Analysts: Salesforce could use Slack Connect to expand networking ambition

Bobby Hellard

26 Nov, 2020

Salesforce‘s interest in acquiring Slack could be the answer to its long search for a customer collaboration service.

The deal, which is reportedly being discussed by the two companies, could potentially see a B2B collaboration network built within Slack Connect, according to analysts.

Salesforce has added a variety of companies to its portfolio in recent years, using its expanding market cap to branch out into new sectors. MuleSoft was acquired in 2018 for $6.5 billion, and a further $15.3 billion was spent on data visualisation company Tableau in 2019.

However, a deal to acquire Slack would represent one of the biggest ever acquisitions in tech. The comms platform is currently valued at around $20bn, but it’s thought that the full cost of the acquisition could be on par with Microsoft’s $27 billion purchase of LinkedIn in 2016, or even IBM’s $34 billion deal to take over Red Hat in 2019.

A deal for the comms platform would play well with Salesforce’s strategy, according to CCS Insight principal analyst Angela Ashenden, particularly with the potential of a B2B collaboration network based on Slack Connect – the company’s fledgeling external messaging service.

Salesforce has been in the market for an employee collaboration opportunity for some time, according to Ashden. In 2010, the cloud giant tried to launch its own service, ‘Chatter’, and later ‘Community Cloud’, but neither provided an extended reach outside of sales.

“In order to maintain the high rate of growth that it has achieved for the last few years, Salesforce has been investing in initiatives that will enable it to expand its footprint in customer organisations,” Ashenden told us. “However, the majority of its current applications portfolio doesn’t allow it significant reach beyond the sales and marketing organisation.”

Sophos warns customers of potential data leak

Bobby Hellard

26 Nov, 2020

UK cyber security firm Sophos has notified customers that data has potentially been leaked online due to a misconfigured database.

The company said it was alerted to the misconfiguration by a security researcher, and that it fixed the issue immediately.

However, a “small subset” of the company’s customers were affected, with first and last names, email addresses and phone numbers thought to have been accessed. Earlier this week Sophos began emailing those customers thought to have been affected.

“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” an email to customers read, as seen by ZDNet.

It added that additional safeguards had now been implemented to ensure access permission settings can’t be exploited in the future.

This is the second major security incident in 2020 for Sophos after cyber criminals exploited a zero-day vulnerability in the firms XG firewall in April. Attackers used this to deploy ransomware but were eventually foiled by the security firm.

“At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.”

While the breach may cause some embarrassment for Sophos, the incident will unlikely lead to any major consequences for its customers or regulatory action for the company itself, according to Ilia Kolochenko, founder & CEO of web security company ImmuniWeb.

“No highly sensitive information, such as banking, health or credit card data, was reportedly exposed,” Kolochenko told IT Pro. “Moreover, many users that approach support, commonly use central phone numbers or even fake emails that are of not much value to hackers. Sophos’s open reaction to the incident seems to be swift and professional, taking accountability for the incident with adequate mitigation.

“Compared to the countless data breaches with disastrous consequences in 2020, this minor incident will unlikely to attract the attention of law enforcement agencies or regulatory authorities.”

IBM to axe 10,000 staff in Europe ahead of legacy IT spin off

Carly Page

25 Nov, 2020

IBM is planning to cut around 10,000 jobs in Europe as it prepares to spin off its legacy IT unit. 

Bloomberg reports that the losses will affect about 20% of IBM staff in the region. The majority of the cuts will be made in the UK and Germany, people familiar with the matter told the publication, with IBM also planning cuts in Poland, Slovakia, Italy and Belgium.

IBM’s legacy IT services business, which handles infrastructure operations such as managing client data centres and operating equipment, will be the hardest hit, according to the report.

The company announced in October that it planned to spin off this business into a separate public company in order to focus on AI capabilities and hybrid cloud, which IBM CEO Arvind Krishna described as a $1 trillion opportunity. The company hopes that separating its two businesses will help return it to revenue growth. 

