IBM acquires hybrid data firm Bluetab Solutions


Bobby Hellard

15 Jul, 2021

IBM has announced it will be acquiring Spanish hybrid cloud consultancy firm Bluetab Solutions as it continues to flesh out its new hybrid cloud and AI strategy.

The financial details of the deal have not been revealed, but it’s expected to be completed by Q4 of 2021.

Bluetab will become a key part of IBM’s hybrid cloud and AI strategy as a data services consulting practice. The firm, which is based in Madrid, was founded in 2005 and has brand partnerships in banking, telecommunications, and energy and utilities industries across Spain, Mexico, Peru, and Colombia.

It works with enterprises by migrating their on-premise systems to hybrid multi-cloud data platforms using a combination of public cloud providers and technologies, such as Red Hat OpenShift.

“The outside-in digital transformation of the past is giving way to the inside-out potential of using company-owned data with AI and automation to generate business value and create intelligent workflows,” said Mark Foster, senior vice president of IBM’s Services and Global Business Services.

“Our acquisition of Bluetab will fuel migration to the cloud and help our clients to realise even more value from their mission-critical data.”

Bluetab’s expertise in data and cloud migration services includes specialised data strategy, data fabric, and advanced analytics, according to IBM.

The firm’s data experts will also be joining IBM’s Global Business Services to capitalise on opportunities in the rapidly growing market for data services, which is estimated to reach $232 billion by 2024, according to Gartner. That’s double the $123 billion it reached in 2020.

“The key to solving data challenges for our clients has been the exceptionally talented and experienced team we have been able to build as well as the value-added accelerators we have developed,” said José Luis López, co-founder of Bluetab. “We could not be more excited by the opportunity that IBM offers us to continue to grow our team, to build on our accelerators and to help more clients achieve leadership positions by leveraging their data.”

Microsoft customers will be able to record, report, and reduce their emissions


Zach Cooper

14 Jul, 2021

Microsoft has announced Cloud for Sustainability, an initiative that aims to help the company and its customers meet their carbon reduction and sustainability goals by recording, reporting, and reducing emissions on their path to net zero.

The new cloud offering, which will be available later this year, will allow customers to invest in sustainable practices and partner with experts to accelerate progress around their carbon reduction and sustainable goals. 

“Microsoft Cloud for Sustainability is designed to help companies measure, understand, and take charge of their carbon emissions, set sustainability goals and take measurable action,” said Judson Althoff, executive vice president and chief commercial officer at the company.

The company said the new offering acknowledges carbon reduction as one of the most urgent crises facing the planet, and responds to demand from investors, customers, and legislators for more commitment, accountability, and measurement of carbon reduction efforts within organisations.

Microsoft Cloud for Sustainability is built on Azure, Microsoft Dataverse, Power Platform and Power BI. This new offering will employ the company’s ecosystem of partners for specialised industry third-party apps, data sources and emissions data connectors.

The platform includes SaaS offerings that can discover and connect to real-time data sources, accelerate data integration and reporting, provide accurate carbon accounting, measure performance against goals, and enable intelligent insights for organisations to take effective action.

For example, Microsoft said that CIOs will be able to easily report on IT carbon emissions from the cloud, devices, and applications as part of their department’s environmental footprint. From there, they will be able to connect their emissions data sources into one view for reporting.

Earlier this week, Google Cloud announced an update to its data centre region picker which allowed costumes to reduce their carbon footprint by selecting a region based on its CO2 output. Cloud Run and Datastream users can now find a region with the lowest carbon impact inside the Cloud Console location selectors. The tool is set to be rolled out to other Google Cloud offerings over time.

Microsoft unveils Windows 365 ‘Cloud PC’ service


Zach Cooper

14 Jul, 2021

Microsoft today unveiled Windows 365, a Windows 10 or Windows 11 as a cloud service that streams the “full Windows experience”, such as apps, data, and settings, to any device on the Microsoft Cloud.

The company declared that Windows 365, which will be generally available on 2 August to organisations of all sizes, has created “a new hybrid personal computing category” called the Cloud PC, which uses the cloud to provide a “personalised Windows experience”.

“The Windows experience is consistent, no matter the device. You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices,” said Wangui McKelvey, general manager of Microsoft 365.

Users will be able to turn on their device, launch a native app or modern web browser and log on to their Windows 365 account. 

