IT Pro 20/20: A quantum leap for security


Cloud Pro

30 Jun, 2020

Welcome to the fifth issue of IT Pro 20/20, our sister title’s digital magazine that brings all of the previous month’s most important tech issues into clear view.

Each month, we will shine a spotlight on the content that we feel every IT professional should be aware of, only in a condensed version that can be read on the go, at a time that suits you.

Cyber security has proven to be one of the most challenging facets of the lockdown – maintaining a robust posture at a time when workers are dispersed and often outside of the company firewall. Suitably, June’s issue of IT Pro 20/20 is all about cyber security. We’ve pulled together stories that examine the current state of the industry, including how current technology is being used and how future trends are likely to reshape our understanding of cyber security.

Our lead feature looks at the rise of quantum computing, still a fledgeling area of the tech industry but one that promises to upend cyber security as we know it. Yet, these remain promises, and it’s unclear whether we will ever see the future that proponents of the technology envisage.

Turning to trends that are a little more pressing today, we also share an industry hacking story that should serve as a lesson in how not to get hacked. I won’t spoil the story here, but I will say it involves a LinkedIn account, a gullible PA, a chief executive’s shoe size, and Tottenham Hotspur Football Club.

In our last exclusive article, we question whether there is, in fact, any weight at all behind the idea that remote working poses a danger to a business’ cyber security, or if these threats have been somewhat exaggerated. It’s likely to be a contentious issue for many, so we’ll leave it up to you to decide.

DOWNLOAD THE JUNE ISSUE OF IT PRO 20/20 HERE

The next IT Pro 20/20 will be available on Friday 31 July. Previous issues can be found here.

We hope you enjoy reading this month’s issue. If you would like to receive each issue in your inbox as they release, you can subscribe to our mailing list here.

AWS launches CodeGuru to identify ‘most expensive’ code


Keumars Afifi-Sabet

30 Jun, 2020

Amazon Web Services (AWS) has taken its machine learning-powered CodeGuru development tool out of preview and rendered it generally available, alongside a host of additional features.

CodeGuru is being launched as a tool to help developers improve their applications and troubleshoot issues with automated code reviews and performance recommendations, available in Reviewer and Profiler modes.

CodeGuru Reviewer uses programme analysis and machine learning to detect potential defects that are tricky to find and recommend fixes in Java code. Code can be stored in GitHub, AWS CodeCommit, or Bitbucket.

Pull requests submitted also provide recommendations for how to improve the code, with each pull request also corresponding to a code review, and each code review including multiple recommendations that appear as comments on the pull request. 

Profiler mode, meanwhile, provides interactive visualisations and recommendations that help fine-tune application performance and troubleshoot operational issues using runtime data from live applications. This mode can also help find the most intensive lines of code, in terms of CPU usage or latency, and suggest ways to improve efficiency and reduce bottlenecks 

“Bringing new applications into production, maintaining their code base as they grow and evolve, and at the same time respond to operational issues, is a challenging task,” said chief evangelist for EMEA at AWS, Danilo Poccia. 

“For this reason, you can find many ideas on how to structure your teams, on which methodologies to apply, and how to safely automate your software delivery pipeline.

“CodeGuru helps you improve your application code and reduce compute and infrastructure costs with an automated code reviewer and application profiler that provide intelligent recommendations. Using visualizations based on runtime data, you can quickly find the most expensive lines of code of your applications.”

CodeGuru was first announced at AWS Re:Invent 2019 towards the end of last year as an AI-powered service designed to help write code. It was launched as an automated tool, trained on several decades of code reviews, adding comments to pull requests if it discovers an issue, also recommending remediation, including example code and links to documentation.

AWS has made a number of improvements to Amazon CodeGuru in the last few months, including a more cost-effective pricing model, support for Bitbucket repositories, and the capacity to start the profiling agent using a command-line switch.