This latest round of job cuts, which comes after IBM in May announced plans to reduce its headcount, was reportedly announced earlier this month during a meeting with European labour representatives, according to a union officer briefed on proceedings.

The jobs cuts are expected to be completed by the first half of 2021, while the tax-free spin-off of its legacy IT unit will be completed by the end of next year.

Two thirds of UK organisations facing digital skills gap

Sabina Weston

24 Nov, 2020

Over two thirds (69%) of surveyed UK leaders believe that their organisation is currently facing a digital skills gap, according to a new report conducted by Microsoft and Goldsmiths, University of London.

Additionally, 44% of the 600 leaders surveyed indicated that they fear the current lack of digital skills in their organisation will have a negative impact on their organisation’s success.

This feeling is shared across other tiers of the organisation, with 63% out of the 2,000 surveyed employees saying that they believe they do not have the appropriate digital skills to fulfil new and emerging roles in their industry.

The report found that the most significant barriers faced by organisations when addressing the skills gap were cost (37%), a lack of skills investment strategy (28%), and a lack of knowledge on which skills initiatives to focus on (23%).

Microsoft’s chief learning officer Simon Lambert described digital skills as “the currency of digital transformation”.

“For individuals, organisations and the UK as a whole, they will play a vital role in unlocking the way forward,” he added.

“At a time when digital innovation is accelerating, we see it as our responsibility to help people acquire the right skills to succeed – be that for their own benefit, to boost the performance for the organisations they work for or to future-proof the UK’s competitiveness on the global stage,” said Lambert.

Investment in digital skills will be important to the country’s economic recovery following COVID-19, according to 80% of UK leaders, while 78% said that a large pool of digital talent will be essential to driving UK competitiveness.

The findings, which were revealed during Microsoft’s Digital Skills Week, come weeks after the tech giant launched a new campaign that aims to help 1.5 million UK citizens build careers in technology over the next five years.

Get On 2021, which is supported by KPMG, Unilever, and the Department of Work and Pensions (DWP), aims to address the widening digital skills gap in the UK tech sector as well as accelerate technology adoption, drive productivity, and enhance competitiveness.

VMware sounds alarm over zero-day flaws in multiple products

Keumars Afifi-Sabet

24 Nov, 2020

VMware has warned its customers about a critical vulnerability present across several of its products, including Workspace One Access and Identity Manager, that could allow cyber criminals to take control of vulnerable machines.

The command injection flaw, tracked as CVE-2020-4006 and rated 9.1 on the CVSS threat severity scale, can be exploited in a host of VMware products, the company has warned. There’s currently no patch available, although the firm has issued a workaround that can be applied in some instances. There’s also no mention as to whether the flaw is being actively exploited in the wild or not.

Hackers armed with network access to the administrative configurator on port 8443 and a valid password to the admin account can exploit the flaw to execute commands with unrestricted privileges on the underlying operating system (OS)

The affected services include VMware Workspace One Access, Workspace One Access Connector, Identity Manager, Identity Manager Connector, Cloud Foundation and vRealize Suite Lifecycle Manager. 

The vulnerability can be exploited in some products hosted on Linux but not on Windows, and either operating system for other products. The full details on which software and OS configurations are affected are outlined on VMware’s security advisory.

Until a patch is released, VMware has outlined a workaround that can be applied to some product lines but not all. Customers using Workspace One Access, VMware Identity Manager, and VMware Identity Manager Connector can follow the detailed steps outlined here, relevant to the configurator hosted on port 8443. This involves running a set of commands for all affected products.  

The workaround isn’t compatible with other products beyond those three that may be affected, and customers will have to keep their eyes peeled for any news of a patch as and when one is released. 

News of this command injection vulnerability has arrived only days after VMware confirmed two critical flaws in its ESXi, Workstation, Fusion and Cloud Foundation products.

