All posts by Bobby Hellard

Tech giants assemble to tackle cloud and data security

Bobby Hellard

22 Aug, 2019

Some of the largest tech companies in the world, such as Google and IBM, are joining forces to advance confidential computing and cloud security.

The aim is to build trust and security for the next generation of cloud and edge computing with open-source technologies and an agreed set of standards for protecting data.

The Confidential Computing Consortium has been brought together by the Linux Foundation and includes Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

Confidential computing focuses on securing data in use, rather than current approaches which often address it while in storage or transit.

“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at The Linux Foundation.

“The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

A key part of the project will be to provide a fully encrypted lifecycle for sensitive data, which the Linux Foundation called the most challenging step. But confidential computing could potentially enable encrypted data to be processed in memory without exposing it to the rest of the system. This, the foundation said, could reduce visibility for sensitive data allow for greater control and transparency for users.

The Confidential Computing Consortium aims to bring together hardware vendors, cloud providers, developers, open-source experts and academics to influence technical and regulatory standards and build open-source tools that provide the right environment for education.

The big tech firms announced they are already planning to make open source project contributions, such as Intel with its Software Guard Extension and Microsoft with Open Enclave SDK.

The proposed structure for the Consortium includes a governing board, a technical advisory council and separate technical oversight for each technical project.

“The Open Enclave SDK is already a popular tool for developers working on Trusted Execution Environments, one of the most promising areas for protecting data in use,” said Mark Russinovich, CTO, Microsoft.

“We hope this contribution to the Consortium can put the tools in even more developers hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing.”

Box Shield brings security controls to lockdown cloud collaboration

Bobby Hellard

22 Aug, 2019

Content and file management cloud service Box has unveiled a set of features for admins to control access to shared content called Box Shield.

This will include “intelligent” threat detection capabilities and safeguards to prevent accidental data leaks and the misuse of shared files.

The rapid rise of cloud computing has led to greater collaboration, both internally and externally, for most businesses which has resulted in a greater risk of security breaches.

Popular collaboration platforms like Slack have also recently announced more advanced security controls in recent weeks and Box Shield is following that trend.

“Box Shield is a huge advancement that will make it easier than ever to secure valuable content and prevent data leaks without slowing down the business or making it hard for people to get their work done,” said Jeetu Patel, chief product officer at Box.

“With Box Shield, enterprises will receive intelligent alerts and unlock insights into their content security with new capabilities built natively in Box, enabling them to deploy simple, effective controls and act on potential issues in minutes.”

According to the company, Box Shield prevents accidental data leaks through a system of security classifications for files and folders, which can be operated manually or automated. Account administrators can define and customise the classification labels to suit their workflow.

Shared links can have restrictions, with labels that control who can see it both internally and externally. This is also the case for downloads, applications and FTP transfers. There’s also limit controls on collaborations, restricting non-approved members to edit or share certain content.

Box Shield will also come with functions to detect abnormal and malicious behaviour from both internal and external potential threats. This is a machine learning-based service that detects anomalous downloads, suspicious sessions and locations where a compromised account is detected.

“At Indiana University (IU), sensitive information changes hands thousands of times each day on our campuses with over 100,000 users and thousands of collaborators around the world,” says Bob Flynn, manager, cloud technology support at IU.

“With the introduction of Box Shield, we can apply native data classifications and design policies aligned to our own business and compliance rules. By protecting content with precision, we can help IU reduce risk without compromising speed and collaboration.”

Box Shield is in private beta at the moment, but it is due to become generally available in the Autumn.

Microsoft aquires Java specialist jClarity to boost Azure workloads

Bobby Hellard

20 Aug, 2019

Microsoft has acquired software platform jClarity in a bid to drive more Java workloads to Azure.

The deal will see jClarity’s AdoptOpenJDK project move to the Azure where its data science teams will add its expertise to Java projects.

AdoptOpenJDK is a community of Java users, developers and vendors, which includes the likes of Amazon, IBM, Pivotal and Red Hat. The organisation is an advocate of OpenJDK, the open-source project which forms the basis of the Java programming language and platform.