In addition to existing features, the generally-available version of CodeGuru includes support for GitHub Enterprise in Reviewer mode, as well as new types of recommendations to solve defects and improve code. For Profiler mode, meanwhile, AWS has added anomaly detection, support for AWS Lambda, as well as the total CPU cost of issues in a recommendations report, among a number of others.

CodeGuru has been released days after AWS launched Honeycode, a visual application builder that can be used to create interactive web and mobile apps on a code-free basis. These can range in complexity from a task-tracking application for a small team to a project management system that controls complex workflows, with Honeycode aimed at those in need of innovative online capabilities but without the means to hire experienced engineers.

UKCloud signs MoU with the Crown Commercial Service


Bobby Hellard

29 Jun, 2020

UKCloud has signed a Memorandum of Understanding (MoU) with the Crown Commercial Service (CCS).

The MoU sets out preferential commercial terms for UKCloud to offer its services to the public sector, either directly or indirectly through its partner community. 

The announcement comes just a month after Google Cloud signed a similar agreement with CCS, boosting its investments in cloud technologies aimed at public sector bodies. 

UKCloud is a Farnborough-based business that provides multi-cloud services to the public sector. Its seen rapid growth since its inception in 2011, and attractive investment from companies such as Cisco in 2019.

The UK’s cloud market has also seen rapid growth, with public sector spending on cloud services increasing by over £6bn in the last eight years, according to UKCloud.

“Cloud has moved on from being limited to GDS Digital Exemplars to underpinning some of governments most complex, high profile and business-critical programmes,” said Simon Hansford, CEO of UKCloud.

“It’s now recognised that there is no one size fits all cloud — which is why UKCloud has matured into the UK’s foremost expert multi-cloud provider, as well as being one of the most socially responsible cloud providers within the market.

“We continue to stand out from the competition and I’m pleased to say that is reflected in our MOU with the CCS.”

The preferential commercial terms in the MoU includes double-digit discounts for a wide range of UKCloud services, such as a second-tier platform for sensitive government workloads, ‘desktop as a service’ and ‘disaster recovery as a service’ offerings, and object storage.

“We hope that by providing this commercial advantage, underpinned by robust principles that matter to our public sector customer base, cloud adoption will become easier and less risky,” Hansford added. “In turn, this will help to accelerate the UK public sector’s digital transformation, so that better outcomes are delivered to the citizen”. 

IBM Cloud suffers second global outage this month


Bobby Hellard

26 Jun, 2020

IBM Cloud suffered intermittent outages this week, marking the second time this month the service has experienced severe disruption. 

The service was hit by sporadic outages and issues in the UK, the US, Sydney, Tokyo and more for several hours on Wednesday night, according to reports

Users have complained of problems logging in to the service, while those already online have had difficulty accessing virtual private cloud services, Kubernetes workloads, Watson AI and other IBM Cloud functions.

IBM’s Cloudant Dashboard and APIs were down for three hours in both London and Frankfurt, with LogDNA Indexing suggesting that processing issues were also seen at the German site and IKS container services suffered 12 hours of disruption in Dallas, US. 

IT Pro has approached IBM for comment, with the firm yet to address the problem. It was a little more forthcoming with the major incident it suffered a fortnight ago, which it blamed on a “third-party network provider”.

That outage took 80 dater centres offline, impacting its cloud computing services including Red Hat. The firms own status page was impacted by the problem with its internal server error page reading: “Sorry, we’ve encountered an error on our end, and our developers are working on clearing this up. Please try reloading the page or following these links back”.

It’s worth noting that IBM did not immediately address the earlier outage but did release a statement on its Twitter account that services were being “restored to full services as soon as possible”. 

The earlier outage was due to an “external network provider flooding the IBM Cloud network with incorrect routing”. That resulted in severe congestion of traffic that impacted IBM Cloud Services and datacentres, according to IBM. 

