Zoom capitalises on high demand with 169% revenue surge


Keumars Afifi-Sabet

3 Jun, 2020

Zoom has defied fears that an explosion in activity and new users would not translate to rising revenues, boasting 169% year-on-year growth in the first quarter of 2020.

The video conferencing platform recorded revenues of $328.2 million for the quarter ending 30 April 2020, driven mainly by acquiring new customers and expanding across existing customers. Zoom previously reported in April that it gained 100 million new users within a three-week period.

The surge in demand for Zoom’s services been almost exclusively fuelled by the coronavirus pandemic, with millions of people around the world desperate to keep in touch with colleagues and loved ones while under lockdown.

Figures from Zoom’s financial results suggest the company has managed to capitalise on this growth in users, with a net income of $27 million, despite offering a solid and reliable service for non-subscribers.

“The COVID-19 crisis has driven higher demand for distributed, face-to-face interactions and collaboration using Zoom,” said founder and CEO Eric Yuan. “Use cases have grown rapidly as people integrated Zoom into their work, learning, and personal lives. 

“I am proud of our Zoom employees who dedicated themselves to support customers and the global community during this crisis. With their tremendous efforts, we were able to provide high-quality video services to new and existing customers.”

The company has also revealed a more detailed breakdown of its customer base, recording 354% year-on-year growth in the number of customers with more than ten employees to 265,400. Meanwhile, 769 customers contributed more than $100,000 in revenue, which is approximately 90% higher than in the same quarter last year.

Zoom has projected that its revenue will be between $495 million and $500 million in the next quarter, with a full fiscal year revenue of between $1.775 billion and $1.8 billion. 

The firm has announced its financial success days after pledging to improve encryption standards for paid users. End-to-end encryption will arrive for subscribers, but not free users, because of Zoom’s intentions to co-operate with law enforcement agencies. 

“Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said, according to Bloomberg tech reporter Nico Grant.

Alex Stamos, recently hired by the company as a security consultant, elaborated that while all members will continue to benefit from 256-bit encryption after its recent implementation, end-to-end encryption will be rolled out on an opt-in basis for now. 

“We have to design the system to securely allow hosts to opt-into an E2E meeting and to carefully communicate the current security guarantees to hosts and attendees. We are looking at ways to upgrade to E2E once a meeting has started, but there will be no downgrades,” he explained on Twitter.

“So this creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product.

“Lots of companies are facing this balancing act, but as a paid enterprise product that has to offer E2EE as an option due to legitimate product needs, Zoom has a slightly different calculus. The current decision by Zoom’s management is to offer E2EE to the business and enterprise tiers and not to the limited, self-service free tier.”

Google Cloud signs deal with UK gov to boost public sector innovation


Bobby Hellard

3 Jun, 2020

Google Cloud has entered into an agreement with the UK’s Crown Commercial Service (CCS) to provide cloud computing to the country’s public sector agencies. 

The two companies have signed a Memorandum of Understanding (MoU) which is an agreement that isn’t legally binding. 

The purpose of the MoU is to make it easier and more affordable for public sector agencies to use the full range of Google Cloud services for digital transformation. CCS, the UK Cabinet Office executive agency and trading fund, approached Google in 2019 to discuss cloud services. 

The result is an agreement that aims to open up the cloud services market to more suppliers to provide the best value for public sector agencies investing in the technology. Google Cloud has even confirmed a discount for qualifying public sector bodies based on aggregated cloud service demand and their expected spend. 
 
The MoU will also include access to Google Cloud’s managed and serverless offerings, such as its comprehensive hybrid and multi-cloud services and Anthos.

“This is a significant milestone for us, as we see the results of our focused investment in cloud services and solutions primed and tailored for the public sector,” said Mark Palmer, head of public sector EMEA, Google Cloud. 

“The UK public sector is a major focus for Google Cloud, and this is an opportunity to further support Her Majesty’s government in their digital transformation.”

