All posts by Zach Marzouk

Kyndryl partners with Microsoft in first major deal since IBM split


Zach Marzouk

12 Nov, 2021

Kyndryl has signed a cloud migration partnership with Microsoft, considered to be the first major deal for the company since its official split from IBM.

The two companies will develop new products built on the Microsoft Cloud to drive digital transformation for customers, and Microsoft has become Kyndryl’s only Premier Global Alliance Partner.

The companies are set to accelerate hybrid cloud adoption, introduce AI innovations, and help transfer more mission critical workloads to the cloud. They will also jointly work on a co-innovation lab where they will build products on the Microsoft Cloud, with Kyndryl making them available on Microsoft’s AppSource and on the Azure Marketplace.

In return, Microsoft will make products developed by the two companies available for its global enterprise sales force as well as creating a training programme for Kyndryl’s nearly 90,000 employees, dubbed Kyndryl University for Microsoft, which has been designed to teach workers how to best use Microsoft’s cloud tools.

“As an independent company, we’re investing in our partner ecosystem to support the success of our customers, and we’re focused on expanding our market opportunity across cloud, data, security, and intelligent automation,” said Martin Schroeter, chairman and CEO of Kyndryl. “In this landmark relationship with Microsoft, Kyndryl is matching our deep expertise in mission-critical IT systems with the benefits of Microsoft Cloud to be at the heart of progress for our global customers.”

Kyndryl completed its previously-announced spin-off from IBM last week, which it hoped would give the business more freedom to pursue new opportunities. The company now claims to be the world’s largest IT infrastructure provider with around 90,000 professionals worldwide, and is looking to deliver advisory, implementation, and managed services to over 4,000 global customers. The company also hinted it was looking to form new partnerships in new areas, like application 5G networks.

IBM temporarily retained 19.9% equity ownership of the new company, with shareholders receiving one Kyndryl share for every five IBM shares owned. The giant would also continue on as Kyndryl’s largest customer, and Kyndryl would be IBM’s largest customer in return, as revealed by Sam Maatallah, general manager of Kyndryl strategic markets.

Maatallah said there is still a strong relationship between the two companies and they were going to continue to team up and create products together. However, he also underlined the new freedom Kyndryl has to team with other players in the market.

“Unleashed from IBM, we have the freedom to invest for growth, while expanding our ecosystem of strategic partners and services capabilities,” said Maatallah. “As an independent Kyndryl, we’ll work with a much bigger ecosystem unlocking more opportunities to participate across platforms.”

IBM’s decision to split its business in half by spinning off its infrastructure services unit into a separate company was revealed a year ago, which saw it end a strategy that saw it try to shift towards cloud growth while keeping its legacy business. Following the split, IBM said that it would then focus entirely on its AI capabilities and the hybrid cloud, which it described as a $1 trillion opportunity.

AWS and Google win Japanese government cloud contract


Zach Marzouk

27 Oct, 2021

Japan’s Digital Agency has selected Amazon Web Services (AWS) and Google Cloud to run its first nationwide cloud computing project in the country, as the government tries to implement digital transformation across its ministries.

The two providers were chosen as they met around 350 requirements across security, legal issues, and data management, an official from the agency, according to Nikkei Asia. AWS and Google will first be used to run the agency’s website as well as by eight municipalities on a trial basis.

The government cloud project is aiming to unify and standardise digital infrastructure across ministries and approximately 1,700 municipalities, which run their own systems. Domestic system integrators have usually been selected to manage data centres and business applications, which the government believes has led to customised systems with high maintenance costs and overlapping functions.

The vendor lock-in has also prevented the rollout of public services and hampered the country’s COVID-19 response.

It was also revealed that the budget for government cloud computing until next March is around 2 billion yen (£12.3 million) with the budget for upcoming years still to be determined.

The Digital Agency was launched on 1 September and is set to control most of the government’s IT budget. It is aiming to move local governments to the cloud by 2025, which could reduce the annual IT budget of £5 billion by about 30%, according to a government official. 