Google extends Chrome support for Windows 7 until 2022

Carly Page

23 Nov, 2020

Google has announced that its extending Chrome support for enterprises using Windows 7 until at least 15 January 2020. 

Back in January, Google announced that it would stop supporting the browser on Windows 7 from 15 July 2021. However, in a post on the Google Cloud blog, the company has revealed that its extending support for an additional six months, with support now set to end in January 2022. 

The company said it’s decided to extend support due to the difficulties businesses have faced due to the remote working arrangements necessitated by the COVID-19 pandemic. 

“This year has presented a lot of challenges for organisations of all sizes,” said Max Christoff, engineering director of Google Chrome. “Facing difficult business and technology decisions, supporting a changing work environment, and navigating uncertainty are among just a few of the issues IT leaders have faced over the course of 2020.”

The decision has also been spurred by the fact that a significant proportion of businesses are still using the decade-old operating system. Although Microsoft stopped providing security updates for Windows 7 in January this year, Google’s figures show that 21% of organisations using Chrome on Windows 7 are still working to migrate over to Windows 10

“While the past few months served as a catalyst for technology investments and digital transformation initiatives for many organizations, for others, some planned IT projects may have had to take a back seat.

“Our hope is that this extension gives our enterprise customers the flexibility they need to continue supporting their workforce, while moving off of Windows 7 as their situation allows.”

News of this six-month extension comes just days after Google debuted Chrome 87, which it claims “represents the largest gain in Chrome performance in years”. The company claims the update has the potential to reduce CPU usage by up to five times and to extend battery life by up to 1.25 hours. 

Google to test end-to-end encryption following global RCS rollout

Sabina Weston

20 Nov, 2020

Google has announced the completion of the global rollout of its Rich Communication Services (RCS) for Android phones, which will now be followed by the testing of end to end encryption (E2EE) on some messages.

The RCS feature allows users to share high-resolution photos and larger files, make video calls, chat within groups, as well as find out when messages are read.

The announcement of the successful global RCS rollout comes days after a leaked document suggested that the European Union inches closer to banning E2EE.

The leaked memo, addressed to the representatives forming the Council for European Union, makes it clear that policymakers stand firmly behind the notion of ‘strong encryption’ as a means of protecting the data and rights of individuals, but that E2EE makes it too easy for criminals to evade justice.

This could directly impact Google as the tech giant is expected to begin testing E2EE in one-to-one conversations on Google Messages. This means that the contents of a message between two users will not be able to be read by Google or other third-parties while it is transmitted between the sender and receiver.

The new feature is now available to anyone who has the latest beta version of Messages and has the enabled Chat features over data or Wi-Fi. When two users meet these requirements, their direct messages will be automatically encrypted with E2EE by default. Users will be able to see if their messages are encrypted by checking for a lock symbol next to the timestamp of the conversation’s latest message, or on the send button.

In a statement announcing the more general RCS rollout, Google stated that E2EE will not be available for SMS/MMS nor group messages, but it is not certain whether this will be enough to evade any future EU ban on encrypted messaging.

Earlier this month, digital privacy expert at ProPrivacy, Ray Walsh, warned that the EU’s “move to ban encryption from messaging platforms like WhatsApp and Signal would be a massive threat to data privacy as we know it”.

“It is a disappointing change in approach from the EU which has previously been pro-privacy for European citizens,” he told IT Pro before adding that “not only is breaking encryption a threat to national security, but the ability to communicate privately is a vital part of any free society”.

IBM acquires cloud app monitoring service Instana

Bobby Hellard

19 Nov, 2020

IBM has said it has reached an agreement to acquire cloud application management startup Instana for an undisclosed sum.

The Chicago-based company’s main product is a service that can monitor the performance of complex cloud applications over both public and private environments, on-premise and mobile devices. It has an ‘observability platform’ that can analyse cloud applications to both prevent and fix IT issues, such as slow response times or even services that are fully down.