Microsoft said that it had seen an increase of large-scale Java installations on Azure, particularly with platforms like Minecraft and Adobe.

“At Microsoft, we strongly believe that we can do more for our customers by working alongside the Java community,” the company said in a blog post. “The jClarity team, with the backing of Microsoft, will continue to collaborate with the OpenJDK Community and the Java ecosystem to foster the progress of the platform.”

Microsoft said that more than half of compute workloads on Azure run on Linux, making it a great platform for open-source software, which includes Java.

For jClarity, the team will continue to work out in the open in various Java communities, its CEO, Martijn Verburg said in a blog post. But the company is anticipating a greater contribution to the Java community with the support of Microsoft.

“It’s always been jClarity’s core mission to support the Java ecosystem,” Verburg said. “We started with our world-class performance tooling and then later became a leader in the AdoptOpenJDK project.

“Microsoft leads the world in backing developers and their communities, and after speaking to their engineering and programme leadership, it was a no brainer to enter formal discussions. With the passion and deep expertise of Microsoft’s people, we’ll be able to support the Java ecosystem better than ever before.”

Google staff demand it shuns US immigration contract

Bobby Hellard

15 Aug, 2019

Google employees are demanding that the tech giant publicly commits to not entering a cloud deal with the US border control, citing human rights abuse as the reason.

Some 676 Google employees have signed a petition, initially circulated internally but has since been posted on Medium, calling for their employer to not bid on a cloud computing contract with the US Customs and Border Protection (CBP) agency.

While Google’s cloud computing arm looks to work with different organisations on digital transformation projects, its dealings with the US government have sparked backlashes from its staff. What’s more, the US government itself has also been quite critical of Google in recent weeks.

The employees say they “refuse to be complicit” in the CBP contract as immigration officials are “perpetrating a system of abuse and malign neglect” at the border. The document cites reports of families being separated and children dying during their time in detention.

“It has recently come to light that CBP is gearing up to request bids on a massive cloud computing contract,” the post reads. “The winning cloud provider will be streamlining CBP’s infrastructure and facilitating its human rights abuses.

“It’s time to stand together again and state clearly that we will not work on any such contract. We demand that Google publicly commit not to support CBP, ICE, or ORR with any infrastructure, funding, or engineering resources, directly or indirectly, until they stop engaging in human rights abuses.”

For those signing the petition, this has proved a successful method of forcing Google to drop projects that are deemed controversial. Last year, significant pressure from staff resulted in the tech giant deciding to not renew a contract with the Pentagon’s Project Maven – in which AI technology would be harnessed to improve drone performance – which expired this year. In the days that followed it also announced an ethical code of conduct.

These ‘ethics’ are being seriously tested, not just by Google’s own employees, but also by the US government, which has accused it of being biased. Last week, the president, Donald Trump took to Twitter to attack the company and its CEO.

“Sundar Pichai of Google was in the Oval Office working very hard to explain how much he liked me, what a great job the Administration is doing, that Google was not involved with China’s military, that they didn’t help Crooked Hillary over me in the 2016 Election, & that they are NOT planning to illegally subvert the 2020 Election despite all that has been said to the contrary,” he wrote.

“It all sounded good until I watched Kevin Cernekee, a Google engineer, say terrible things about what they did in 2016 and that they want to ‘Make sure that Trump losses in 2020.’ Lou Dobbs stated that this is a fraud on the American public. Peter Schweizer stated with certainty that they suppressed negative stories on Hillary Clinton, and boosted negative stories on Donald Trump. All very illegal. We are watching Google very closely!”

Amazon claims AWS Rekognition can now detect fear

Bobby Hellard

14 Aug, 2019

Amazon Web Services has revealed an update to its facial recognition software, Rekognition, that can detect a person’s fear.

This update was announced on Monday along with improvements to accuracy and functionality of its facial analysis feature that can identify gender, emotions and age range.

The company claims the software can already accurately read seven ’emotions’, but it has now added an eighth – the ability to spot fear.

However, some experts have pointed out that while there is scientific evidence that suggests there are correlations between facial expressions and emotions, the way they’re communicated across cultures and situations can vary dramatically.