“As a cloud services provider directly contracted by the Digital Agency, AWS will help the Japanese government to modernize IT by directly offering advanced technologies and global best practices,” an AWS spokesperson said to CloudPro.

“It will also enable us to continue to work with Japanese AWS Partners and startups to accelerate innovation in citizen services, drive local economic growth, and solve some of the biggest challenges in society.”

CloudPro has contacted Google for comment.

The move comes as part of a push by the Japanese government to implement digital transformation across its ministries, which have tended to lag behind.

The government has only just begun to phase out the use of floppy disks, according to a report from Nikkei Asia, as officials saw the outdated tech as ultra-reliable, saying they almost never broke or lost data. Sony stopped producing the disks in 2011 but, thanks to their reusability, there are still plenty to go around. However, various subdivisions of the Tokyo government have already started moving the data from floppy disks to other online storage formats.

Microsoft resellers warned of Nobelium attacks on IT supply chain


Zach Marzouk

26 Oct, 2021

Microsoft has warned its resellers and managed service providers that the hacking group behind the SolarWinds cyber attack has now turned its attention to the company’s global supply chain.

The tech giant said that it believes the Russian state-backed hacking group, known as Nobelium, ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organisation’s trusted technology partner to gain access to their downstream customers.

Microsoft said that the attacks used well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access. It began observing Nobelium’s latest campaign in May 2021 and has been notifying affected partners and customers.

So far, the company has notified over 140 resellers and technology service providers currently being targeted by the group. It also believes as many as 14 resellers and service providers have already been compromised.

These attacks have been part of a larger wave of Nobelium activities this summer, the company said. Between 1 July and 19 October, Microsoft believes that 22,868 attacks were conducted by the group against 609 customers, with a success rate in the low single digits. As a comparison, before 1 July, approximately 20,500 attacks from nation-state hackers were recorded over the course of three years.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” said Tom Burt, corporate vice president of Customer Security & Trust.

From what it has learned over the past several months, Microsoft is working to implement improvements to better secure and protect its technology partners. This includes launching a programme on 15 October to provide two years of an Azure Active Directory Premium plan for free to strengthen security controls, and it’s piloting new granular features for organisations that want to provide privileged access to resellers.

It’s also piloting improved monitoring to help partners and customers manage and audit their delegated privileged accounts and remove unnecessary authority, as well as auditing unused privileged accounts and working with partners to assess and remove unnecessary privilege and access.

The company also revealed it has been coordinating with the security community to improve its knowledge of Nobelium’s activity, including government agencies in the US and Europe. It believes it is in a much better position to defend against these threats thanks to the US cyber security executive order and information sharing between industry and government.

In September, it emerged that Nobelium was stealing data from Active Directory Federation Services (AD FS) servers, with Microsoft warning that the group was found to be using a post-exploitation backdoor dubbed FoggyWeb to remotely exfiltrate sensitive data.

The group was also blamed for an attack on a Microsoft employee’s computer in June, implanting malware on a device belonging to a customer support agent to obtain information belonging to customers.

You can now test Android apps on Windows 11


Zach Marzouk

22 Oct, 2021

Microsoft has released the preview of Android apps to Windows 11 testers, after launching the new operating system without the feature at the start of October and promising to do so in the next few months.

The preview is available for anyone on the Windows Insider Program as well as Beta Channel users in the US on eligible devices running Intel, AMD, and Qualcomm platforms. It allows apps to be viewed through the Microsoft store before taking users to the Amazon Appstore to load and install them.

The apps can be run side-by-side with other apps and can be pinned to the Start menu or Taskbar, or even integrated into Alt+Tab and Task view to quickly move back and forth between them. Android app notifications can be viewed in the Action Center and users can share their clipboard between a Windows app and Android app too. Windows accessibility settings also apply to Android apps and Microsoft is working with Amazon to deliver more improvements in the coming months.

Microsoft revealed it has partnered with Amazon and app developers to curate 50 apps for Windows Insiders to test and validate across a broad set of hardware. These will be released in the coming months and allow users to try the game Lords Mobile, read Kindle books, and access Khan Academy Kids’ library of learning tools.

