Google Cloud has announced a new tool for managing large fleets of virtual machines (VMs).

The VM Manager is a suite of infrastructure management tools which aims to simplify the process of ensuring the security, compliance, and observability of large VM fleets as businesses scale their operations.​

The suite supports Windows and Linux operating system environments and comprises a single dashboard to allow real-time tracking of inventory.

It offers services such as configuration management and patch management, with the latter including patch compliance reporting, which provides insights on the patch status of users’ VMs across Windows and Linux distributions. It also includes patch deployment, which automates the OS and software patch update process, the company explained in a blog post on Thursday.

Lastly, VM Manager also includes an inventory management service which is integrated with Google’s Cloud Asset Inventory product, in order to simplify the analysis of customers’ Google Cloud fleet data.

Announcing the new management tool, product manager Ravi Kiran Chintalapudi and product marketing manager Senanu Aggor said that the new suite “reduces complexity, improves security and compliance reporting, and simplifies monitoring resources in a large cloud environment”.

“By taking advantage of automated tools to keep systems up-to-date, reduce the risk of downtime, and improve productivity of internal users, early VM Manager users tell us that it allows their IT administrators to focus on other business-critical tasks,” they added.

VM Manager is available for testing in the customers’ environment using a free tier which provides a monthly usage of 100 VMs per Cloud Billing account. Once the free tier is exhausted, for all VMs that have an active OS Config agent, each active agent is charged at a rate of $0.003 (approximately £0,002) per hour per VM.

IT Pro has contacted Google Cloud about the availability of VM Manager in the UK and will update this article when more information becomes available.

Last year, the company announced Confidential VMs – Google Cloud’s first product in its new confidential computing portfolio which allows companies to process sensitive data while keeping it encrypted in memory. The feature is an evolution of its Shielded VMs, a tool launched in 2018 that companies could deploy to strip out most of the potentially vulnerable startup processes that trigger when attempting to create a new environment.

Until then, like many cloud providers, Google offered encryption on data at rest and while in transit, requiring that data to be decrypted before it could be processed.

Apple is reportedly planning to roll out its new App Tracking Transparency tool sometime in “early spring”, following months of delays and criticism from competitors.

The tool forces app developers to ask an iPhone user’s permission before the app tracks their activity “across other companies’ apps and websites”. The user will see a notification pop-up on their screen and will be able to decide whether they want to opt in or out of sharing their data with other firms to aid in advertising.

​

The App Tracking Transparency marks a significant change to Apple’s privacy settings, shifting the responsibility from the user to the app developer. Apple previously only let users disable this kind of tracking manually in their iPhone settings.

The update was first announced in June last year but was delayed in September in order to provide digital advertisers with more time to adjust.

According to Reuters, the tool is now expected to be rolled out for most iPhone users as soon as “early spring”, but Apple didn’t provide a specific date. CEO Tim Cook is expected to provide further details later today at the Computers, Privacy and Data Protection conference in Brussels, which coincides with Data Protection Day.

The update has received criticism from other tech giants, with Facebook executives telling investors on Wednesday that the change could have a negative effect on the company’s revenues in the first quarter. Facebook CEO Mark Zuckerberg also accused Apple of having “every incentive to use their dominant platform position to interfere with how our apps and other apps work”.

Earlier this week, Google said that it would cease using an Apple-supplied tracking identifier which would require it to show the warning. However, it also added that it is working with Apple to improve an alternative offering which would help advertisers attribute paid clicks and taps without engaging in what Apple classifies as tracking.

Google also recently released a new tool which would improve users’ privacy. On Monday, it announced that Chrome will now automatically hide the content of web pop-up notifications, including email notifications, Google Chat messages, and other third party websites, when the user is sharing their screen. 

​

SonicWall has admitted that it’s been the target of a cyber attack which saw hackers take advantage of zero-day vulnerabilities in its secure remote access products.

The network security provider issued a statement confirming the incident after being contacted by SC Media, which received an anonymous tip that SonicWall’s systems had been breached.

The company stated that it had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products”.

The company didn’t specify when exactly the incident took place. CloudPro contacted SonicWall for a timeline of the attack but is yet to receive a response from the company.

Over the weekend, SonicWall issued an additional statement which ruled out that its NetExtender VPN Client product had been compromised, adding that the only products to remain under investigation are from the SMA 100 series which “provide Secure, Mobile and Remote Access” to SMBs. 

However, SonicWall clarified that, despite the investigation, all “SMA 100 series products may be used safely in common deployment use cases”.