“From there, their Cloud PC appears with their background, their apps, their settings and their content just as they left it when they last were last there [sic]–in the office, at home or a coffee shop,” she said.

McKelvey added that seasonal workers can ramp on and off according to the needs of the business, allowing organisations to scale for busy periods without the “complicated logistical and security challenges of issuing new hardware”.

Furthermore, she underlined that all data is stored in the cloud, so “you won’t have any issues around security because you’re not saving anything on your device”.

All managed disks running Cloud PCs are encrypted, all stored data is encrypted at rest, and all network traffic to and from Cloud PCs is also encrypted.

Users will be able to choose the size of the Cloud PC that best meets their needs, with per user, per month pricing. Users select Windows 10 or Windows 11 along with a configuration of processing power, storage, and memory. They can then access their Cloud PC on this new platform, as long as they have an internet connection. 

Organisations will also be able to choose between two edition options that include a cloud-based offering with multiple Cloud PC configurations based on performance needs: Windows 365 Business and Windows 365 Enterprise.

Moreover, enterprise IT can use Microsoft Endpoint Manager to procure, deploy, and manage Cloud PCs for their organisation. The tech giant said that small businesses can use a self-service model to procure Cloud PCs for their organisations without a need for IT experience.

“Windows 365 is really going to make a huge difference for organisations that wanted to try virtualisation for various reasons but could not – maybe it was too costly, too complex or they didn’t have the expertise in house to do it,” McKelvey added.

The new platform is built on the Azure Virtual Desktop but simplifies virtualisation, according to the tech giant. Organisations can scale processing power and monitor the performance of the Cloud PC to make sure users are getting the best experience.

Microsoft has also built-in analytics to analyse connection health across the network and, from the Endpoint Analytics dashboard, the company said it is easy to identify the Cloud PC environments that are not delivering the performance needs of a given user.

McKelvey also said that the ability to log into a Cloud PC from anywhere on any device is part of the tech giant’s larger strategy around tailoring products, like Teams and Microsoft 365, for the post-pandemic hybrid workforce of the future. 

“It enables employees accustomed to working from home to continue working from home; it enables companies to hire interns from halfway around the world; it allows startups to scale without requiring IT expertise,” she said.

Bank of England warns sector is too reliant “secretive” cloud providers


Bobby Hellard

14 Jul, 2021

The Bank of England (BoE) has warned about the financial sector’s increasing reliance on “secretive” cloud service providers that operate online servers. 

In its latest survey on the state of financial systems, the BoE expressed concerns that the UK’s banks are moving more and more of their administration and accounts online, warning that this “could pose a risk to financial stability”. 

The BoE has previously raised concerns that the market for cloud services is highly concentrated, with companies such as Microsoft and Amazon Web Services (AWS) heavily dominating. Ministers have also previously questioned the government’s own reliance on those two tech giants. 

However, the organisation’s concerns have been repeated due to the pandemic, which has seen financial institutions accelerate digital transformation plans and increase their reliance on cloud service providers (CSPs). 

In a news conference, BoE Governor Andrew Bailey expressed his concerns about the “secretive” nature of these CSPs, saying that while he “understood cloud providers’ desire not to reveal too much publicly about their operations in case it opened the door to cyber attacks, firms needed to give more information to regulators and customers.”

“That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service,” he said, according to Reuters

The Prudential Regulation Authority and Financial Conduct Authority have recently strengthened regulations regarding operational resilience and third-party risk management, according to the BoE, but the increasing reliance on a small number of CSPs could increase financial stability risks without greater direct regulatory oversight of the resilience of those provider’s services. 

“The Financial Policy Committee (FPC) is of the view that additional policy measures to mitigate financial stability risks in this area are needed, and welcomes the engagement between the Bank, FCA and HM Treasury on how to tackle these risks,” the Bank of England said in its report. 

“The FPC recognises that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively.” 

Google Cloud customers can now select regions based on CO2 output


Sabina Weston

14 Jul, 2021

Google Cloud has announced an update to its data centre region picker that allows customers to reduce their carbon footprint by choosing a region based on its CO2 output.

Starting today, Cloud Run and Datastream users will be able to find a region with the lowest carbon impact inside the Cloud Console location selectors, with the tool being rolled out to other Google Cloud offerings over time.