The tech giant has also built the Windows Subsystem for Android, which powers the Amazon Appstore and its catalogue. The subsystem includes the Linux kernel and Android OS based on the Android Open Source Project (AOSP) version 11.

“The Subsystem runs in a Hyper-V Virtual Machine, like the Windows Subsystem for Linux,” said Aidan Marcuss, corporate vice president at Windows. “It understands how to map the runtime and APIs of apps in the AOSP environment to the Windows graphic layer, the memory buffers, the input modes, the physical and virtual devices, and the sensors.”

The subsystem is available on AMD, Intel, and Qualcomm chips, and Microsoft is also partnering with Intel to enable Arm-only apps to run on AMD and Intel devices.

The Windows 11 rollout began on 5 October with all eligible devices to be offered the free upgrade by mid-2022. The update is being rolled out in a phased approach, meaning that new eligible devices will be offered the upgrade first.

Alibaba unveils custom Arm-based server chip


Zach Marzouk

19 Oct, 2021

Alibaba has unveiled a new in-house processor that will be used to power servers in its data centres, as China aims to increase its domestic chip production in the face of a global chip shortage and US sanctions targeting the country.

The server chips, named Yitian 710, are custom-built by the company’s chip development business, named T-Head. It’s powered by 128 Arm cores with a 3.2GHz top clock speed and is the first server processor compatible with the latest Armv9 architecture. It includes 8 DDR5 channels and 96-lane PCIe 5.0, providing high memory and I/O bandwidth.

Alibaba has also developed proprietary servers, called Panjiu, for the next generation of cloud-native infrastructure. The company said that by separating computing from storage, the servers are optimised for both general-purpose and specialised AI computing, as well as high-performance storage.

The servers have been developed for large-scale data centre deployment through their modular design, and the company expects them to serve a variety of cloud-native workloads such as containerised applications and computed optimised workloads.

“Customizing our own server chips is consistent with our ongoing efforts toward boosting our computing capabilities with better performance and improved energy efficiency,” said Jeff Zhang, president of Alibaba Cloud Intelligence and head of Alibaba DAMO Academy. “We plan to use the chips to support current and future businesses across the Alibaba Group ecosystem. We will also offer our clients next-generation computing services powered by the new chip-powered servers in the near future.”

Zhang added that, together with IntelNvidiaAMD, and Arm, Alibaba will continue to innovate its compute infrastructure and other diverse computing services for global customers.

Alibaba also announced it would open the source code of the XuanTie IP core series, the company’s custom-built processors based on RISC-V instruction-set architecture. Developers will not be able to access the cores’ source code on GitHub and Open Chip Community to build prototype chips of their own.

This coincides with the Chinese government’s “Made in China 2025” initiative of lifting the country’s chip production from less than 10% at the time to 40% in 2020 and 70% in 2025, as reported by NIkkei Asia. The government has invested in the semiconductor industry to try and meet these goals although this appears to be a long way off considering data from IC Insights shows that the country only sourced 16% of its semiconductors domestically.

Being self-reliant on chips is a key issue for the country, especially as it has been hit by a number of US sanctions targeting the tech sector in recent years. In April this year, the US government added seven Chinese supercomputing entities to its Entity List, restricting US exports to them. The US government adds entities to this list as it feels they are working against US national security or foreign policy interests.

Arm launches cloud-based IoT platform


Zach Marzouk

19 Oct, 2021

Arm has launched Arm Total Solutions for IoT, a cloud-based platform to enable software development without the need for physical silicon.

The company hopes this will simplify and modernise software development, resulting in accelerated time to market for developers, OEMs, and service providers at all stages of the Internet of Things (IoT) value chain. It also claims it will reduce the product design cycles by up to two years.

The new platform is built on Arm Corstone, the company’s IoT system on a chip (SoC) package, and will deliver a virtual model of the Corston subsystem to allow for software development without the need for physical silicon. It will provide mechanisms for simulating memory, peripherals, and more, to allow for development and testing of software before hardware is available.