The company also said that it “fully understands the challenges previous guidance had in a work-from-home environment, but the communicated steps were measured and purposeful in ensuring the safety and security of [its] global community of customers and partners”.

“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations,” it added.

Despite a decline in the number of security incidents, the last year was deemed as the worst for data breaches on record.

The news of the incident comes months after SonicWall released patches for a critical vulnerability in the SonicOS operating system, which is responsible for running SonicWall virtual private network (VPN) appliances.

Enterprise software is expected to grow by 8.8% in 2021 as businesses seek to expand and improve remote work environments, according to new predictions from Gartner.

Global IT spending fell by 3.2% in 2020 as a result of the COVID pandemic, but the research firm expects spending this year to rise by 6.2% to a total of $3.9 trillion (£2.85 trillion) before surpassing the $4 trillion (£2.93 trillion) mark in 2022.

Enterprise software is expected to witness the strongest rebound followed by the devices segment, which is expected to see growth of 8% in 2021. Garner expects spending on data centre systems to increase by 6.2% during the 12-month period, while IT and communications services are predicted to grow by 6% and 4% respectively. 

Commenting on the predictions, Gartner distinguished research VP John-David Lovelock said that CIOs “have a balancing act to perform in 2021 — saving cash and expanding IT”.

“With the economy returning to a level of certainty, companies are investing in IT in a manner consistent with their expectations for growth, not their current revenue levels. Digital business, led by projects with a short Time to Value, will get more money and board-level attention going into 2021,” he added.

Gartner also projects that, through 2024, businesses will be forced to accelerate their digital transformation plans by at least five years in order to survive in a post-COVID world, where remote work and digital touchpoints will be the norm.

“Digital business represents the dominant technology trend in late 2020 and early 2021 with areas such as cloud computing, core business applications, security and customer experience at the forefront,” said Lovelock. 

“Optimisation initiatives, such as hyperautomation, will continue and the focus of these projects will remain on returning cash and eliminating work from processes, not just tasks.”

Moreover, non-COVID-19 geopolitical factors are expected to inhibit recovery for some regions, such as Brexit for the UK and the difficult China-US relations.

Google Chrome users will now be able to check which passwords should be updated with stronger combinations using a new tool for Chrome 88.

The feature makes it easier to identify and fix weak passwords by scanning the combinations stored in Chrome’s password manager and highlighting the ones which could be easily breached.

Once they are identified, Chrome will allow users to edit the passwords and even facilitate the process by generating a stronger combination.

Commenting on the new feature, Chrome product manager Ali Sarraf said that Google is “excited to announce new updates” that will provide users with “even greater control over your passwords”.

“We’ve all had moments where we’ve rushed to set up a new login, choosing a simple “name-of-your-pet” password to get set up quickly. However, weak passwords expose you to security risks and should be avoided. In Chrome 88, you can now complete a simple check to identify any weak passwords and take action easily,” he added.

According to Sarraf, the new tool will be rolled out over the coming weeks as users upgrade to the Chrome 88 browser version. Once the browser is updated, users can access the tool by going to Settings > Passwords > Check passwords > Check Now to perform a safety check of their passwords. They can then click the «Review» button to replace the saved password with a stronger combination.

Sarraf also added that Google will continue to introduce additional password features “throughout 2021”.

The new tool is an addition to Chrome’s “Check passwords” feature, which allows users to check whether any of their saved passwords had been compromised.

The feature was rolled out after a similar tool, Firefox Monitor, became available on Mozilla’s own browser in September 2018. The system works by scanning users’ email address against a database of information confirmed to have been leaked in security breaches. If it has been marked as potentially stolen by hackers, Mozilla will then notify the user, who can change their username and passwords as a precaution.

In May 2019, the company also released Firefox Lockwise, which uses 256-bit encryption to allow users to access their saved passwords in Firefox from anywhere.

WhatsApp has announced that it will delay the rollout of new privacy terms which were supposed to come into effect next month.

The update, which was presented to users on a ‘take it or leave it’ basis, was designed to allow businesses to manage WhatsApp chats using new Facebook integrations. Users, therefore, were asked to share certain aspects of their data with WhatsApp’s parent company Facebook if they still wished to continue using the platform.

However, the plans were met by a backlash sufficient enough to make WhatsApp delay the implementation of the update by over three months, with the rollout pushed back from 8 February to 15 May.

​“We’re now moving back the date on which people will be asked to review and accept the terms,” the company announced on its blog, before adding that “no one will have their account suspended or deleted on February 8”. 

