SAP is planning to retain a majority stake in the feedback and survey software firm Qualtrics when it makes the subsidiary public, the company has announced.

The data analytics company will be made public through an initial public offering (IPO) in the US less than two years after the German software giant purchased the firm in an $8 billion acquisition. SAP bought Qualtrics just four days before it was set to go public in late 2018.

The purchase arose after SAP sought to boost its cloud portfolio, integrating Qualtrics’ XM Platform, a system for managing core business information, into a single platform. 

«SAP’s primary objective for the IPO is to fortify Qualtrics’ ability to capture its full market potential within Experience Management. This will help to increase Qualtrics’ autonomy and enable it to expand its footprint both within SAP’s customer base and beyond,” SAP said in a statement.

«Qualtrics, which is part of SAP’s cloud portfolio, has operated with greater autonomy than other companies SAP had previously acquired. The founder Ryan Smith and the current management team of Qualtrics will continue to operate the company.”

SAP will trim its ownership of Qualtrics from 100%, although it plans to retain majority ownership of the company, and says it has no intention of spinning off or divesting this interest in the firm. The company’s founder Smith, in addition, plans to be Qualtrics’ largest individual shareholder.

CEO Christian Klein said SAP’s acquisition of Qualtrics has been a success, outperforming expectations with 2019 cloud growth of more than 40%, “demonstrating very strong performance in the current setup”. 

Indeed, Qualtrics’ revenue rose 34% year-on-year in the second quarter of 2020, according to SAP’s financial results, with the segment earning  €168 million (roughly £153,000,000). Many perhaps would naturally question why a change in ownership arrangement is needed at this stage,

Klein added he alongside senior figures including Ryan Smith decided an IPO would provide the greatest chance for Qualtrics to grow its market, as well as explore its own recruitment and acquisition strategies.

SAP would remain Qualtrics most important R&D and go-to-market partner, in line with its continued majority stake in the subsidiary, while giving the company more autonomy to broaden its partner and customer ecosystem.

IBM is developing an in-built security and compliance module for large banks and tech companies using IBM Cloud for Financial Services, giving customers a central hub to manage risks.

The dashboard, which spans infrastructure, platform, data and the developer workflow, allows clients to continuously monitor and enforce security and compliance procedures across multiple workloads to improve cloud security.

Launching in August, the IBM Cloud Security and Compliance Centre builds on the acquisition of Spanugo last month, with the company’s cloud cyber security posture management systems to be integrated into the new product.

The dashboard will take advantage of the acquisition with the capacity for customers to augment the developer workflow with automated security and compliance checks.

This news has come in addition to IBM expanding its reach and collaborations, welcoming BNP Paribas to its customer base of financial institutions, and growing its network of independent software vendors (ISVs) to more than 30 tech companies.

These are providers that have onboarded cloud services and systems to IBM Cloud for Financial Services. This is in addition to a major milestone in IBM’s partnership with Bank of America. 

This collaboration has allowed IBM to establish a set of cloud security and compliance control requirements as the basis for its policy framework. This feeds into the Policy Framework for Financial Services module that allows customers to host key applications and modules with confidence.

«With major financial institutions and technology partners joining our financial services cloud, IBM is establishing confidence within the industry and around the globe that the IBM public cloud, equipped with industry-leading encryption capabilities, is the enterprise cloud for all highly regulated industries, including financial services healthcare, telco, airlines and more,» said IBM Cloud senior vice president Howard Boville.

«IBM is creating a platform with the goal that financial services institutions can address their regulatory requirements, while creating a collaborative ecosystem that helps enable banks and their providers to confidently transact.»

Data protection authorities from across the world have urged video conferencing providers like Zoom and Microsoft to review their privacy, security and data protection policies.

In the wake of many more individuals relying on video conferencing during the COVID-19 pandemic, six data regulators, including the Information Commissioner’s Office (ICO), have set out several principles these firms should dwell on.

Since countries were thrust into lockdown, people have looked to the likes of Zoom and Microsoft Teams, Google Hangouts and Skype, among others, to maintain normality and stay connected in their personal and professional lives.

These companies have been told to urgently review security, privacy-by-design and default, which audiences are using their services, how transparent these companies are over data incidents, and how much control end-users retain.

“We recognise that VTC companies offer a valuable service allowing us all to stay connected regardless of where we are in the world,” the open letter said. It has been co-signed by regulators from the UK, Canada, Hong Kong, Switzerland, Australia and Gibraltar. 

“But ease of staying in touch must not come at the expense of people’s data protection and privacy rights. The principles in this open letter set out some of the key areas to focus on to ensure that your VTC offering is not only compliant with data protection and privacy law around the world, but also helps build the trust and confidence of your userbase.”