AWS launches Amazon Honeycode for code-free app building


Bobby Hellard

25 Jun, 2020

Amazon Web Services (AWS) has announced a fully managed service for customers to build apps quickly without having to worry about any coding

Amazon Honeycode is a visual application builder that can be used to create interactive web and mobile applications backed by an AWS database. 

Users can create mobile and web-based apps that range in complexity from a task-tracking application for a small team to a project management system that controls complex workflows for multiple departments. 

The service is aimed at those that need innovative online capabilities, but can’t necessarily hire experienced software engineers. Instead, Honeycode can help companies to build applications to track and manage things like process approvals, event scheduling, customer relationship management, user surveys, to-do lists, and content and inventory tracking.  

“Customers have told us that the need for custom applications far outstrips the capacity of developers to create them,” said Larry Augustin, vice president, AWS. “Now with Amazon Honeycode, almost anyone can create powerful custom mobile and web applications without the need to write code.”

Honeycode customers can select pre-built templates, with data models and pre-defined business applications all ready to go. Alternatively, users can import data into a blank workbook and use a spreadsheet interface to define the data model and design the on-screen applications themselves. Once fully formed, the application can easily be shared with the rest of your organisation.
 
The idea is to enable more and more businesses to build and access cloud-based services to help navigate a more digital future. It follows yesterday’s Amazon announcement to support 200,000 UK startups with digital training and expertise. The Amazon Small Business Accelerator will help startups navigate the ‘new normal’ and along with Honeycode, will aim to further expand the global footprint of the world’s biggest provider of cloud computing. 

Slack attempts to replace email with Slack Connect tool


Bobby Hellard

25 Jun, 2020

Slack has made its pitch for organisations to finally ditch email with the launch of Slack Connect. 

From today, up to 20 organisations can be added to a single Slack channel, enabling businesses to bring more of their external ecosystems, such as an entire supply chain or third-party marketing, into Slack. 

Previously two companies could connect this way via ‘shared channels’, but through trials, Slack has expanded that capability with the aim to add more in the coming years. The communications platform suggests this is a more secure way of communicating with other partners. 

The company also said it would add efficiencies to workflows, taking conversations out of “siloed email inboxes” and into the right channels with the right people. This way, organisations can come together to work and make decisions more quickly with customers, vendors and partners, according to Slack.

“My vision, as the CISO at Slack, is to make Slack the most secure collaboration environment for businesses,” Said Larkin Ryder, CISO of Slack.

“When you think about the things you have to do as a CISO to make your email environment secure, you have layers and layers of products that you’re adding on to address things like spam and phishing on an ongoing basis. 

“Email is an open front door to security threats to an organisation – $12 billion in losses are caused by business email scams, and 90% of data breaches are from phishing. If you want a more secure collaboration solution for your organisation, the first thing you can do is take your employees out of email and into Slack.”

Slack suggests that its enterprise-grade security features and compliance standards can help prevent data loss. Its recently announced partnership with AWS has also helped to shore up the service with Enterprise Key Management, giving organisations increased control over their data and who can see it.

Apple’s ARM-based Macs won’t support Windows virtualisation


Carly Page

25 Jun, 2020

Users will no longer be able to run Windows virtualisation software once they switch to Apple’s upcoming ARM-based Macs, it has emerged.

In new developer support documents published by Apple, the company confirmed that the switch from Intel to ARM-based processors will prevent users from running Windows on the Mac.

In the document, Apple confirmed that Rosetta 2 – an emulation layer that will enable users to run old apps on new Mac devices – won’t be able to translate x86_64 virtualization apps, which could prevent the virtualisation of Windows environments using apps such as Parallels and VMWare Fusion.

“Rosetta can translate most Intel-based apps, including apps that contain just-in-time (JIT) compilers,” the document reads. “However, Rosetta doesn’t translate the following executables: kernel extensions, Virtual Machine apps that virtualize x86_64 computer platforms.”