According to Google, the fund will allow organisations, such as the NHS and government bodies, to take full advantage of a range of technologies across Google Cloud, including infrastructure, analytics, AI, application modernisation and development, and collaboration services. 

The MoU marks the beginning of an expanded relationship between CCS and Google Cloud, according to both organisations, and they will maintain regular dialogue and strategy sessions to ensure the UK public sector has access to Google Cloud’s latest innovations.

BBC testing ‘Beeb’ AI voice assistant with Windows Insiders


Keumars Afifi-Sabet

3 Jun, 2020

The BBC has opened the testing phase for its AI-powered voice assistant exclusively with those who routinely test updates to the Windows operating system.

UK members of the Windows Insider Programme can download the virtual assistant by grabbing the ‘Beeb BETA’ app from the Microsoft Store, where they can experiment with features and put the voice assistant through its paces.

These users will need to have installed the Windows 10 May 2020 update, however, which, Microsoft has incidentally warned its users against doing unless it’s shipped to their devices specifically. This is due to the developer identifying a string of issues that could lead to significant errors due to hardware compatibility issues.

The Beeb AI assistant aims to help users in the UK by navigating BBC services and access BBC content. There are no plans to build a device to rival Amazon Echo or Google Home, although Beeb will be built into the BBC website, iPlayer and all smart TVs.

The BBC’s voice team has previously collaborated with Microsoft to build the infrastructure behind Beeb with Azure AI services, as well as working with the industry giant on a number of other projects in the past.

“We’ve built Beeb because we know there is growing demand from people to access programmes and services with their voice – around one in five adults have a smart speaker in their home, and millions more have voice-activated devices in their pockets,” said BBC Design and Engineering’s chief operating officer Grace Boswood. 

“Much like the BBC did with iPlayer, we want to make sure everyone can benefit from this new technology, and bring people exciting new content, programmes and services in a trusted, easy-to-use way.”

The first version of Beeb will allow users to speak to access live TV and radio broadcast as well as programmes on-demand. Developers will add further features in the coming weeks and months, with feedback from Windows Insiders critical to the development path.

Not everything will be working as it should, the BBC added, with developers hoping feedback can shape what this early, stripped-down version will look like in the future when additions are made and compatibility with systems is expanded.

This beta-testing process will precede the rollout of Beeb in beta version to the general public for further testing and experimentation.

Dell Technologies launches new HPC systems to boost AI workloads


Sabina Weston

2 Jun, 2020

Dell Technologies has announced the launch of two new high-performance computing (HPC) solutions to help businesses run powerful artificial intelligence (AI) workloads in VMware environments and speed up digital transformation projects.

The new Dell EMC Ready Solutions are based on VMware Cloud Foundation and aim to help companies gain AI insights using the combination of Dell EMC systems and new features of VMware vSphere 7, including Bitfusion.

Tom Burns, senior VP of Integrated Products & Solutions at Dell Technologies, called AI a “game-changer” but added that the company’s customers are “lagging behind in adoption because they’re dealing with skills and infrastructure gaps”.

“We’re bringing together the power of Dell Technologies to help customers simplify the process of running AI workloads at scale in their familiar VMware environments,” he said.

The first Dell EMC Ready Solution is a GPU-as-a-Service (GPUaaS) designed to free up accelerator access by creating virtual graphics processing unit (GPU) pools. The system uses the latest VMware Cloud Foundation with VMware vSphere 7 support for Kubernetes and containerised applications in order to run AI workloads anywhere. The containers facilitate bringing cloud-native applications into production with the ability to move workloads as needed.

The second solution, for Virtualized HPC (vHPC), assists and economises the use of VMware environments for demanding HPC and AI applications in fields such as computational chemistry, bioinformatics and computer-aided engineering.

According to a recent study conducted by Forrester Consulting, Dell EMC Ready Solutions for vHPC is capable of delivering up to 18 times faster AI model development. It also delivers up to 20% faster hardware configuration and integration than self-installation and will provide an estimated return on investment of up to 111%.