Zoom, in particular, has been at the centre of a series of high-profile security shortcomings since it rose to prominence at the start of lockdown several months ago. These issues even led to a handful of organisations and national governments banning use of the platform for video communications. 

The company would argue that it’s well on-course to rectifying these security and privacy shortcomings, taking several measures including rolling out end-to-end encryption and adding server routing controls.

Nevertheless, the six data authorities want companies like Zoom to write back by 30 September to demonstrate how it is taking the principles outlined into account in the design and delivery of their services.

In terms of security, the authorities claim to have observed some worrying reports of security flaws that have led to the unauthorized access of personal data. Security measures, therefore, should be given extra consideration, with providers constantly aware of new security risks and threats. 

One measure they can implement is requiring users to regularly update their platforms to the latest version and reviewing how information is processed by third-parties, including in countries abroad.

Privacy-by-design, meanwhile, should be implemented by adopting the most privacy-friendly settings for users by default, effectively erring on the side of caution. Some examples include clearly announcing new callers and setting video and audio feeds to ‘muted’ on entry.

That video conferencing has become vastly more widespread also means there are many examples of groups and individuals using services that weren’t originally designed for them. This may create new risks, the regulators say. One perfect example of this is Zoom being used for remote teaching, which gave rise to the ‘Zoombombing’ phenomenon.

IT Pro approached the ICO to ask what the next stages of this process may be, and whether there will be any follow-up action should the regulators receive unsatisfactory responses.

Microsoft is investigating reports that Windows 10 is falsely suggesting users who have upgraded to the latest feature update aren’t connected to the internet, despite them experiencing a stable connection.

Bizarrely, this issue, which is being widely reported online, is also causing some desktop apps, such as Cortana and Feedback Hub, to break because these applications believe the device is not connected to the web, according to Windows Latest.

«I am running on Windows 10 Enterprise, Version 2004, OS Build 19041.264,» one user commented. «I recently changed to the Windows Insider Program and updated Windows.

«In the taskbar, the Wi-Fi icon shows No Internet Access, but I have a stable internet connection wirelessly (Ex: I can browse the internet, ping IP Addresses, etc.). Another problem is when I try to open Cortana it also says that I have no internet connection (By the way, I can also open Microsoft’s website).»

The bug manifests as the Wi-Fi icon to the bottom-right of the icon tray incorrectly displaying a ‘No Internet Access’ message. While users are still able to browse the internet, as normal, a host of apps seemingly rely on this status message in order to establish connections, with software such as Spotify and even the Microsoft Store failing to reach their servers. 

Microsoft is aware of the Network Connectivity Status Indicator (NCSI) issue, according to a contract worker posting on a Microsoft forum, but the bug hasn’t yet been resolved. 

Most users experiencing the issue have complained only after upgrading to version 2004, also known as the May 2020 Update. 

This is simply the latest in a string of minor, and major, issues that have arisen after Microsoft first launched its major May 2020 Update. This update, in the first instance, was initially delayed after the last-minute discovery of a zero-day flaw.

Microsoft subsequently warned users against installing the May 2020 update until a set of other issues were resolved.

Several issues have since come to light including incompatibility problems with certain Lenovo devices, as well as a Google Chrome flaw whereby the web browser logs users out of their accounts and wipes stored information such as cookies and passwords.

Software company SAP has patched a critical vulnerability that can be exploited by an unauthenticated hacker to take control of systems and applications.

The flaw, assigned CVE-2020-6287, affects the LM Configuration Wizard element of the NetWeaver Application Server (AS) Java platform, and affects potentially 40,000 customers, according to Onapsis, which discovered the vulnerability.

Alarmingly, the flaw has been rated 10 out of 10 on the CVSS scale and has spurred the United States Computer Emergency Readiness Team (US-CERT) into issuing an alert encouraging organisations to patch their systems immediately.

«Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply patches,» the alert said. 

«CISA recommends organizations prioritize patching internet-facing systems, and then internal systems.»

Those unable to patch their systems should mitigate the vulnerability by disabling the LM Configuration Wizard service. Should this step be impossible, or take more than 24 hours to complete, CISA has recommended closely monitoring SAP NetWeaver AS for any suspicious or anomalous activity. 

The flaw is a result of the lack of authentication in a web component of the SAP NetWeaver AS for Java which allows for several high-privileged activities on the SAP system. 

Successful exploitation involves a remote hacker obtaining unrestricted access to SAP systems by creating high-privileged users and executing arbitrary OS commands with high privileges. Hackers would retain unrestricted access to the SAP database and can perform application maintenance activities. 

The flaw, in essence, entirely undermines confidentiality, integrity and availability of data and processes hosted by the SAP application. 