“We’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp. We’ll then go to people gradually to review the policy at their own pace before new business options are available on May 15,” it said.

WhatsApp’s decision to forcefully implement its updated terms and conditions resulted in a number of users fleeing the service, with many choosing to seek privacy solace in the arms of the messaging platform’s competitors.

This caused temporary infrastructure issues for encrypted messaging service Signal, which on Friday saw its servers overwhelmed due to the sudden rush of new users.

“We have been adding new servers and extra capacity at a record pace every single day this week nonstop, but today exceeded even our most optimistic projections. Millions upon millions of new users are sending a message that privacy matters. We appreciate your patience,” the company announced via Twitter.

While the change to WhatsApp’s terms and conditions won’t affect those in the UK or Europe specifically, a pop-up notification still appeared on the app for everyone – bringing fears over the security and privacy of bring your own device (BYOD) policies again to the fore.

Rowan Troy, cyber security consultant at managed IT provider Littlefish, advised organisations to “exercise caution” when allowing the use of consumer communication tools such as WhatsApp.

“The new data-sharing agreement between WhatsApp and Facebook might increase the risk of personal data being shared that contradicts company policy or compliance legislation relevant to the organisation,” he said.

​

Poor email processes are killing productivity, with a quarter of UK-based employees spending nearly one working day each week managing their inboxes.

That’s according to research by Mail Manager, which surveyed 500 business leaders and decision-makers in the UK. It found that one in four respondents spent at least one hour a day going through their inbox, which amounts to almost one full working day spent on managing emails.

This is despite email being the most-often used form of communication. 90% of respondents indicated that they use email to communicate with their clients, while Skype and WhatsApp, by comparison, were used by 55% of those surveyed. Just 15% of those surveyed said that Slack was their go-to communication platform. 

Jacob Wardrop, commercial director at Mail Manager, described email as the “letter of today”. 

“While tools like Slack and WhatsApp are great for informal correspondence and chat, email remains the core correspondence method for formal communication. Before the digital era, companies would send formal correspondence as letters, which would be physically stored. Now, email is the tool for formal correspondence, but the need for filing and securely storing this communication remains, even though it’s digital,” he said.

The additional time spent on sorting emails has a negative impact on employees emotions and work. More than half (55%) of respondents said that they were frustrated by not being able to find specific documents in their inbox, which left them feeling as if they were wasting time (63%), being less productive (48%), and losing track of project information (52%).

In some cases, poor email management led to missed customer and client opportunities, an experience shared by 45% of those surveyed.

The findings come after last year Slack added a feature to send messages beyond the walls of a company and connect organisations into shared channels. 

Aside from productivity gains, Slack’s CISO Larkin Ryder also pointed out safety benefits of switching to the messaging tool.

«Email is an open front door to security threats to an organisation – $12 billion in losses are caused by business email scams, and 90% of data breaches are from phishing. If you want a more secure collaboration solution for your organisation, the first thing you can do is take your employees out of email and into Slack,” he said.

Adobe has officially killed off Flash Player, the browser plugin that helped define the early internet.

The iconic plug-in was discontinued on 1 January, almost 25 years after it was first launched. Adobe will not be rolling out any further security updates and the company is set to block all Flash content from 12 January.

Despite the sunset date being scheduled for 2020, the majority of browsers had already jumped ship. As of 2018, less than 5% of worldwide websites used Flash, with most favouring Javascript for running multimedia features. Other, more secure alternatives also included HTML5, WebAssembly and WebGL.

The decision to sunset the plug-in was first announced in July 2017 due to dwindling demand, as browser makers opted to integrate the software’s capabilities within their own offerings.

Flash was also plagued by various security concerns. In 2015, for example, security firm Recorded Future discovered that Flash Player comprised eight out of 10 top vulnerabilities leveraged by exploit kits, with more than 100 exploit kits and vulnerabilities affecting the technology. There were also reports of Flash being exploited by North Korean hackers, who used it to access Microsoft Office documents, web pages, and spam emails.

Nevertheless, Flash Player managed to write itself into internet history. The software’s unprecedented capabilities shaped the way users interact with multimedia content offered by an array of industries, such as gaming, education, and video.

The final nail in the coffin for Flash came in October 2020, when Microsoft rolled out an optional update for Windows 10 that permanently removed Adobe Flash from the operating system and prevented it from being re-installed. The company released the removal tool prior to 1 January 2021 in order to help customers test and validate their environments for any impact that might occur by the removal of the software.