In addition to these restrictions, Boot Camp, a popular tool that allows MacBook users to switch between Windows and macOS, will no longer be available for use on devices powered by Apple Silicon.

Although the tool will remain in macOS Big Sur, it will be an Intel-only feature. Non-Intel Macs will not be able to access the tool and the company has not yet announced a replacement.

In a statement, Microsoft confirmed that there’s no official way to install the operating system, telling The Verge that it “only licences Windows on ARM to OEMs”. When asked whether it plans to change this policy to allow Boot Camp on ARM-based Macs, and the company said “we have nothing further to share at this time”.

It remains unclear whether virtualisation companies are working on a solution for ARM-based Macs, though VMWare on Tuesday announced that Big Sur-compatible “tech preview” of Fusion will arrive in July.

What’s more, Apple showed off a Mac with an ARM-based A12Z Bionic SoC running a Linux distribution in Parallels during its WWDC keynote this week, suggesting that the company is working to support virtualisation software.

HPE continues cloud push with new GreenLake services


Jane McCallion

24 Jun, 2020

HPE’s edge-to-cloud mantra continues to permeate its products, with the company announcing new cloud offerings available through its GreenLake “as a service” platform at its HPE Discover 2020 virtual event.

Machine learning, operations, containers, virtual machines (VMs), storage, compute, data protection, and networking are now all available through the GreenLake Central self-service console

This, the company says, allows users to choose a configuration that suits them, and manage it, scaling up or down, as they need.

With these new GreenLake services, however, the company is offering customers a choice of 17 pre-defined configurations, delivered in three sizes – described by HPE as small, medium and large “t-shirt sizes” – rather than full customisability. This mode of delivery speeds up the order-to-run process to as little as 14 days, the company claims.

“[This is] a new generation of cloud services from GreenLake, bringing a new level of speed and agility to the on-prem cloud services market,” said Keith White, SVP and GM of HPE GreenLake Cloud Services, during a press and analyst briefing.

White said the use of pre-configuration as a way to bring “a whole new level of automation and simplicity” to HPE’s customers.

“I think the easiest way to think about these building blocks is kind of like Lego bricks,” he explained. “With Legos, you can build almost anything with a few standard blocks. 

“These can look and feel like custom offerings, but as we do it through these standard blocks and ‘t-shirt sizes’, this really accelerates time to customer, accelerates time to market for the customer’s solution and more importantly accelerates time to value for the customer.”

The service is then installed and connected by the company’s Pointnext services division, as well as through channel partners.

“Think of it as leveraging our whole HPE portfolio – hardware, software, Pointnext Services and the power of HPE FS. With third parties, we can provide complete secure and integrated services for our customers,” White added

GreenLake cloud services for VMs, compute, storage, data protection, and intelligent edge are available immediately worldwide. GreenLake cloud services for the newly announced HPE Ezmeral software portfolio, consisting of ML Ops and Containers, is currently in beta, with general availability expected for the company’s fiscal fourth quarter of the year, which ends on 31 October.

HPE launches Ezmeral software portfolio – but is it just SBS in disguise?


Jane McCallion

24 Jun, 2020

Not three years since it spun out its Software Business Segment to Micro Focus in an $8.8 billion deal, HPE has launched a new overarching software portfolio called HPE Ezmeral.

The name is inspired by the Spanish word for emerald – esmeralda – giving it a touch of the green-coloured branding that permeates the company now, from its logo to GreenLake “as a service” platform.

Ezmeral is, according to the company, a brand new software portfolio designed to help organisations make the most of their computing with an edge-to-cloud strategy. It includes two products, currently: Ezmeral ML Ops and Ezmeral Container Platform.

Ezmeral Container Platform, as the name suggests, allows organisations to deploy and manage containerised applications, be they cloud-native or cloud non-native, at scale on any infrastructure, be that in the cloud, a colocation facility, on-premises data centre or at the edge.