Regions will receive labels such as “Lowest CO2” or a leaf symbol, which means that the region has a carbon-free energy percentage of at least 75% or, in case this information is not available yet, a grid carbon intensity of no higher than 200 gCO2eq/kWh.

Grid carbon intensity is estimated based on average lifecycle gross emissions per unit of energy and is used to compare the regions in terms of carbon intensity. For instance, although Frankfurt and the Netherlands have similar CFE scores, the Netherlands has a higher emissions factor.

The update is part of Google’s company-wide sustainability initiative which aims to achieve carbon-free status by 2030. The tech giant has been carbon-neutral since 2007.

Besides the region picker’s Carbon footprint indicator, which was first previewed earlier this year and works by measuring the amount of carbon-free energy supply for each region, users can also filter regions based on cost as well as latency. The latter is estimated based on the physical distance between the customer’s headquarters and the city or country of the data storage region.

Commenting on the announcement, Carbon-free for Google Cloud Platform (GCP) product manager Steren Giannini said the tech giant wanted to empower its customers “to make more sustainable decisions and progress with us towards this 24/7 carbon-free future”. 

“Earlier this year, we published the carbon characteristics of our Google Cloud regions. Later, we introduced a simple tool to help you pick a Google Cloud region, taking variables like price, latency and sustainability into account. Our next question was: what’s the best way to surface that sustainability info when you’re actually picking a region for your cloud resources?” he added.

“By sharing and displaying carbon information of Google Cloud regions, together we’re making tangible progress towards our goal of a carbon-free future.”

Google replaces Backup and Sync with Drive for Desktop


Bobby Hellard

13 Jul, 2021

Google has announced plans to move users from its Backup and Sync file-syncing services to a new unified desktop app for Drive

Onboarding for the Drive for Desktop app will start on 19 July, with Google recommending users make the switch by the end of September before they’re locked out on 1 October.

The transition is just for Backup and Sync users, however, as business clients who are already using Drive File Stream – the enterprise name for Drive for Desktops – should already be set up. 

The aim of moving to a unified desktop app is to create “a powerful and unified sync client”, according to Google, with the best features from both consumer and enterprise services that should be more straightforward to use and easier for IT teams to manage.

In a blog post, Google suggests the new app will be pretty familiar to anyone who used its previous file-syncing services. Drive for Desktop will offer easy access to files and photos stored in the cloud, and will sync files in the background to keep them up to date.

Google also suggests the app can sync external storage devices like flash drives to Drive, mirror files between Drive and local files on a desktop computer, and let users choose whether they store individual photos and videos in Drive or Google Photos.

The launch of Drive for Desktop coincided with a few announcements from the tech giant, which included changes to services that helped many through the pandemic. In April 2020, for example, Google Meet was made available to all users with day-long group calls, but that has been switched to an hour as of 1 July. As such, free Gmail users will now have to make do with calls with three or more participants at a limit of 60 minutes.

Microsoft will reportedly acquire RiskIQ for $500 million


Keumars Afifi-Sabet

12 Jul, 2021

Microsoft is set to strike a deal to acquire security software firm RiskIQ as it seeks to bolster the security of its core products.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Microsoft is set to purchase the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers. 

This would play into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.  

IBM snaps up DevOps services specialist BoxBoat


Danny Bradbury

9 Jul, 2021

IBM is acquiring DevOps consulting company BoxBoat Technologies as part of an ongoing effort to bolster its cloud software capabilities.

BoxBoat was founded in 2016 to help create strategies for container-based software development. It advises companies on how to build software development pipelines for cloud-native applications and on how to convert existing applications for container-based environments, and offers a range of training services to support this.

This is the latest acquisition in IBM’s push to establish dominance in the cloud software development space, which has seen it invest heavily in Kubernetes-based container infrastructure, on which many modern cloud applications depend.

IBM has said it will fold BoxBoat into its Global Business Services unit to bolster its hybrid cloud portfolio, focusing on container strategy and services. The deal’s value has not been disclosed.

One of BoxBoat’s focal areas is increasing the security of DevOps processes and has spent time recently addressing software supply chain security following the SolarWinds attack. Security experts are increasingly worried about adversaries compromising software development processes and inserting malicious code into software before it is deployed.

BoxBoat has been working closely with the Cloud Native Computing Foundation (CNCF) on its Secure Production Identity Framework for Everyone (SPIFFE) project. This is an open-source initiative that assigns secure identity certificates to cloud workloads, making it easier for microservices to authenticate with each other securely in the cloud.

