Microsoft simplifies security portfolio with Defender rebrand


Dale Walker

23 Sep, 2020

Microsoft has announced a host of new security updates to coincide with a strategic shift that pulls all of its detection and event management services under the new Microsoft Defender brand.

Microsoft Defender represents the “broadest resource coverage” of any security portfolio in the industry, the company claims, spanning identity protection, endpoints, cloud applications, and infrastructure, to name a few.

This means all of Microsoft’s extended detection and response (XDR) tools will now sit alongside its suite of security information and event management (SIEM) software, offered as a single umbrella brand in a bid to reduce complexity.

For customers, this new direction will take the form of two separate packages, namely Microsoft 365 Defender, tailored for end-user environments, and Azure Defender, built for cloud and hybrid infrastructure. Both of these packages bring their own product name changes, with Microsoft effectively abandoning the ‘advanced threat protection (ATP)’ theme for most products.

Microsoft 365 Defender will replace all instances of Microsoft Threat Protection, the name given to the suite of products covering identity, endpoint, email, and app security, launched just two years ago.

Included in that Microsoft 365 Defender suite is an updated version of Microsoft Defender ATP, now known as Microsoft Defender for Endpoint, bringing with it expanded support for Android and iOS devices.

Microsoft Defender for Office 365, previously known as Office 365 ATP, and Microsoft Defender for Identity, previously known as Azure ATP, will also feature as part of the Microsoft 365 Defender suite.

The second package, Azure Defender, is described as an evolution of the Azure Security Center (ASC) and repurposes a number of its tools, although the original version ASC still exists. Firstly, Azure Defender for Servers will replace the standard version of ASC, while both Azure Defender for SQL and Azure Defender for IoT will both replace their respective ASC versions. All of these will be packaged inside Azure Defender.

Aside from the name changes, Azure Defender will bring a new look with a unified dashboard inside ASC, as well as expanded protection coverage for SQL on-premises, Kubernetes, and Azure Key Vault. It will also cover industrial IoT, operational technology (OT), and building management systems, largely thanks to the acquisition of CyberX in June.

“Today we’re delivering a new set of security, compliance, and identity innovations to help all customers simplify and modernize their environments by embracing the reality that the past seven months have likely reshaped the next 10 years of security and digital transformation,” said Vasu Jakkal, corporate vice president of Microsoft Security, Compliance, and Identity, announcing the rebrand.

“We hold a differentiated view among our peers that security should not only encompass all critical aspects of security — including cybersecurity, identity and compliance — but that these components should be tightly integrated, and built right into the products and platforms that businesses are already using.”

Also updated, but still separate from the Microsoft Defender branding, is Azure Sentinel, a tool that collates all of an organisation’s security logs and threat data into one window. This has been given an updated search functionality and the option to create watchlists for specific threats. It’s also now possible to create user and entity behaviour profiles that can be paired with Microsoft’s own security research to monitor for unseen threats.

Beginning in November, Microsoft will also be cutting the cost of Azure Sentinel for a limited time, which it estimates will help a typical organisation of 3,500 users save around $1,500 per month.

CloudBees: DevOps initiatives increased during the pandemic


Sabina Weston

23 Sep, 2020

The COVID-19 pandemic has seen businesses increase their focus on DevOps initiatives, according to a survey commissioned by enterprise software delivery firm CloudBees. 

More than half (52%) of respondents said their firms placed higher priorities on increasing their DevOps initiatives as a result of the pandemic. The most popular initiative is daily standup meetings, which are now practised by 56% of the 347 technology professionals surveyed by the Accelerated Strategies Group (ASG).

Others include using cross-functional teams, practised by 46%, and automating tasks, which was selected by 42% of respondents.

Pandemic restrictions, such as the closure of offices, have also seen 52% of businesses prioritise contracting with public cloud service providers, while almost two-thirds (63%) of respondents said that digital transformation objectives had been placed at a higher priority than before.

The CloudBees report also further proved that employees are confident in their ability to remain productive from home. However, despite 60% of respondents saying that software developer productivity has improved during the pandemic, the speed of software delivery varies. A third (33.8%) of respondents saw speed increases, 27% saw decreases, and 39% didn’t perceive any change in speed.