IBM says it plans to integrate Instana’s system into services such as Watson AIOps, where AI would be used to trigger alerts and speed up IT remedies. Such a service would eliminate the need for employees to manually monitor and manage the applications, freeing them up to focus on more innovative or “higher-value” work, according to IBM.

The deal represents IBM’s first major cloud move since its decision to fully separate its cloud and infrastructure units by the end of 2021, spinning the latter off as a public company. It’s thought that the acquisition of Instana will be used to offer customers new ways to manage complex hybrid and multi-cloud environments, particularly as the service can be used for monitoring containerised environments running Kubernetes.

“Our clients today are faced with managing a complex technology landscape filled with mission-critical applications and data that are running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises,” said Rob Thomas, senior vice president, cloud and data platform at IBM.

“IBM’s acquisition of Instana is yet another important step that we are taking to provide companies with the most complete portfolio of AI-automated solutions to tackle this enormous challenge and help prevent unforeseen IT incidents that can cost a business in lost revenue and reputation.”

Microsoft expands Defender capabilities for Linux systems

Keumars Afifi-Sabet

18 Nov, 2020

Microsoft has rolled out the public preview for is Defender for Endpoint software on Linux systems, giving IT administrators outside of the Windows 10 ecosystem a comparable level of protection.

Defender for Endpoint customers can take advantage of endpoint detection and response (EDR) capabilities to detect advanced threats involving Linux servers, use data from endpoints to gain insights, and remediate attacks.

The software supports recent versions of the six most common Linux distributions, including RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+ and Oracle Linux 7.2. 

This expansion builds on the company’s general release of Microsoft Defender Advanced Threat Protection (ATP) for Linux earlier this year. This is in addition to Microsoft bolstering security for Android and iOS platforms.

With the Defender ATP for Linux, which was made generally available from June 2020, enterprise customers were able to install a similar level of protection on their Linux systems as they could on Microsoft systems within their infrastructures.

Using Defender for Endpoint EDR, users can immediately begin benefiting from three new feature areas including a rich investigative experience, optimised performance, and in-context threat detection. 

Features for the first category comprise a machine timeline, process creation, file creation, network connections, login events and advanced hunting. Optimised performance entails enhancing CPU utilisation in compilation procedures as well as large software deployments. In-context antivirus detections, meanwhile, gives users insight as to where a threat came from and how the malicious process or activity was created.

Users can engage in the public preview by configuring some of their Linux servers to Preview mode if they’re already running Microsoft Defender for Endpoint on Linux. Customers are also being encouraged to test out a simulated attack tool, in which Linux EDR can simulate a detection on a server, and trigger an investigation of the case. 

Cloud Foundry looks to embrace Kubernetes

Maxwell Cooter

19 Nov, 2020

We’re now getting used to the idea of virtual conferences, but while they work very well at getting the information across, what’s often lacking is the shock when any organisation or vendor establishes a new path or announces a new direction.

The recent Cloud Foundry Summit is a case in point.  The open source software organisation has coalesced its offerings around Kubernetes and announced several new projects to support the container technology, but according to Cloud Foundry Foundation executive director Chip Childers, this decision wasn’t straight forward.

“There was a split opinion around the community,” Childers told attendees, “just how much should we accept and embrace Kubernetes.” It was a difficult decision, as Kubernetes was emerging as a de facto standard for containerisation but, on the other hand, there was a definite feeling that it was not really a part of the Cloud Foundry ecosystem.  

That’s all now changed. The organisation has thoroughly embraced the technology. “Kubernetes is the new infrastructure, it’s going to be ubiquitous,” he said.

It’s a view that’s been whole-heartedly supported by the vendors in the Cloud Foundry ecosystem. Ian Andrews, VP of marketing for VMware Tanzu says that “the concentration on Kubernetes was a view very much shared by the team at VMware”.

What helped the decision making process is a number of mergers and acquisitions in the ecosystem – notably VMware’s purchase of Pivotal – and that set the path for a new direction.