The company also works with another Linux Foundation initiative called in-toto, to help secure DevOps pipelines from intruders who might try to compromise software in development.

BoxBoat has parlayed some of this work on third-party software security into a contract with the US Department of Defense under its Small Business Innovation Research (SBIR) initiative to help secure software supply chains.

This is the latest acquisition in a series for IBM, which acquired Red Hat in 2019 for $34bn. More recently, it acquired cloud implementation services company Nordcloud in a December deal that closed in Q1 2021. It also bought cloud managed services provider Taos a month later.

New Zloader malware technique makes it harder to spot phishing emails


Keumars Afifi-Sabet

9 Jul, 2021

Hackers have been discovered using a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

The technique involves send a phishing email containing a seemingly innocuous Microsoft Word attachment, according to McAfee. Once opened, it triggers a chain of events that eventually downloads the payload for the infamous banking and data exfiltration malware, known as Zloader.

The fact that the document isn’t embedded with any malicious code will make it easier for phishing emails to bypass initial checks and malware scanners.

Researchers have noted that users are only susceptible to infection if macros are enabled, which the phishing attack will use to trigger a series of commands once the Word document is opened.

Macros are disabled by default in Microsoft Office, so the Word document itself contains a lure designed to trick users into enabling macros, claiming that if they don’t, the file won’t load correctly.

When the Word document opens, and macros are enabled, the document downloads and opens another password-protected Microsoft Excel file from a remote server.

The Word document contains combo box components that store the content required to connect to the remote Excel document, including the Excel object, URL, and password required to open the file. The URL is stored in the combo box in the form of broken strings, which are combined later to form a complete string.

The code then attempts to download and open the Excel file stored in the malicious domain. After extracting the contents from the Excel cells, the Word file creates a Visual Basic for Applications (VBA) module in the downloaded Excel file by writing the retrieved contents. It, essentially, retrieves the cell contents and writes them to XLS macros.

Once the macro is formed and ready, it modifies a RegKey to disable trust access for VBA on the victim’s device in order to execute the malicious function without any Microsoft Office warnings. After writing macro contents to the Excel file, and disabling trust access, a function from the newly written excel VBA is called which downloads the Zloader payload.

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload,” McAfee’s researchers Kiran Raj and Kishan N wrote.

“Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads. Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is safe to enable them only when the document received is from a trusted source.”

The operators of the Zloader malware are notorious for finding increasingly innovative ways of spreading their banking Trojan. The malware was found to be present in 100 coronavirus-related email campaigns as of the first half of 2020. Zloader was also hiding within encrypted Excel documents, according to research published in March this year, with its operators overseeing invoice-related spam campaigns.

TikTok moves into recruitment with ‘video resumes’


Bobby Hellard

8 Jul, 2021

TikTok has launched a pilot programme in the US to help job seekers create and send ‘video resumes’ to potential employers as it looks to expand the platform into recruitment.

The new service, dubbed ‘TikTok Resumes’, already has a selection of job openings from brands such as WWE, Shopify and Target.

At a time when tech companies like Facebook and Twitter are scrambling to be more like the video-sharing app, TikTok itself is aiming to be more like LinkedIn, with the company suggesting that there has been a rise in “career and job-related creative content” on its platform over the past year and that this could be used as a “channel for recruitment”.

As an example, TikTok user and Berkeley graduate ‘Christian‘ has created a short video resume with graphics and background images to showcase his skills with Adobe and Google Dialogflow and his experience working with brands, such as flight operator KLM.

Users can pursue job listings via the app or the website’s TikTok discovery page, with US job openings available till 31 July.

TikTok Resumes is officially open and accepting TikTok video resumes,” said Nick Tran, global head of marketing at TikTok. “We’re humbled to be able to partner with some of the world’s most admired and emerging brands as we pilot a new way for job seekers to showcase their experiences and skill sets in creative and authentic ways.”

Tran added that TikTok is hoping to “reimagine recruitment and job discovery”, and the social media platform has already made a start on that ambition with the hashtag ‘CareerTok‘ which pools together resume examples, career advice and interview tutorials.

According to the Pew Research Centre, 48% of 18 to 29-year-olds in the US have reported having a TikTok account, compared to just 30% who say they have a LinkedIn profile.