Ezmeral ML Ops, meanwhile, is focused on machine learning. It uses containerisation to manage the machine learning lifecycle in its entirety across edge, cloud, and on-premises infrastructure, allowing users to standardise workflows and, the company claims, reduce the time taken for AI deployments from months to days.

But is Ezmeral just SBS by another name? When asked by IT Pro, HPE CEO Antonio Neri said this was not the case.

“We made the decision to spin the software business [in 2016] because we felt there was not a cohesive strategy to begin [with]. You know, it was a very good portfolio of assets, in the wrong domains but not architected for the cloud reality [in which] we all live – and AI reality,” Neri said

“So not only did we do the right thing by spinning them and combining with a company which was way more focused on that space, but it also freed us up to really pivot harder to this new way to deploy software. And obviously it’s taken us a little bit of time, but I’m super excited about what we’re doing with HPE Ezmeral, with our Container Platform, with the integration of the acquisitions we’ve done, with the utilisation of AI in the form of HPE Infosight, and also the security aspect.”

It also, he said, allows the company to make the best use of assets from recent acquisitions including MapR and BlueData

Both of the current elements of Container Platform and ML Ops will be available on a consumption-based pricing model via the company’s GreenLake “as a service” platform, and as traditional software, too. It’s open in beta currently and HPE is taking applications to join the beta platform, with general availability expected in Q4 this year.

HPE announces new services from Pointnext to help businesses get back to work


Jane McCallion

23 Jun, 2020

As it gears up for its first virtual Discover conference, HPE has announced five new offerings to help businesses in their efforts to recover from the COVID-19 crisis.

Delivered through the company’s Pointnext Technology Services division, the “return-to-work as a Service solutions” use HPE Proliant Servers, EdgeLine Converged Edge Systems and Aruba AI-powered network infrastructure, as well as technology from partners like Kognition and Venzo Secure, to enable organisations to safely bring workers back into the office as they reopen.

This includes a fever detection system, touchless entry, social distancing enforcement and tracking, augmented reality for more effective communication with remote workers – of which there will likely be many even once offices reopen – and workplace alerts.

For contactless building entry, the system uses biometrics – facial recognition in particular – multi-factor access control, and identity verification. This will reduce or eliminate the amount that workers are touching shared access points like doors, ensuring a more hygienic workplace, the company said.

The fever detection system, meanwhile, uses thermal cameras, machine learning and video analytics to pick out and alert anyone with a high temperature in the office, and the social distancing pillar uses Bluetooth technology to alert workers if they’re getting too close to each other, track the location of specific employees and facilitate contact tracing.

While the technical element of the AR/VR system is relatively well defined – an AR system provided in partnership with PTC and HPE’s Visual Remote Guidance (VRG) product – the use case is a little fuzzier, although the company says it can provide better learning and collaborative experiences, as well as allowing users to be guided through a complex procedure like replacing a gas valve remotely.

Finally, there’s the workplace alert system. This is already part of the company’s Intelligent Workplace offering, which the company said this initiative builds on, and allows organisations to push notifications to workers using dashboards and apps. This could be particularly useful to notify those in a particular building if someone there had tested positive for COVID-19 and that they should begin isolation, rather than sending a company-wide message incorporating people working at sites that are unaffected, for example.

Saadat Malik, vice president of IoT and Intelligent Edge Services, at HPE, said: “Since the COVID-19 outbreak, our customers have turned to HPE to help them adapt to unique challenges presented by the pandemic to maintain business continuity. 

“We have been there for them throughout these difficult times, on everything from supporting a transition to a remote workforce with our comprehensive virtual desktop interface (VDI) solutions, to now helping them return back to work and to a new normal.

“As businesses are reopening and returning employees onsite, our new robust solutions, featuring a range of HPE technologies and partner capabilities, are helping them make this transition safely while building on a highly differentiated, long term workplace digitization strategy.”

All five services are available worldwide from HPE’s Pointnext professional services business and use Greenlake’s as a service subscription consumption model starting today.