The company said this will allow users to reduce a typical product design cycle from an average of five years to as little as three. It will help Arm customers get customer feedback for chips before release and allows the entire IoT value chain to develop and test code on the latest IP ahead of chips being released.

To help it simplify the design process and streamline product development, it contains hardware IP, software, machine learning models, and application-specific reference code.

“Through a radical change in how systems are designed, Arm is uniquely positioned to fuel a new IoT economy that rivals the shape, speed and size of the smartphone industry’s app economy,” said Mohamed Awad, vice president of IoT and Embedded at Arm. “Arm Total Solutions for IoT changes the way we’re delivering key technology to the entire ecosystem and demonstrates our significant and ongoing investment in the software that will empower developers to innovate for global impact.”

Arm is also set to introduce Project Centauri, a set of device and platform standards as well as reference implementations for device boot, security, and cloud integration. The company hopes this will reduce engineering costs, accelerate time to market, enable IoT deployments at scale, and improve security.

In March, Arm launched its first new chip architecture in a decade, focusing on security and AI. It is called v9 and the company hoped it would help it move from general-purpose to more specialised compute across applications like AI, 5G, and IoT.

Acer confirms breach after cyber attack on Indian servers


Zach Marzouk

14 Oct, 2021

A hacker group has claimed to have breached the servers of Acer India, with approximately 60GB of sensitive data belonging to several million of the company’s customers being leaked online.

Known as Desordern, the group said it had stolen customer information, corporate data, financial data, and information related to recent company audits, according to a post on a popular hacking forum, seen by Privacy Affairs researchers.

The hackers said that the breach includes data on several million Acer customers, mostly from India. It appears to have taken place on 5 October, as this is the most recent date listed in the leaked databases.

Desordern also said that it will give Acer access to the database to verify the data and prove the breach is real. A sample of the data released for free, which included information on over 10,000 individuals, was found to be accurate and genuine by researchers at Privacy Affairs, who were able to make contact with some of those affected.

The group has said that data belonging to several million more Acer customers will be released for a fee at a later date.

“We have recently detected an isolated attack on our local after-sales service system in India,” an Acer spokesperson told IT Pro. “Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India.”

The spokesperson added that the incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and there has been no material impact to the company’s operations and business continuity.

In March this year, Acer fell victim to a $50 million ransomware attack carried out by the notorious ransomware gang REvil. The group announced the Acer breach on its website where it presented images of allegedly stolen files, including financial spreadsheets, bank communications, and bank balances. The breach was believed to be linked to the Microsoft Exchange cyber attack, which was carried out by at least ten hacker groups.

IBM pledges to reskill 30 million people globally by 2030


Zach Marzouk

13 Oct, 2021

IBM plans to provide 30 million people of all ages with new skills by 2030 as it aims to close the global skills gap by expanding access to digital skills and employment opportunities.

According to data from the World Economic Forum (WEF), closing the global skills gap could add $11.5 trillion to global GDP by 2028. In the UK, nearly two in three (64%) report spending more on recruitment, with costs increasing by 49 per cent or £1.23 billion in total because of the skills shortage. 

In a bid to help tackle the growing skills crisis, IBM has announced over 170 new partnerships and programme expansions in more than 30 countries across the world and is improving its existing programmes and career-building platforms to expand access to education and in-demand technical roles.

In the UK, IBM said that the West London-based Ada Lovelace Church of England High School has joined its P-TECH programme, an online platform that offers free technical skills required to be successful in the digital economy. Students are set to benefit from access to foundational knowledge on topics like cyber securityartificial intelligence, and cloud computing.

IBM plans to educate 30 million people through its broad combinations of programmes, including collaborations with universities and key government entities. These partnerships will also extend to NGOs too, such as the British Refugee Council.

“Talent is everywhere; training opportunities are not,” said Arvind Krishna, IBM chairman and CEO. “This is why we must take big and bold steps to expand access to digital skills and employment opportunities so that more people – regardless of their background – can take advantage of the digital economy.