“Today, we are launching accuracy and functionality improvements to our face analysis features,” the tech giant said. “Face analysis generates metadata about detected faces in the form of gender, age range, emotions, attributes such as ‘Smile’, face pose, face image quality and face landmarks.

“With this release, we have further improved the accuracy of gender identification. In addition, we have improved accuracy for emotion detection (for all 7 emotions: ‘Happy’, ‘Sad’, ‘Angry’, ‘Surprised’, ‘Disgusted’, ‘Calm’ and ‘Confused’) and added a new emotion: ‘Fear'”

The ethical use of facial recognition, and its accuracy, particularly when deployed on a crowd, has caused concern throughout the world. From the London Met Police’s use that resulted in zero arrests and a 98% failure rate, to San Francisco’s outright ban of the technology, it’s now more famous for its problems than its benefits.

The UK’s Information Commissioner (ICO) has announced an investigation into the privacy aspect of facial recognition, which came to light this week after the owner of a development site in King’s Cross confirmed the technology was being used.

Amazon’s own Rekognition has also been a source of controversy after it was revealed that US law enforcement used the technology. There was even reports that AWS tried to offer the software to the Immigration and Customs Enforcement organisation, which sparked protests from Amazon staff.

Slack hands more power to large company admins

Bobby Hellard

14 Aug, 2019

Slack has revealed a set of features for admins that make it easier to manage organisations with large employee counts and busy channels.

The biggest change is that admins can now assign posting permissions more widely than a few select channels, and there is also a new set of APIs to automate the creation of workspaces with names, domains and descriptions.

“We believe this should be easier and today we’re introducing a couple of new features to do just that,” the company said in a blog post.

It comes a week after the company introduced more robust security measures for admins, including the ability to enforce data sharing limits and content blocks on certain devices, as well as a greater variety of two-factor authentication checks.

To start with, the announcement channels will create a single destination for the key information, so teams no longer have to decide what gets shared via email instead of what gets shared via Slack.

“We’ve long encouraged teams to send announcements in channels, where your employees are already working,” the company said. “To broadcast those updates clearly and without distraction, admins have always been able to limit posting permissions in the default ‘general’ channel. Now, for teams on our Plus or Enterprise Grid plans, we’re allowing users to set posting permissions for any channel.”

These come in the form of ‘granular’ controls which limit who can post in a channel and keep chatter to a minimum, leaving the space clear for the most important updates.

As for the new admin APIs, there will be a feature to invite thousands of members at a time, without the need to join the workspace themselves. Invite guest accounts to specific channels (including private ones), set a guest expiration date and customise a welcome message, delegate admin responsibilities to a specific member and automatically trigger the events above based on information collected via web forms.

“All these APIs work towards templated workspace creation and setup,” the company said. “In the future, admins can script the creation of new workspaces that will automatically be configured with their desired settings, content, apps and more.”

Microsoft slammed over changes to cloud licensing

Bobby Hellard

9 Aug, 2019

Senior executives from AWS and Google Cloud have hit out at Microsoft for changing how it charges customers using its software on other public clouds.

Some are even accusing Microsoft of trying to lock customers into a single vendor with a complex pricing structure.

From 1 October, Microsoft customers will have to pay additional fees if they want to run its software on AWS, Google or Alibaba cloud environments due to a change to its on-prem licences.

AWS CTO Werner Vogels took to Twitter to slam the change, saying: “Yet another bait+switch by $MSFT, eliminating license benefits to force MS use. 1st, MS took away BYOL SQL Server on RDS, now no Windows upgrades w/BYOL on#AWS. Hard to trust a co. who raises prices, eliminates benefits, + restricts freedom of choice.”

Google Cloud’s president, Robert Enslin, posted a tweet that suggested Microsoft was harking back to its old ways.

“Shelf-ware. Complex pricing. And now vendor lock-in. Microsoft is taking its greatest hits from the ’90s to the cloud,” he wrote.

AWS VP Sandy Carter said in a post that Microsoft was ‘awkwardly’ trying to force customers into Azure with the license change.