According to Mitchell Ashley, CEO and managing analyst at ASG, software teams “have seen demonstrable benefit from working remotely”. However, he added that “time will tell which changes are permanent and/or beneficial” in the future.

The findings were unveiled on the first day of CloudBees’ DevOps World event, which also saw the company announce the general availability of the first two modules of its Software Delivery Management (SDM) solution.

The first module aims to solve higher-order feature management problems and provide product development teams with control over the features that get issued in software releases. Meanwhile, the second one focuses on engineering productivity and will provide leaders with insight into the prioritising abilities of their team members.

CloudBees also unveiled new DevSecOps solutions for CloudBees CI and CloudBees CD. The new security features aim to address the lack of integration when trying to meet audit and compliance requests.

They include enhanced granularity in Role-Based Access Control, audit-ready pipelines, a newly-developed hardened version of its CloudBees CI, feature flag integration, as well as proven integrations to security automation applications, such as Anchore, Alcide.io, CyberArk, Checkmarx, Contrast Security, FOSSA, RunSafe Security, Shiftleft.io, Snyk, Sonatype, Synopsys, WhiteSource Software, and Zimperium.

Speaking at the start of the event, CloudBees CEO and co-founder Sacha Labourey said: “When we originally came up with the theme for this year’s DevOps World – that was back in January – we decided on Transforming the Future of Software Delivery. And it felt right.

“We understood what transformation meant to us at the time, but we had no clue how transformative this world would truly get.”

T-Mobile launches new small business plans with Microsoft 365


Daniel Todd

22 Sep, 2020

T-Mobile has unveiled new rate plans for small business with Microsoft 365 included, which have been designed to give customers access to Office apps, cloud services, device management and advanced security

Access to Microsoft 365 Business Basic on T-Mobile’s Magenta for Business Plans now comes at no extra charge on up to two lines per account, while the service provider has also upgraded its 7,000-plus retail stores, as well as more than doubled its team of specially-trained experts to help better support SMBs.

Announcing the new plans, T-Mobile said it has reimagined its offerings to help small businesses save time and money, boost productivity, as well as suitably equip them to “navigate new realities”. 

“We celebrate small businesses every day at T-Mobile – they are the backbone of our communities. Today, we’re going even bigger for small businesses with Microsoft 365 on Us, providing critical Microsoft tools to help them survive and thrive in the face of new realities,” commented Mike Katz, EVP of T-Mobile for Business.

“Additionally, small business owners now have a new experience when they step into retail stores with highly trained mobile experts ready to serve them and other small businesses in the area. These businesses have endured such great challenges in 2020, and we want them to know – we’re with you.”

The new Magenta for Business and Magenta for Business Plus include Microsoft’s 365 productivity suite of tools for no extra charge and, for a limited time, T-Mobile is offering switchers up to 90 days of free wireless service. 

On top of the freshly-redesigned small-business plans, T-Mobile said it is doubling down on its support for SMBs, with the service provider more than doubling its number of dedicated staff and increasing business space in-store by 500%.

“T-Mobile and Microsoft have a shared commitment to helping small businesses save time and money by providing the tools and technology they need to succeed both now and into the future,” said Mark Kroese, General Manager at Microsoft 365 for SMB. 

“With the new offering, T-Mobile is making Microsoft 365 tools available to T-Mobile for Business customers, and in the process helping small business owners stay connected and productive in a new world of remote work.”

Unilever adopts Google Cloud’s complex data processing for deforestation drive


Keumars Afifi-Sabet

22 Sep, 2020

Unilever has partnered with Google Cloud to harness its cloud computing and big data processing technologies to gain an overview of ecosystems the business influences, and make supply chain interventions to better conserve the environment.

The multinational consumer goods firm will collaborate with Google Cloud to build platforms that can pave the way for sustainable commodity sourcing by both Unilever and companies in its supply chain. 

As part of the implementation, cloud computing will be combined with satellite imaging and AI in order to build a more holistic view of forests, water cycles and biodiversity that intersect Unilever’s supply chain.

By working with Google Cloud’s global geo-spatial platform, which includes the Google Earth Engine, Google Cloud Storage and BigQuery, Unilver can utilise accurate satellite imagery with the ability to store and process large amounts of complex data.

Uniler will use the platform to obtain insights into the impact on its sourcing processes on the environment and local communities and will allow the company and its suppliers to make interventions when they’re required.  