Arthur Lewis, president of Server & Infrastructure Systems at Dell Technologies, explained in a blog post that “the Dell EMC Ready Solutions for AI: GPU-as-a-Service were designed for those who are just starting their AI journey or who already run smaller AI operations”, while “the Dell EMC Ready Solutions for vHPC were designed for those who want to advance their AI journey by virtualizing their high-performance computing workloads easily using the latest version of vSphere”.

The Dell EMC Ready Solutions for AI: GPUaaS and Dell EMC Ready Solutions for vHPC are available globally now, while the factory installation of VMware vSphere with BitFusion will only become available worldwide on Dell EMC PowerEdge servers next month.

VMware Cloud Director exploit lets hackers seize corporate servers


Keumars Afifi-Sabet

2 Jun, 2020

A vulnerability in VMware’s Cloud Director platform, used by a host of cloud providers to manage cloud infrastructure, could allow attackers to gain access to sensitive data and seize control of infrastructure.

Rated CVSSV3 8.8, and assigned CVE-2020-3956, the code-injection vulnerability in the cloud service-delivery platform could allow an attacker to gain access to sensitive data and take over the control of private clouds within an enterprise.

Hackers could also exploit the vulnerability to gain control over all customers within the cloud. It also grants access to modify the login section of the entire infrastructure to capture the username and password of another customer, according to Citadelo, an ethical hacking company which discovered the vulnerability.

“In general, cloud infrastructure is considered relatively safe because different security layers are being implemented within its core, such as encryption, isolating of network traffic, or customer segmentations,” said Citadelo CEO Tomas Zatko.

“However, security vulnerabilities can be found in any type of application, including the Cloud providers themself.”

Citadelo was hired this year by a fortune 500 enterprise customer to perform a security audit and investigate their VMware Cloud Director-based cloud infrastructure. 

Using the code injection flaw, researchers with the company were able to view the content of the internal system database, including password hashes of any customers allocated to the information system.

From there, they were able to modify the system database to steal foreign virtual machines (VMs) assigned to different organisations within Cloud Director. The flaw also allowed them to escalate privileges from that of a customer account to a system administrator, with access to all cloud accounts.

Finally, they could read all sensitive data related to customers, like full names, email addresses or IP addresses.

The vulnerability was initially reported to VMware on 1 April, with patches released following towards the end of the month, and during May. Organisations that haven’t yet applied the fixes are still vulnerable.

Those affected include public cloud providers using VMware vCloud Director, private cloud providers using VMware vCloud Director, enterprises using VMware vCloud Director technology, and any government identities using VMware Cloud Director.

Zoom will offer stronger encryption for paid accounts


Sabina Weston

1 Jun, 2020

Zoom is planning to roll out stronger encryption for businesses and institutions that pay for its service.

Zoom’s security consultant Alex Stamos, who was poached by the company in early April, has confirmed the news but added that the plan was subject to change.

According to Reuters, Stamos has not yet decided whether stronger security measures could also potentially be rolled out for non-profit organisations or users in need of an extra layer of protection, such as political dissidents.

“At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety,” Stamos told The New York Times in an interview published yesterday.

“The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are.”

He added that providing full encryption for every meeting would leave Zoom’s trust and safety team unable to add itself as a participant in gatherings to tackle abuse in real-time.

Zoom hired former Facebook security chief Stamos following numerous security incidents which threatened the immense popularity of the video conferencing platform, such as ‘Zoom-bombing’, which led to numerous companies and institutions banning the use of the platform.

Zoom attracted millions of users and became the most popular video conferencing platform globally. With the majority of its audience using the free version of the platform, Zoom might be trying to increase the number of its paid users and regain the trust of businesses by promising a higher level of security for its paid subscription models.

However, a similar announcement from Facebook, which plans to implement end-to-end encryption across all of its messaging systems, has garnered criticism from its shareholders.