Carter said that Microsoft seemed to be taking from the “old guard software vendor playbook”. Firstly, by trying to put an end to Bring Your Own License (BYOL) for Windows Server purchased after October 1, 2019. She said that it would restrict customers ability to bring their own purchased licenses to their preferred cloud when using licenses purchased after the change comes into force.

She also accused Microsoft of trying to limit choice around SQL Server.

“If you are running SQL Server on the AWS cloud with Dedicated Host without software Assurance (SA) (which is allowed today) and want to upgrade to a newer version after October 1, you would be required to purchase a new SQL Server license with SA,” she explained.

Until now, Microsoft customers were allowed to use the same licence if they wanted to move a workload from an on-premise environment to a single-tenanted public cloud server.

“The emergence of dedicated hosted cloud services has blurred the line between traditional outsourcing and cloud services and has led to the use of on-premise licences on cloud services,” it said in a blog.

“As a result, we’re updating the outsourcing terms for Microsoft on-premise licences to clarify the distinction between on-premise/traditional outsourcing and cloud services and create more consistent licensing terms across multi-tenant and dedicated hosted cloud services.”

Customers now wanting to run Microsoft software on single-tenant cloud servers of AWS, Alibaba, Microsoft and Google will have to pay additional fees on top of the standard licensing.

Alastair Pooley, CIO at Snow Software, argues that the changes will almost certainly bring added complexity for customers.

“Microsoft’s recent change to licensing rules impacts the ability to “bring your own license” to dedicated cloud environments. If you are using the more common shared compute instances this will not affect you. Higher security or performance needs have led some companies to choose to be the only tenant on a physical machine and for those customers this will likely increase their costs and add complexity to their Microsoft licensing.

IT Pro has contacted Microsoft for comment

Microsoft contractors listen to Skype Translator recordings

Bobby Hellard

8 Aug, 2019

Contractors working for Microsoft are reportedly listening to personal Skype calls made using the app’s translation function. 

The video calling platform’s website does say that the company may analyse audio of translated phone calls in order to improve the service but it doesn’t state that this will be done by humans. However, through obtaining some Skype audio recordings and accounts of the human listening situation from unnamed Microsoft workers, Motherboard reported that the contractors are allegedly listening to personal conversations made through Skype. 

It is also reported that these contractors are reviewing recordings of voice commands made to Microsoft’s Cortana, which is currently a controversial trend with tech companies. Both Amazon and Google came under fire recently for reports that revealed workers were reviewing Alexa and Google Assistant recordings – Amazon later introduced a setting for users to disable human reviews.

The issue with it, however, isn’t that humans are listening to the device, but that it isn’t made clear in the terms and conditions. Skype Translator Ts&Cs state: “When you use Skype’s translation features, Skype collects and uses your conversation to help improve Microsoft products and services. To help the translation and speech recognition technology learn and grow, sentences and automatic transcripts are analysed and any corrections are entered into our system, to build more performant services.”

While it does state that it collects recordings to improve the service, it doesn’t explicitly say that these recordings are reviewed by humans contractors. Likewise, Microsoft’s own privacy statement also fails to make this crystal clear.

In July, after an unnamed Google worker leaked details to a Belgian public broadcaster about how the company reviews recordings made on its smart speaker, the tech giant responded in a blog post defending the practice.

As GDPR expert lawyer Frank Jennings told IT Pro at the time, speech recognition has progressed so far that we don’t expect humans to be involved at all, but there is still an obligation to be clear on the matter.

“While asking humans to assist with language recognition and booking fulfilment is a ‘legitimate purpose’ under GDPR, the real question is whether Google is doing so in a ‘transparent manner’ and for ‘specified and explicit purposes’,” said Jennings. 

While home speakers like Alexa and Google Assistant raise questions over privacy in the home, the reports of Skype Translator recordings present a potential worry for businesses.

“We strive to be transparent about our collection and use of voice data to ensure customers can make informed choices about when and how their voice data is used,” a Microsoft spokesperson said to IT Pro in an email. “Microsoft gets customers permission before collecting and using their voice data. We also put in place several procedures designed to prioritise users privacy before sharing this data with our vendors, including de-identifying data, requiring non-disclosure agreements with vendors and their employees, and requiring that vendors meet the high privacy standards set out in European law. We continue to review the way we handle voice data to ensure we make options as clear as possible to customers and provide strong privacy protections.” 

