example, have time after time asked for tech companies to water down or undermine the application of end-to-end encryption in their services. 

The group, for example, handed tech giants an ‘ultimatum’ in September 2018 to voluntarily insert a backdoor for law enforcement into their platforms. They have followed this up with repeated calls for a backdoor, and in October 2020, again, urged companies to implement a backdoor by-design into their services.

US officials warn of “mass exploitation” of Atlassian Confluence flaw

Keumars Afifi-Sabet

7 Sep, 2021

Hackers are exploiting a vulnerability in the on-premise Atlassian Confluence workplace collaboration platform on a massive scale, with businesses urged to patch their systems without delay.

US Cyber Command issued a public notice just before the weekend warning that mass exploitation of the remote code execution flaw tracked as CVE-2021-26084 is “ongoing and expected to accelerate”. 

“Please patch immediately if you haven’t already,” the notice added. “This cannot wait until after the weekend.”

Confluence is a workplace collaboration platform that allows teams to work together remotely on projects or ideas. 

The vulnerability, which is embedded in the Atlassian Confluence Server and Confluence Data Center products, can allow an unauthorised attacker to execute arbitrary code on either of the affected platforms. 

Confluence Cloud, which is hosted on public cloud environments, isn’t affected by the flaw. Rather, the on-premises versions of the product are those susceptible to exploitation.

It’s rated 9.8 on the CVSS threat severity scale out of ten, suggesting it’s highly exploitable. The firm had never publicly revealed the precise exploit mechanisms, though, beyond describing the flaw as a Confluence Server Webwork OGNL injection. This was presumably to avoid fuelling any future attacks before businesses had a chance to apply the fix. 

Atlassian disclosed this vulnerability a couple of weeks ago and urged businesses to patch their systems at the time. However, cyber criminals from around the world have since been detected as scanning for vulnerable systems and launching attacks.

The threat intelligence firm Bad Packets, for example, detected mass scanning and exploit activity from hosts in a number of regions including China and Brazil earlier last week.  

Atlassian previously addressed a serious vulnerability in its system that could allow hackers to compromise user accounts, and control several apps that users can access seamlessly through a single sign-on (SSO) feature.

This latest vulnerability in Confluence is just one of many serious vulnerabilities that have been exploited during 2021, with the rate of successfully abused zero-days surging over the last few months. 

Amazon global hiring spree to add 55,000 new jobs

Keumars Afifi-Sabet

2 Sep, 2021

Amazon is set to add 55,000 new roles to its global workforce, growing the size of its tech and corporate teams by 20% from 275,000 to roughly 333,000.

The firm will make more than 40,000 full-time hires across its corporate and tech divisions in more than 220 locations in the US, alongside tens of thousands of hourly positions in its operations network.

These new jobs will come alongside roughly 15,000 additional full-time hires in countries such as India, Germany, and Japan, according to CEO Andy Jassy, speaking with Reuters.

These new opportunities come after the firm hired 50,000 new workers for full-time and part-time positions in its US-based fulfilment centres and delivery networks, and goes some way to meet Amazon’s pledge to hire 100,000 delivery and operations staff to cope with mid-pandemic demand.

The company previously claimed in May that it would create 10,000 jobs during 2021 in the UK, taking the British workforce to 55,000. These new jobs include roles in its corporate offices in London, Manchester, Edinburgh, and Cambridge, as well as engineering, software development, cloud computing, AI, and machine learning roles.

The 55,000 new positions will be in areas such as engineering, research science, and robotics, Jassy added. These will be newly-created jobs, as opposed to vacancies that have opened up due to existing staff stepping down.

Amazon also announced last year that it would invest $1.4 billion (roughly £1.1 billion) to create 3,500 jobs and open roughly 85,000 square metres of additional office space. These roles were being created for tech hubs in major US cities including Dallas, Detroit, Denver, New York, Phoenix, and San Diego.

Although the firm has generally favoured a full office return, it’s been forced to row back its plans following the recent surge in COVID-19 cases. Its workforce has been offered the chance to spend three days per week in its offices from 2022.

Amazon has announced its hiring spree alongside a careers programme designed to give its workers career coaching sessions and guidance.

A team of recruiters will give advice to prospective new starters on potential opportunities in its logistics network and corporate division. This is alongside preparing prospective employees for tech positions such as engineering and data science.

Pace of government IT spending to slow in 2022

Keumars Afifi-Sabet

31 Aug, 2021

Investment in digital technologies will see global government IT expenditure rise by 6.5% between 2021 and 2022, with total spending expected to hit $557.3 billion (approximately £479 billion) next year.

IT infrastructure and applications modernisation, as well as digital government transformation, are the key areas that are set to fuel government IT spending in 2022, according to Gartner. 

COVID-19 funding packages, too, will drive further investment in digital enablement, including support for sustainable growth, social programmes, education, cyber security and digital inclusion.

“Governments will continue to accelerate investments in digital technologies to respond and recover from the continuing evolution of public health uncertainties due to the COVID-19 pandemic,” said Irma Fabular,  research vice president at Gartner.

“The disruptions caused by the pandemic have also reinforced a key digital government tenet, which is public policy and technology are inseparable.”