The project will demand that complex datasets are simplified and analysed in order to increase transparency within supply chains and allowing collaboration across public sector and private partners. The Google Earth Engine is currently used by academic and public institutions, as well as civil society groups, and this represents the first commercial venture by the project.

“At Google, we strive to build sustainability into everything that we do. Unilever has been an industry leader in environmental sustainability for many years, and we’re excited to be on this journey with them,” said Google Cloud president Rob Enslin. 

“Together, we’re demonstrating how technology can be a powerful tool in aiding businesses who strive to protect the Earth’s resources. It will require collective action to drive meaningful change, and we are committed to doing our part.” 

Owning more than 400 brands, and with its products used by 2.5 billion people every day, Unilever bears such a massive footprint on the global environment. The Google Cloud implementation, which contributes to the company’s aim to eradicate deforestation from its supply chain by 2023, will first focus on palm oil use, and then extend to other commodities.

The two companies will work with a number of tech partners to build a centralised command centre that will provide a more complete picture of ecosystems connected to Unilever’s supply chain and create a stronger mechanism for detecting deforestation. This would lead to greater accountability while also prioritising critical ares of forests and habitats that might need special protection.

“This collaboration with Google Cloud will take us to the next level in sustainable sourcing,” said Unilever’s chief procurement officer, Dave Ingram. “We will now be able to process and combine complex sets of data like never before. 

“The combination of these sustainability insights with our commercial sourcing information is a significant step-change in transparency, which is crucial to better protect and regenerate nature.”

Salesforce to create new 16,000 jobs over the next year


Bobby Hellard

21 Sep, 2020

Salesforce is adding 4,000 jobs over the next six months and 12,000 over the next year, the company’s CEO said over the weekend. 

Marc Benioff made the announcement over Twitter and called for potential candidates to send their resumes to Salesforce. 

The announcement could come as a big relief to some 1,000 employees who were told their jobs were being axed in August. Those affected were given 60 days to find a new role within the business, despite Salesforce recording revenue gains following a better than expected second quarter

At the time, Salesforce said it was “reallocating resources” to keep the company growing, suggesting that the actual number of employees leaving the firm would be a lot less as they move to other positions. 

The firm currently employs almost 54,000 workers around the world and has adopted a largely flexible strategy since the outbreak of COVID-19. In March, Benioff pledged not to lay off any staff off for 90 days and urged other CEOs to do the same.

The 1,000 job cuts came as soon as that period ended, but there is now a possibility that very few of the 1,000 will actually be made redundant. 

“Salesforce will add 4,000 jobs over the next 6 months & 12,000 over the next year,” Benioff wrote on Twitter. “Join our 54,000 employee strong Ohana defining the future of software. Salesforce is the world’s fastest-growing Top 5 enterprise software company. Send your resume to jobs@salesforce.com.”

The cloud giant declined to provide any more details about the hiring spree – specifically where and what these jobs will be – though it did suggest further details will be released soon. Whatever form they take, the 16,000 newly created jobs will be a huge relief to many during what is a particularly tough time. The impact of the coronavirus has had a rapid impact on the global job market, cutting many traditional and on-site roles.    

In August, Salesforce’s financial officer Mark Hawkins said the company was making “strategic shifts” that reflected how and where people now work as a result of the pandemic. 

“This means we’ll be redirecting some of our resources to fuel growth and areas that are no longer as aligned with the business priority will be de-emphasised,” he said.

Mozilla finally shuts down Firefox Send


Keumars Afifi-Sabet

18 Sep, 2020

Mozilla has discontinued its encrypted file-sharing service Firefox Send a couple of months after suspending the service after reports it was being abused to distribute malware and conduct spear-phishing attacks.

Send was initially rolled out in March 2019 as a free encrypted file-sharing platform that allowed individuals to share files from any browser without having to install third-party software and without fear of the files being intercepted.

However, developers were made aware in July of reports that Firefox Send was being used in a number of malware operations, prompting the company to suspended the service a little more than a year after it was first launched.

In practice, when somebody received a link to a file, they would simply need to click on it to start the download, without having to sign up to an account. They were also able to send supported files of up to 1GB without needing to sign up, or 2.5GB for those who had a Firefox account.