“Today, IBM commits to providing 30 million people with new skills by 2030. This will help democratize opportunity, fill the growing skills gap, and give new generations of workers the tools they need to build a better future for themselves and society.”

This week, Vodafone found that digital literacy is becoming as important as reading and writing for young people’s future life prospects. Limited access to an internet-connected device, or lack of skills to use one, is preventing people entering the jobs market from attending exams or online lessons, gaining the necessary digital skills, and applying for jobs. 29% of respondents to the report said they had to share a laptop, tablet, or PC for work, education, or leisure in the past year.

Microsoft mitigated ‘largest ever’ 2.4Tbps DDoS attack


Zach Marzouk

12 Oct, 2021

Microsoft claims to have mitigated a record 2.4Tbps DDoS attack targeting one of its Azure customers in Europe during the last week of August.

The company said the attack was140% larger than than the highest attack bandwidth volume Microsoft recorded in 2020 and higher than any network volumetric event previously detected on Azure. It also surpasses the previous largest DDoS attack, which peaked at 2.3Tbps and was directed at Amazon Web Services (AWS) last year.

It said the attack traffic originated from around 70,000 sources and from multiple countries in the Asia-Pacific region, including Malaysia, Vietnam, Japan, and China, as well as the US. The attack spanned over 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes.

The company monitored three main peaks, the first at 2.4Tbps, the second at 0.55Tbps, and the third at 1.7Tbps.

Microsoft’s attack mitigation lifecycle is orchestrated by its control plan logic that dynamically allocates mitigation resources to the most optimal locations, closest to the attack sources. This meant that the attack traffic, which originated in the Asia-Pacific region and the US, did not reach the customer region but was instead mitigated at the source countries.

“Azure’s DDoS mitigation employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the network,” said Amir Dahan, senior programme manager at Azure Networking.

“When deviations from baselines are extremely large, our DDoS control plane logic cuts through normal detection steps, needed for lower-volume floods, to immediately kick-in mitigation. This ensures the fastest time-to-mitigation and prevents collateral damage from such large attacks.”

Dahan added that the customer did not suffer any impact or downtime, but if they had been running their own data centre instead of using Azure, they would most probably have incurred extensive financial damage as well as other intangible costs.

In 2020, Google revealed its infrastructure absorbed a 2.5Tbps DDoS attack three years previous. The attack was the culmination of a six-month campaign launched by Chinese-backed hackers that used multiple methods of attack, which ultimately had no material impact.

Oracle to launch 14 new cloud regions over the next year


Zach Marzouk

12 Oct, 2021

Oracle has announced plans to launch 14 new cloud regions over the next year to support demand for its customers worldwide.

The company plans to open new Oracle Cloud Infrastructure (OCI) regions in Milan (Italy), Stockholm (Sweden), Marseille (France), Spain, Singapore, Johannesburg (South Africa), Jerusalem (Israel), Mexico, and Colombia.

Oracle will also open second regions in Abu Dhabi (UAE), Saudi Arabia, Israel, and Chile. By the end of 2022, the company plans to take its number of cloud regions from 30 to at least 44.

The company also said that it plans to establish at least two cloud regions in almost every country where it operates, to help customers build business continuity and disaster protection while helping them address their in-country data residence requirements. The US, Canada, UK, South Korea, Japan, Brazil, India, and Australia already have two cloud regions.

“Oracle Cloud Infrastructure has seen stellar growth over the past year,” said Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure.

“We’ve introduced several hundred new cloud services and features and are continuing to see organisations from around the world increasingly turn to OCI to run their most mission-critical workloads in the cloud. With the additional Cloud regions, even more organisations will be able to use our cloud services to support their growth and overall success.”

Oracle currently provides cloud services across 30 commercial and government cloud regions in 14 countries on five continents. OCI operates 23 commercial regions and seven government regions too.

In September, AWS revealed plans to open a new data centre region in New Zealand by 2024, investing around £3.9 billion over the next 15 years and creating 1,000 jobs. The company said its new Asia Pacific region would help more of its customers run their applications by serving end users locally, provide lower latency and ensure customers can choose to securely store their data in the country.