Zoom had been previously criticised for not using end-to-end encryption despite specifically stating that it does on its website. The company finally implemented the 256-bit AES-GCM encryption standard in late April.

Microsoft to replace journalists with AI


Bobby Hellard

1 Jun, 2020

Microsoft is reportedly planning to replace contracted journalists that work on the homepages of MSN and its Edge browser with artificial intelligence

The tech giant won’t renew contracts for roughly 50 US employees at the end of the month, according to The Seattle Times, while The Guardian reports that around 27 journalists are being let go in the UK. 

The contracted employees, hired through staffing agencies, were reportedly notified last week that their services would not be needed beyond 30 June. The 27 UK employees affected, who were employed by PA Media, were told on Thursday that their jobs would be terminated as Microsoft is shifting away from humans in favour of automated news updates

A spokesperson for PA Media told The Guardian: “We are in the process of winding down the Microsoft team working at PA, and we are doing everything we can to support the individuals concerned. We are proud of the work we have done with Microsoft and know we delivered a high-quality service.”

Many publications have had to let journalists go due to the impact of COVID-19 and the outbreak has also accelerated a number of cloud-based technologies. According to some of those whose contracts are not being renewed, the curation of news on MSN is already partly automated. 

“It’s been semi-automated for a few months but now it’s full speed ahead,” one of the terminated contractors told The Seattle Times. “It’s demoralising to think machines can replace us but there you go.”

Microsoft is retaining full-time news producers, according to the reports, but the functions of the contracted employees will be taken up by automation. This includes using algorithms to sources trending news stories and optimising the content by rewriting the headline or adding different images or slide shows.

The contracted journalists also created news pieces, maintained editorial calendars of partner news sites and even assigned content to them but it isn’t clear if this will also be taken on by the software.  

“Like all companies, we evaluate our business on a regular basis,” a company spokesman said in a statement. “This can result in increased investment in some places and, from time to time, re-deployment in others. These decisions are not the result of the current pandemic.”

IT Pro 20/20: How regulation is shaping innovation


Cloud Pro

1 Jun, 2020

Welcome to the fifth issue of IT Pro 20/20, our sister title’s digital magazine that brings all of the previous month’s most important tech issues into clear view.

Each month, we will shine a spotlight on the content that we feel every IT professional should be aware of, only in a condensed version that can be read on the go, at a time that suits you.

To coincide with the second birthday of the General Data Protection Regulation, this month we take a look at the role of regulation in innovation. Rather than focus on GDPR principles and the importance of compliance, we thought it would be far more valuable to show how new rules are working to promote, and in some cases moderate, new technology and ways of thinking.

Our lead feature looks at the nature of corporate travel and how future regulations, as well as societal changes introduced as a result of the coronavirus pandemic, are likely to redefine what it means to travel for business. We also look at how authorities are attempting to rein in the development of cutting edge technology and whether it’s even possible to police something like an algorithm.

For those businesses confused about data laws in a post-Brexit UK, we’ve also put some of the most common issues to a panel of data protection lawyers to assess what the regulatory landscape might look like after the end of the transition period in January 2021.

As ever, you’ll also find a roundup of the four biggest stories of the month that are likely to reverberate throughout 2020.

DOWNLOAD THE MAY ISSUE OF IT PRO 20/20 HERE

The next IT Pro 20/20 will be available on Tuesday 30 June. Previous issues can be found here.

We hope you enjoy reading this month’s issue. If you would like to receive each issue in your inbox as they release, you can subscribe to our mailing list here.

Google to block notification spam with new Chrome feature


Sabina Weston

29 May, 2020

Google has announced the launch of a new default anti-notification spam system which will aim to protect Chrome users from abusive notifications.

The system, known as the ‘quieter notifications UI’, has been an opt-in feature since February but will be rolled out as a default setting in July.