Originally, Mozilla said it would take Firefox Send offline on a temporary basis while improvements were made, although it now appears that effort was unsuccessful.

“Unfortunately, some abusive users were beginning to use Send to ship malware and conduct spear-phishing attacks,” Mozilla said in an update. “This summer we took Firefox Send offline to address this challenge.

Mozilla has also decommissioned its Firefox Notes service, which the organisation claims allowed it to experiment with new methods of encrypted data syncing. The Firefox Notes desktop browser will continue to be functional for all existing installs, although this will no longer be maintained from early November – when the service will be decommissioned.

Box updates bring collaboration and security improvements for remote workers


Bobby Hellard

18 Sep, 2020

Box has revealed a slew of integrations and updates designed to help users manage and secure their workflows from anywhere.

The new features include integrations with Apple and Microsoft Teams, collaboration updates, and some new security and compliance settings within Box Shield.

Revealing the updates at the company’s BoxWorks conference, CEO Aaron Levie said that it has never been more challenging for enterprises to both secure their data and keep up with the pace of business.

“Our vision has always been to provide a central source of truth for your content in the cloud,” sai Levie. “At BoxWorks Digital, we’re enhancing that vision with innovation that will make it incredibly easy to collaborate on a single platform that’s secure, simple to use, easy to manage, and that extends to all the apps your teams use every day.”

Earlier in the year, Box introduced a feature that allowed users to create annotations in the Box web app. As of Thursday, this feature is now also available on iOS and fully supports the Apple Pencil. With it, users can highlight text and images, or leave a comment on the preview of a document.

Box has also expanded its integration with Microsoft Teams with users able to choose a Box folder to be synced automatically with a Microsoft Teams chat group. Users can also instantly grant access to Box files from within Teams and receive Box notifications related to content activity.

With more emphasis on remote working, Box has also updated some security and compliance protocols within its automated security hub, Box Shield. It starts with a new policy exception feature, which must be opted-into at corporate level. It allows employees to suggest policy exceptions by providing a business justification, which is then recorded for auditing purposes. This is expected to be made available to Box Shield customers sometime next year.

The company is also adding event-based retention to its content lifecycle management toolset. With this, users will be able to retain and migrate files for a configurable amount of time depending on their business needs. This includes changing schedules for the migration of files after a client account is closed, a contract expires, or an employee leaves the company.

Accenture ploughs $3 billion into cloud migration support group


Sabina Weston

17 Sep, 2020

Accenture has announced the launch of Accenture Cloud First, a $3 billion (£2.3bn) investment which will aim to help clients accelerate their digital transformation projects and become “cloud-first” businesses.

The new multi-service group will comprise 70,000 cloud professionals, combining Accenture’s cloud expertise and industry insights with its data and Applied Intelligence capabilities.

The goal is to provide its customers with cloud-focused upskilling over the next three years, the company said on Thursday.

The venture will be led by Karthik Narain, who is set to join Accenture’s Global Management Committee on 1 October. Narain previously led Technology services for the company’s Communications, Media, and High Tech industry segments. He joined Accenture in 2015 after a decade as VP at HCL Technologies.

The launch follows a steady rise in demand for cloud-based services during the pandemic and a steep decline in the use of physical offices and customer-facing stores.

“COVID-19 has created a new inflection point that requires every company to dramatically accelerate the move to the cloud as a foundation for digital transformation to build the resilience, new experiences and products, trust, speed and structural cost reduction that the ongoing health, economic and societal crisis demands — and that a better future for all requires,” said Accenture CEO Julie Sweet.

“Accenture Cloud First and our substantial investment demonstrate our commitment to delivering greater value to our clients when they need it most. Digital transformation requires cloud at scale, and post-COVID leadership requires that every business become a ‘cloud-first’ business,” she added.

The company said that the $3 billion investment will be used to create industry roadmaps and data models, and build AI-based architectures that customers can build on.

The hope is that, by 2023, the project will be providing customers with cloud tools, assets, and automation software to help drive innovation, as well as cutting-edge research into the latest cloud technologies, such as edge computing.

Paul Daugherty, Accenture Technology group chief executive, described the cloud as “the most disruptive and value-creating technology of our time” and a “foundation for the digital transformation”.