Although the total amount of government IT spending will reach new highs, the 6.5% increase represents a slowing down in the pace of growth, given that government IT spending rise by 9.5% between 2020 and 2021.

The rise between this year and next will mostly be driven by a 12% rise in software spending, from $135.6 to $151.9 billion (roughly £98.4 to £110.2 billion). Even this, however, is a slowdown from the 14.9% rise between 2020 and 2021.

The area expected to benefit from the most expenditure is IT services, with $203.9 billion (approximately £147.9 billion) spent in this area in 2022. 

The only area in which the pace of change is set to be faster in 2022 than between 2020 and this year is internal services, which will increase in spending by 2.7% versus 0.3% last year. 

Spending on telecoms services and devices will actually fall by 0.8% and 1.6% respectively between 2021 and 2022. This represents a massive turnaround for spending on devices, in particular, which rose by 17.6% between 2020 and 2021.

Despite the pace of spending falling slightly overall, these overall levels of expenditure still represents a massive commitment from governments across the world to digital transformation and the revamping of IT infrastructure. 

The pandemic has served to boost the pace of digital transformation in the public sector, with Gartner estimating that by 2025, more than half of government agencies will have modernised critical core legacy applications.

Microsoft Exchange Server flaw lets attackers misconfigure mailboxes

Keumars Afifi-Sabet

31 Aug, 2021

A now-patched vulnerability in Microsoft Exchange Server, dubbed ProxyToken, could be abused by an unauthenticated attacker to perform configuration actions on targeted mailboxes.

This latest flaw in the beleaguered platform is tracked as CVE-2021-33766 and is rated 7.3 out of ten on the threat severity scale, and might give rise to the disclosure of personal information if abused.

A hypothetical example of exploitation, according to researchers with the Zero Day Initiative, could lead to an attacker copying all email addresses on a targeted account and forwarding them to an account controlled by the attacker.  

The flaw lies in the Delegated Authentication feature, a mechanism in which the front-end site passes authentication requests to the back-end system when it detects the presence of a SecurityToken cookie.

Because Microsoft Exchange needs to be specifically configured to use the feature and have the backend carry out checks, the module that handles this delegation isn’t loaded under a default configuration. 

This leads to a bypass as the back-end fails to authenticate incoming requests based on the SecurityToken cookie. The back-end will be completely unaware that it needs to authenticate incoming requests, which means requests can sail through without being subject to authentication on either the front or back-end systems.

Microsoft patched this vulnerability as part of its Patch Tuesday round of fixes for July, with no evidence so far that hackers have exploited it.

Businesses will be put on high alert in light of the existence of another Microsoft Exchange Server flaw, however, following the supply-chain attack earlier in the year. 

Hackers linked with the Chinese state exploited four flaws in the platform to launch a series of attacks against potentially hundreds of thousands of victims in March, according to security researchers.

The incident was one of many similar supply-chain attacks during 2021, including the infamous SolarWinds hack towards the end of last year.

Zoom charts course for ‘hybrid’ office return

Keumars Afifi-Sabet

25 Aug, 2021

Zoom is preparing its employees for a return to the workplace on a hybrid basis blending in-person office-based work with remote working.

The company has rejected any notion of returning to the office on a full-time basis, with flexibility a key priority in the formulation of these plans. It’s pertinent given just 1% of staff want a full-time return, with a quarter warning to work from home permanently, and more than half requesting a blend of the two.

Zoom also suggests it won’t rush office reopenings, and won’t do so until any given office space is fitted with personal protective equipment (PPE) and social distancing policies. The company had reopened its office in Sydney this summer but closed it shortly after due to a re-emergence of COVID-19 in the local area.

“There isn’t a one-size-fits-all approach to returning to the office, and we’re listening to our employees to understand their concerns and help guide our plans,” said Zoom CFO, Kelly Steckelberg.

“Any decision we make at Zoom ladders into one goal: maintaining a mutual sense of trust between leadership and employees, as higher trust leads to a happier, more productive workforce. We’re carefully listening and learning, but ultimately, our office reopenings will be one component of a flexible, hybrid approach.”

During COVID-19, Zoom became the poster child for remote working and mid-pandemic communication, with businesses and consumers in equal measure resorting to the video conferencing service to stay in touch.

As the company swelled in reputation and revenue, it began investing in developing its core platform, addressing major security concerns, and building alternative technologies. Recently, for example, the firm announced new hardware that promises more office-style experiences for remote workers, including hosting video conferencing services on a TV.

The company is promoting its own technology and features as allowing it to take this hybrid approach, including the Zoom Rooms Smart Gallery, that’s designed to create an inclusive experience for in-person and remote workers. 

Zoom is the latest tech company to outline its return to work plans, after Google, for example, approved the majority of requests from its staff to work remotely or relocate. LinkedIn, too, has allowed remote working after initially being hesitant

Apple, by contrast, has held a hard stance on hybrid working, requiring its employees to return to the office at least three days per week. Its plans to reopen offices, however, have been delayed due to a spike in COVID-19 cases, with October set as the next date by which the firm will return to the workplace.