Which, again, still doesn’t explicitly say ‘humans’ are involved in this process.

Slack unveils new admin security controls

Bobby Hellard

7 Aug, 2019

Slack has introduced a slew of security features to give IT admins more control over which employees use can use the service and how.

These new features will help to implement limits on users and devices, including blocking both from accessing their company’s Slack account if they’re deemed to be suspicious or unsecured. 

The changes follow on from the company’s Enterprise Grid service, which was launched last year and promised more user efficiency and tighter security.

“Without proper controls in place, mobile applications can open your employees up to new security risks,” Slack wrote in a blog post. “To alleviate that, we’re rolling out new functionality to ensure that only the right people and approved devices can access your company’s information in Slack.”

To start, Slack is introducing new secondary authentication controls, allowing admins to implement additional layers of security in the form of Face ID, Touch ID, or generated passcodes. This also comes with a time limit function, after which users have to re-authenticate. There are also session management tools to remotely wipe a user’s mobile or desktop session in the event their device is lost or stolen.

Alongside these, Slack also unveiled data sharing protections. New domain whitelisting tools will be available for admins to control which workspaces can be accessed by its employees. Slack said this not only shores up sensitive company information, but it will also help teams focus on their immediate workloads. Another related feature  blocks users from downloading company information to an unmanaged device.

This is just the beginning, according to Slack. Session management controls will soon be added to the admin dashboards, which will allow them to define the maximum number of devices a single employee can be logged into at one time. What’s more, the company is working on a feature where admins can detect if a device has been jailbroken and then block its access to the app.

Slack said these new features are designed for IT professionals “who want to modernise and improve how their organisations work while maintaining compliance with their industry”.

For Jake Moore, cyber security specialist at ESET, it shows that security is slowly becoming important to the normal user, delivering what the people want rather than what the industry thinks the consumer needs.

“With Slack making great steps forward, adding more prominent security functions, it will hopefully make people more aware of the importance of authentication and other protection techniques,” he said. “It might even push other manufacturers into rolling out similar features as default.”

AWS and Azure take up half of the cloud market

Bobby Hellard

26 Jul, 2019

Spending on cloud services has grown almost 40% in the second quarter of 2019, with AWS and Microsoft Azure claiming half of the market.

Overall, the cloud market is heading for a world-wide revenue run rate of $100 billion per year, according to Synergy Research Group, with AWS taking up 33% of the that and Microsoft someway off in second with 16%.

AWS actually posted a slight slip in net sales with 37% growth compared to the same time last year. Despite going from $6.105 to $8.381 billion when compared to the second quarter of 2018, it’s the first time in over five years that its net sales have dropped below 40%.

However, not only is AWS still a large chunk of Amazon’s overall revenue (13%), it’s still bigger than the next four providers, Microsoft, Google, Alibaba and IBM, combined.

“When quarterly spend on cloud services is mapped out for the last twelve quarters, we are pretty much looking at a steep, straight-line growth profile,” said John Dinsdale, a chief analyst at Synergy.

“Amazon is maintaining its leadership position in the market, though growth at Microsoft is also noteworthy. In early 2016 Microsoft was less than a quarter the size of Amazon in this market, while today it is getting close to being half the size. These two cloud providers alone account for half of all money spent on cloud infrastructure services, which is impressive for such a high-growth, strategically important market.”

Microsoft’s public cloud computing platform, Azure, has firmly established itself as the second-place cloud provider, recently posting revenue growth of 63%.

Google Cloud, which holds 8% of the overall market, is generating $8 billion a year in run-rate according to parent company Alphabet’s latest earnings. The company also plans to invest in its sales force as it looks to close the gap on Microsoft and AWS.

IBM recently reported a drop in revenue, partly attributed to its acquisition of Red Hat but there is a suggestion that the open-sourced specialist is a big part of the IBM’s cloud strategy.

Alibaba, Salesforce, Oracle, Tencent and Rackspace made up the remaining market share with a combined 14%.