The vulnerability is present by default in SAP applications running over SAP NetWeaver AS Java 7.3, and any newer versions up to SAP NetWeaver 7.5, affecting a handful of applications. These include SAP Enterprise Resource Planning (ERP), SAP Product Lifecycle Management, SAP Customer Relationship Management (CRM), and around a dozen more.

Flaws rated 10/10 on the CVSS scale are barely encountered, and ordinarily mean the vulnerability is highly exploitable, easy to trigger, and require little or no additional privileges and user interaction. Nevertheless, the SAP flaw is the second 10-rated vulnerability discovered within a couple of weeks, after Palo Alto patched a flaw in its networking services based around its SAML-based authentication mechanism.

Both the SAP and Palo Alto flaws were highlighted by official US law enforcement agencies, the former flagged by US-CERT and the latter by US Cyber Command.

Nokia has launched a set of tools, equipment and an operating system for data centre networking to help large companies manage growing traffic in light of increased 5G and machine learning adoption.

Working in collaboration with Apple to build the technology, Nokia has launched a data centre Network Operating System (NOS) as a toolkit to allow for intent-based automation and operations in data centres. This is in addition to new routers and switches.

The company’s data centre venture is based on the idea that the data centre will overlap with cloud and telecoms networks, with technologies like 5G and the Internet of Things (IoT) causing demand for data movements to rise.

Oracle has announced a package for enterprise customers to give them the full benefits of the company’s public cloud services while retaining all their data on-premise.

Dubbed Oracle Dedicated Region Cloud@Customer, the service is touted as the industry’s first fully-managed cloud region that brings more than 50 cloud services that can run from customers’ own data centres.

With packages starting at $500,000 per month, installing Oracle hardware in their own data centres allows enterprise customers with high security and regulatory commitments to benefit from cloud-based software without migrating their data.

Previously, Oracle customers adopting hybrid cloud configurations weren’t necessarily able to use all of the company’s cloud-based services due to incompatibility with their own hardware.

This new service will allow customers to port the entirety of Oracle’s software stack to their own data centres by installing Oracle hardware onsite.

«Enterprise customers have told us that they want the full experience of a public cloud on-premises, including access to all of Oracle’s cloud services, to run their most important workloads,» said executive vice president of engineering for Oracle Cloud Infrastructure, Clay Magouyrk.

«With Oracle Dedicated Region Cloud@Customer, enterprises get all of our second-generation cloud services, including Autonomous Database, in their datacenters. Our major competitors can’t offer customers a comparable dedicated cloud region running on-premises.»

However, the service will likely draw attention from those who campaign against practices that create vendor lock-in, as the installation of Oracle’s own hardware may make it more difficult for enterprise customers to transition to other providers should they wish.

Taking the fight to AWS

The move also represents an attempt to bring the fight to Amazon Web Services (AWS), as part of a long-running feud between the two companies, with Oracle taking on the highly similar AWS Outposts service.

AWS Outposts is Amazon’s fully managed and configurable compute and storage rack service built with AWS-designed hardware. The service allows AWS customers to run on-premise computing while connected to AWS services in the cloud.

Compared with Oracle Dedicated Region Cloud@Customer’s 50 cloud services, AWS Outposts only offers four, Oracle’s Larry Ellison claimed during an online event, according to Tech Radar.

AWS, incidentally, offers six services, including Amazon EC2, Amazon EBS, Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), Amazon Relational Database Service (RDS), and Amazon Elastic MapReduce (EMR).

Ellison threw additional barbs at AWS while making the announcement, claiming Oracle’s compliance certifications and management are the same across the public cloud and dedicated region, unlike AWS Outposts.

He also highlighted AWS’ role – as he sees it – in last year’s infamous Capital One data breach in which the personal information of 100 million customers was targeted by cyber criminals due to a misconfigured web application.

The Oracle CEO said it happened because Amazon cloud databases require complex and manual provisioning, configuration, encryption, backup and security, suggesting it was very complicated and that human beings can make mistakes as a result, leading to data loss.

“With Oracle, it is 100% automated and users cannot make mistakes on 100% automated processes. It is the only database where a person who runs the database has no access to users’ data,” he added.

Despite the war of words, however, AWS still dominates the cloud market, leading the industry in terms of market share, followed by Microsoft Azure and Google Cloud Platform.

The Royal Marsden NHS Foundation Trust has partnered with IBM to launch an AI-powered virtual agent that will provide staff with up-to-date HR and workplace information as the UK emerges from lockdown.

Ask Maisie, powered by IBM Watson, will give the Royal Marsden’s hospitals in London and Surrey the capacity to manage its workforce by serving as an information hub accessed through the intranet. 

Common questions can be answered through automation and AI with the HR department freed to engage in more complex areas, and handle more sensitive matters. Ask Maisie combines IBM Watson Assistant and natural langue processing (NLP) capabilities through the IBM public cloud. 