“With most businesses currently at only about 20% in the cloud, moving to 80% or more rapidly and cost effectively is a massive change that requires a bold new model,” said Daugherty. “Accenture Cloud First, along with our $3 billion investment and our market-leading Software as a Service capabilities in Intelligent Platform Services, ensures that we provide our clients with value, speed and innovation in every part of their cloud journey.”

The announcement comes just days after Accenture launched the latest version of its myWizard Intelligent Automation Platform, which allows organisations to create, implement and measure enterprise-wide automation strategies and reimagine their information technology systems for efficiency and performance.

UK’s WANdisco partners with AWS to drive cloud migration projects


Bobby Hellard

17 Sep, 2020

Cloud specialist WANdisco has partnered with Amazon Web Services (AWS) to launch a rapid self-service data migration tool, in a deal that’s seen as a major win for the UK cloud industry.

The ‘LiveData Migrator’ lets companies move any size of on-premises data to AWS within minutes and without the need of engineers or specialists.

WANdisco, a publicly listed company with dual headquarters in Sheffield and California that specialises in distributed computing, is already an ‘Advanced Technology Partner’ in the AWS network and its LiveData Migrator services has also achieved AWS Migration Competency status – which requires a proven level of technical proficiency and customer success.

It is one of four AWS partners to collaborate on migration requirements for use cases including Hadoop, storage and database data migration, and mainframe data integration.

One of the first to use the LiveData Migrator is website hosting platform GoDaddy, which shifted 500 terabytes of Hadoop Distributed File System (HDFS) data to Amazon S3.

“We found that WANdisco’s LiveData Migrator delivered the best time to value solution in the use case of a Hadoop to Amazon S3 data migration and replication,” said GoDaddy chief data and analytics officer Wayne Peacock.

“Rather than running an internal time-consuming and costly manual migration project, using LiveData Migrator has helped us avoid disruption to our production processes and made 70 TB of data immediately available for Amazon S3 testing.”

Migrating large data volumes with traditional approaches requires disrupting the operation of on-premises applications, but the LiveData Migrator works without any production system downtime or business disruption, according to WANdisco.

“Enterprises that want to move their data to the cloud but are concerned about the risks of doing so now have a powerful solution that’s self-service and extremely easy to use,” said WANdicso CEO David Richards.

“Regardless of company size or technical expertise, LiveData Migrator enables businesses to migrate their data risk-free to the cloud on a massive scale without any disruption to business operations. Data can be accommodated without any risk of data loss while modernising data and applications to stay competitive.”

Google bans ‘stalkerware’ from Play store


Sabina Weston

17 Sep, 2020

Google has issued a ban on any software that allows an individual to track the whereabouts of other users without their consent, apps often referred to as ‘stalkerware‘.

As a part of new changes to its Developer Program Policy, Google said that Android apps intending to monitor other users’ behaviour will be obliged to present the tracked user with a persistent notification and unique icon that clearly identifies the app.

They will also be banned from advertising themselves as a “spying or secret surveillance solution” and will be unable to “hide or cloak tracking behaviour or attempt to mislead users about such functionality”.

However, the ban, which comes into effect on 1 October, does not apply to apps used by parents to track the whereabouts of their children. Any software that allows companies to track employee devices, such as enterprise management apps, will also be excluded from the ban.

According to David Emms, principal security researcher at Kaspersky, apps which help monitor adults without their permission or knowledge “masquerade as parental control software and call themselves legal that way”.

“The whole category is tricky because we can’t label it as malware and report it as we would a backdoor trojan or similar, because in some jurisdictions it’s legal so it straddles a grey area,” Emms told IT Pro last month.

According to Kaspersky research, the period between January and August 2019 saw over 518,223 cases globally where the company’s protection technologies either registered the presence of stalkerware on user devices or detected an attempt to install it – a 373% increase in the same period in 2018.

Apart from the formal ban of stalkerware apps, Google also announced that it would be making changes to its policy in order to tackle the issues of misrepresentation and gambling.

Effective from 21 October, developer accounts will not be allowed to mislead users by impersonating any person or organisation, as well as misrepresenting or concealing their ownership or primary purpose of the app.

Google will also restrict online gambling to the UK, Ireland, France, and Brazil.

For confidential advice, call the National Abuse Helpline on 0808 200 0247 or visit nationaldahelpline.org.uk