Starting later in 2021, all APIs, group policies and user interfaces that govern the behaviour of Adobe Flash Player are expected to be removed from the legacy Microsoft Edge and Internet Explorer 11. 

Amazon Web Services (AWS) has announced plans to bring its 5G edge compute service to the UK in early 2021. 

First unveiled at last year’s re:Invent event, AWS Wavelength offers optimised solutions for mobile edge computing applications, simplifying application traffic in order to fully utilise the latency and bandwidth benefits offered by modern 5G networks.

The service manages to shorten the time of mobile data response from seconds to milliseconds, making it ideal for time-sensitive sectors such as driverless cars or surgeries, as well as less critical scenarios like gaming.

Speaking at this year’s re:Invent, a three-week event which commenced on 1 December, AWS CEO Andy Jassy said that AWS Wavelength will be launched in the UK in partnership with Vodafone Business. 

This will be part of the new Vodafone Business Edge Innovation Program (EIP), which has opened its registration submissions today. The programme will provide startups, ISVs, businesses, as well as freelance developers exclusive access to edge computing training to help them develop, test and deploy a Proof-of-Concept (PoC) 5G application on AWS Wavelength and Vodafone 5G network.

Vodafone and AWS will roll out Wavelength in spring 2021, starting with a commercial Multi-access Edge Computing (MEC) centre in London. The MEC centre will use Vodafone’s 5G network in order to provide an ultra-low latency zone over the extended area of the UK capital.

Commenting on the announcement, Vodafone Business CEO Vinod Kumar said that “working with AWS on edge computing means we are making it simpler for both independent software vendors and our customers to experiment with this emerging technology”. 

“We’re doing this by offering an incubation space to create and test applications that we can then industrialise and scale. And we’re already seeing some innovative applications that provide positive business outcomes from Dedrone, Digital Barriers, HERE Technologies, Groopview, and Unleash live, with so much more to come once our MEC innovation programme is running,” he added.

As well as the updates to Wavelength, AWS also used re:Invent to announce a new ML-powered operations service called Amazon DevOps Guru. The service uses machine learning to help developers detect and solve operational problems with applications.

AWS’ Machine Learning VP Swami Sivasubramanian said that the idea behind DevOps Guru was borne from customer requests to “continue adding services around areas where we can apply our own expertise on how to improve application availability and learn from the years of operational experience that we have acquired running Amazon.com”. 

“With Amazon, we have taken our experience and built specialised machine learning models that help customers detect, troubleshoot, and prevent operational issues while providing intelligent recommendations when issues do arise,»  he said.

«This enables teams to immediately benefit from operational best practices Amazon has learned from running Amazon.com, saving customers the time and effort that would otherwise be spent configuring and managing multiple monitoring systems,” he added.

Zoom has announced plans to extend its strategic partnership with Amazon Web Services (AWS), selecting it as its preferred cloud provider.

The announcement follows that Zoom would be shifting a portion of its cloud infrastructure to Oracle Cloud due to an unprecedented surge in new users following the announcement of lockdown restrictions earlier this year.

Announced in late April, the deal saw Oracle join major cloud rivals AWS and Microsoft Azure in providing support to Zoom. However, AWS managed to retain the bulk of the workload, and it seems its efforts have not gone unnoticed.

Zoom CEO Eric Yuan credited AWS with helping the platform manage “unprecedented global demand this past year”.

“We’ve been able to handle it in significant part by running the substantial majority of our cloud-based workloads on our preferred cloud provider, AWS, and relying on AWS’s performance and scalability,” he said. 

“Looking forward, we will continue to innovate alongside AWS to reinvent virtual collaboration and deliver secure and exciting experiences for our customers.”

Commenting on the announcement of the extended multi-year agreement, AWS CEO Andy Jassy said that “COVID-19 changed everything for Zoom, putting demands on the company to meet the video conferencing needs of hundreds of millions of new participants around the globe”.

“AWS was there from the beginning to ensure Zoom could scale to meet these new requirements virtually overnight,” he added.

AWS has been a long-term cloud provider for Zoom, having supplied the platform with necessary infrastructure since its launch in 2011.

“When organizations build on AWS – as Zoom has done since 2011 – they transform their business, expanding and innovating much faster. Together, Zoom and AWS have delivered great experiences for new Zoom users around the world, and we look forward to using the cloud to develop new ways to help the world communicate,” said Jassy.

The announcement comes weeks after the video-conferencing platform added a set of security features to help users combat ‘Zoom-bombing’ attacks. The new controls will help account holders remove unwanted guests and also spot if their meeting’s ID number has been shared online.