Mainstream clout

Andrews says the deal combined the best of both worlds; Pivotal had created a name for itself in the Cloud Foundry community, “but had a relatively small number of users. VMware with its user base in the tens of thousands added that Cloud Foundry expertise to its range of products.” This integration has seen the emergence of the Tanzu brand, a means of adding Kubernetes to the VMware portfolio.

The concentration on Kubernetes and the enhanced participation of VMware has definitely provided a boost to Cloud Foundry, which perhaps has never quite had the clout it should, even though it’s a well-established platform and, most importantly of all, has a thriving, almost fanatically devoted user base. 

This has meant that it could never be ignored but, at the same time, it’s never permeated public consciousness. “Cloud Foundry has one major problem,” says Bryan Betts, principal analyst for Freeform Dynamics, “within the open source community it’s seen as rather like your dad’s open source: It’s been around for some time and it’s seen as rather dull.”

In most areas of IT, longevity would be seen as a bit of an asset. There are too many flavours of the month that attract a heap of interest, generate plenty of hype and vanish as quickly as they appear. In such a world, Cloud Foundry’s robustness and stability should be cherished but, as Betts points out, that’s not always been a positive sign within the open source world.  

“What Cloud Foundry has been doing has been very exciting. Some of the things that they were doing two or three years ago were ahead of their time and were precursors of the whole microservices movement – that’s now been forgotten. Cloud Foundry is finding that perception is all – and this is an industry built on perception.”

It’s something that the Foundation dearly wants to change. It hopes that its new found wholesale adoption of Kubernetes will provide Cloud Foundry with the kick-start it needs.

Applying a devops model

The first of the projects revealed to the wider world at the summit is CFfor-K8s, software aimed at making the transition to Cloud Foundry easier. CF-for-K8s enables users to run Cloud Foundry instances on top of a Kubernetes platform – offering what the Foundation claims is an easy integration between the two technologies. Childers claims that the new project would enable users to spin up Cloud Foundry within just ten minutes – a big claim, considering that Cloud Foundry hasn’t always been the most intuitive pieces of software.

The flipside of CF-for-K8s is KubeCF, which offers a way for Cloud Foundry users to run Kubernetes. This is more established software, however, and it was version 4.5 that was released at Cloud Foundry Summit.

Freeform Dynamics’ Betts says that one way of thinking about the relationship between CF-for-K8s and KubeCF would be to consider the devops model. “Think of CF-for-K8s as being the dev side will KubeCF is the ops part – and that part is just as important,” he says.

The third new release is a new version of Stratos, the management console for Cloud Foundry clusters. The new version, 4.2, adds support for native Kubernetes clusters and Helm chart repositories. 

All of these show how Kubernetes is beginning to be more integrated into the ecosystem and there’s a hope in the Foundation that this will herald a new boost to adoption. Childers sees plenty of opportunity for growth. “There’s a perception that Cloud Foundry is only for large corporations; if that were true, it’s because that’s where the skillset was,” he said. 

He sees plenty of opportunity for small companies to use Cloud Foundry – the closer integration with Kubernetes will provide a pathway for these users.

This is still a growing area for a lot of smaller organisations and there’s plenty of new opportunity now for growth. The Cloud Foundry project may have been slow to recognise the significance of Kubernetes but it’s catching up now and is using it as a springboard for new areas.  Current systems are immensely complicated, says Andrews, but this is changing, the embrace of Kubernetes will help. “We’re getting to that moment of peak complexity, we’ve climbed the mountain and on the downwards slope,” he adds.

Betts sees the potential for Cloud Foundry if they can crack this perception issue. “There are people who have started new projects and found it’s something that Cloud Foundry already does.” He says that the Foundation has all the right elements in place but users have to be informed. “They have to know it’s there and have to know what to do with it,” he says. It seems that the Foundation is on the right path to do that.