In a post on the Chromium blog, Google explained that the update “will only affect new notification permission requests from abusive sites”. However, the company added that it is also considering rolling out “protections for users who have already accepted notification permissions from abusive sites”.

Explaining the reasoning behind the decision, the tech giant said that abusive notification prompts are among the most frequently reported user complaints when it comes to Chrome.

“A large percentage of notification requests and notifications come from a small number of abusive sites. Protecting users from these sites improves user safety & privacy on the web, and makes for a better browsing experience,” the blog post read.

“Only a small fraction of websites will be affected by this change but we expect the impact on notification volumes will be significant for some users.”

According to Google, these notifications are often used to mislead users, but also have the potential to “phish for private information or promote malware”.

Site owners that have their domain registered with Google’s Search Console will be able to check if their site has been blocked in July, using the Search Console dashboard in the new Abusive Notifications Report section.

Google’s decision might be able to significantly improve the experience of Chrome users who struggle to focus on work. It might also lead to fewer security incidents, including cases of phishing and malware.

The announcement comes days after Google released a major update for its browser, introducing revamped security and privacy controls. The arrival of Chrome 83 came two months after Google announced that it had cancelled development of version 82 in order to “maintain stability” during the global COVID-19 pandemic.

Microsoft warns users not to install Windows 10’s May update


Keumars Afifi-Sabet

28 May, 2020

Microsoft has asked Windows 10 users to avoid manually updating to its May 2020 feature update while it investigates ten major issues, despite having only just released it.

The major update to Microsoft’s flagship operating system has finally started to roll out after a two-week delay earlier this month, but Microsoft has identified ten issues severe enough to recommend that users hold off.

The slew of issues includes Windows 10 devices with Realtek drivers being unable to connect to more than one Bluetooth device, and no mouse input with apps and games using GameInput Redistributable.

Some devices using more than one Always On, Always Connected capable network adaptor may encounter errors or unexpected restarts, while enabling variable refresh rate on devices with intel iGPU may not work as expected.

Users may also encounter the infamous blue screen of death (BSOD), meanwhile, on three of the issues. Devices, for example, with certain Conexant or Synaptics audio drivers may encounter such errors during or after these drivers are updated. Errors may also occur when devices using external Thunderbolt docks are plugged in or unplugged. 

Finally, on the BSOD front, there are incompatibility issues with Windows 10 and certain versions of Nvidia display adapter drivers. The fatal error screen may arise if devices are using drivers older than version 358.00.

To safeguard the update experience, Microsoft has held back the May 2020 Update from any devices with hardware or drivers known to suffer from compatibility issues with Windows 10.

More widely, Microsoft recommends users do not attempt to manually update using the ‘update now’ button until the issues have been resolved.

The widely touted May 2020 Update, also known as Windows 10 version 2004, began rolling out automatically, in a phased manner, to users from yesterday. Users, however, are still able to receive the upgrade if they manually check for updates.

Among the new features expected in the biannual upgrade are a faster and easier Bluetooth pairing process with external devices, as well as a mechanism to much more quickly enable a fully-passwordless experience.

When the update is finally deemed ready, users should also except a refined Coronata chatbot experience and smoother synchronicity between smartphones and Windows machines, among other additions.

That Microsoft has encountered several major issues on the release of its latest operating system upgrade should be of little surprise to long-term users who will be familiar with faulty feature upgrades of the past.

The May 2020 Update itself was delayed by two weeks earlier this month after Microsoft discovered a set of bugs that needed to be addressed urgently. This included a zero-day vulnerability relating to the deployment image servicing and management (DISM) tool, used to repair corruption on Windows systems.

The April and October 2018 feature upgrades were so badly received by the community that Microsoft was forced to change the way it delivers its updates, with users now generally waiting longer in light of a new phased approach.

Conventionally, Microsoft would initiate updates automatically once data suggested users would enjoy a safe and frictionless experience. Starting with Windows 10 version 1903, released last year, users are now, instead, simply notified when it’s available to download and install.