“As the pandemic evolves so have the long term implications on healthcare which include a growing expectation for immediate and remote access to trusted information,” said director for healthcare and life sciences with IBM UK and Ireland, Andreas Haimböck-Tichy. 

“This has led to many healthcare providers accelerating digital transformation plans to give clinicians time to focus on patients alongside helping to manage the physical and mental health of their key workers. Digital transformation in healthcare is not just limited to the clinical environment.

«Modern technology has an incredible potential to change the way a hospital operates for the better and help revolutionise the care patients receive.”

Topics the staff can access range from advice for high-risk workers, how to self-isolate, and what happens when staff receive official shielding letters. The sources of all information will be ‘trusted sources’ including the hospitals’ own policy handbooks as well as official bodies such as NHS England. 

The COVID-19 pandemic has been a highly disruptive force, but for many public sector organisations, it’s given development and engineering teams an opportunity to implement digital systems to help deliver services. 

For Royal Marsden, the crisis has triggered the need for technology to help manage its staff, with the organisation claiming the right investments in technology can help organisations build resilience and prepare for any future turmoil. 

Now that Ask Maisie has been launched, it can continue to enhance it knowledge-base as well as learning from interactions it has. 

Imperial College has partnered with several organisations to build a globally-sourced COVID-19 data hub designed to offer AI-powered insights to medical professionals to fight future infections. 

Using Amazon Web Services (AWS) machine learning tools, the REaltime Data Analysis and Synthesis (REDASA) platform aims to help the healthcare industry with real-time insights to help medical action and policymaking. 

The hub has been developed by PanSurg, a surgical network comprising Imperial health professionals and academics, in collaboration with a consortium of tech firms including Cloudwick and MirrorWeb alongside AWS.

It has been launched to pool together the insights and expertise of professionals working to fight the spread of infection by joining up a huge mass of material scattered across more than half a million different sources.

“Healthcare professionals are facing huge volumes of academic literature, public information and noise on COVID-19, making it challenging to extract key insights and translate these into best clinical practice,” said clinical senior lecturer and lead for PanSurg James Kinross.

“We are excited to collaborate with Cloudwick, MirrorWeb and Amazon Web Services to create a reliable, accurate information source with REDASA, for healthcare professionals seeking guidance during the pandemic.”

The project has recruited MirrorWeb’s website-capture technology to harvest large volumes of data at pace, with the organisation using machine learning to ensure the information gathered from public sources is accurate. These would include medical journals, healthcare literature and news sources.

This data is then stored and processed on Cloudwick’s Amorphic data and analytics platform, with advanced data science techniques used to generate automated insights and provide a secure way for users to access the intelligence.

Machine learning services by AWS, alongside an element of human curation, then allows REDASA to perform deep data analysis and extract the most important and relevant insights. Teams would, therefore, be able to process and make sense of the huge amounts of data flooding into the system.

The hub is centred on ‘live systematic review’ which means information is continuously updated and analysed, with data provided to private and public sector healthcare organisations and physicians to improve treatment and boost research.

“COVID-19 has made it clear just how challenging it is to find critical information quickly and easily in an ‘infodemic’ situation, with the noise of millions of articles to sift through,” said international healthcare data science lead at AWS EMEA SARL Dr Matthew Howard.

“This solution we are developing with PanSurg, and AWS Partner Network (APN) Partners, Cloudwick and MirrorWeb, combines the best of expert human review with AWS machine learning technologies. 

«Our aim is to provide a new approach that will put the most accurate information possible in the hands of healthcare professionals, help improve medical knowledge, and develop more effective methods of patient care that will make a difference to frontline healthcare workers.”

The product is expected to launch in the coming months and will become a key legacy project with applications that stretch beyond coronavirus. While the main focus, for now, is to support the healthcare response to COVID-19, the team behind REDASA believes the model can be adapted and extended to encompass many other diseases, including cancer.

GitHub has merged its two developer support sites into a single unified documentation hub to support users and integrators, offering a single repository of guidance and resources.

The platform, docs.github.com, merges the now-defunct help.github.com site and the widely-used developer.github.com, giving users the capacity to search across all of GitHub’s product content in a single place.

Previously, users seeking support would navigate either to the help platform, which was primarily curated for beginners, or the development platform, targeting advanced users, with GitHub addressing these two communities separately.

“As our product offerings have evolved, we decided to create a single place where everyone can find the information they need, whether you’re a new developer signing up for your GitHub account or a seasoned developer in the community,” said the platform’s product documentation team manager Jenn Leaver.

“This new site combines the product content that was on help.github.com and developer.github.com into a unified experience. With docs.github.com, you’re able to search across all of GitHub’s product content in one place.”