All posts by Clare Hopping

Huawei moves into Russian cloud market with third-party data centre support


Clare Hopping

6 Mar, 2019

Huawei has extended its reach across Eurasia, renting 500 racks in data centres across Russia to localise their services for the market. The racks are residing in facilities owned by 3Data, IXcellerate and DataPro, according to Russian news site Kommersant.

Russia has pretty extreme data sovereignty laws, stipulating that any information held by Russian companies must be stored within the country and this meant companies such as Huawei couldn’t really serve customers in the country.

Huawei supposedly wants to use its latest rentals to support a range of its services, including enabling Russians to make use of its Huawei Pay payment system and the development of services for third parties.

Although it already has some space in data centres in the country, this is a significant step forward for Huawei. The company apparently started moving some of its infrastructure into Russia last year, with 80 racks already in use, but this is a major step forward. At the end of last year, Kommersant said Huawei had 200 servers up and running in the country, but this will rise to 500 by the end of the year.

“We have already entered into a licensing agreement with Microsoft, we are working on solutions with other vendors to provide software from our cloud, and we are also considering partnerships with operators in order to give them the opportunity to resell our cloud,” said Arthur Pärn, director of solutions for Huawei Cloud in Russia.

It’s also a pretty big snub of the US, which is trying to ban Chinese firms such as Huawei from selling its services in the country. Although Russia and the US share a pretty turbulent relationship, this move by Huawei could tighten relations between China and Russia.

Workplace by Facebook hits two million paid users


Clare Hopping

1 Mar, 2019

Facebook has revealed its paid Workplace enterprise communications platform is now being used by two million people worldwide, a little over two years after its launch.

The social network said more than 150 large companies (with more than 10,000 employees) have signed up to its corporate collaboration tool, offering workers a centralised place to communicate with each other.

Its biggest customers are Nestle, Vodafone, GSK, Telefonica, AstraZeneca, Delta Airlines and NAB (National Australia Bank).

“We believe this rapid uptake is because Workplace creates lasting business value, increasing the impact teams can have on their organization and customers,” the company said.

“Team members can work smarter, make better decisions, and take decisive action – all empowered by more social communication and information sharing.”

All of this is provided on a platform that’s familiar to employees using regular Facebook tools. With Facebook Workplace, teams can connect in exactly the same way as people can connect with friends online, using enhanced business-centric tools such as groups, chat and video calls.

The service costs from $3 per user, per month, although it also offers a 90-day free trial and for life for registered non-profits and staff of educational institutions, as part of Facebook’s mission to make collaboration a necessity.

Facebook hasn’t revealed how many additional customers it has using its free service or its educational or NGO customers on its Workplace for Good programme, which offers free subscriptions.

Facebook only started charging Workplace users in October 2017, which would appear to have been a move to get companies to get familiar with the service before it decided to make money off them.  

Quickbooks launches MTD suite for small businesses


Clare Hopping

27 Feb, 2019

Quickbooks has made its Making Tax Digital suite widely available for small businesses and accountants, which includes software that will allow users to continue to file VAT using spreadsheets.

The updated tools will ensure that anyone filing a VAT return using the tools will be compliant with the government’s new digital tax legislation, set to come into force on 1 April.

The platform comprises tools such as SmartCheck, a pilot software that identifies common mistakes in VAT returns, and Smart Notifications, which notifies accounting professionals when their clients need to file for VAT, advising on due dates and making sure the tasks are scheduled so the deadline isn’t missed.

“Accounting professionals and small businesses are looking to the software industry to make MTD easy,” Shaun Shirazian, head of product Europe, said.

“After conducting numerous pilots, through listening to the feedback of our customers and by working closely with HMRC, we have optimized and iterated QuickBooks and built a best-in-class solution ready for the MTD generation that is available to QuickBooks users.”

A major new feature included in all QuickBooks Online subscriptions is the Quickbooks Bridging Software, which allows small businesses to use spreadsheets to file their VAT return using Quickbooks. The hope is that this will make it easier for businesses already using spreadsheets to file their return to comply with new regulations – something that is likely to be welcome among smaller businesses.

“As digital tax is embraced, our next challenge is to help small businesses and accounting professionals put digital at the heart of their business to help them supercharge productivity, run and grow their business.”

Quickbooks has also launched a helpline for small businesses to check they’re compliant with the new Making Tax Digital legislation. It will also serve accounting professionals using Quickbooks to file returns for both themselves and clients.

A handful of new products will also be made available for SMBs and those that are self employed, including Receipt Capture, which can take photographs of receipts and automatically import the required data. 

Sauce Labs doubles down on EU growth with Frankfurt data centre


Clare Hopping

27 Feb, 2019

Sauce Labs has launched a virtual data centre in Germany and expanded its London office to keep up with European data demands, the company has announced.

It’s a reflection of the company’s success in the EMEA region and, after doubling its European workforce, it now needs office space to support its rapid growth.

“Since establishing itself in Europe more than two years ago with the acquisition of TestObject, Sauce Labs has continually made strong investments in the region, and today’s announcement is just the latest example of our commitment to customers in EMEA,” said Hannes Lenke, vice president of New Ventures and general manager, Germany, Sauce Labs.

The company now has grown its local enterprise customers to more than 100 and achieved year-on-year recurring revenue increases of 60%, demonstrating a hunger for digital transformation in the UK and beyond, despite challenging economic conditions.

Businesses are increasingly searching for a robust continuous app testing platform so they can get services to market faster and Sauce Labs believes it’s able to offer this with the introduction of an additional facility in Europe.

“Now anchored by our new data center in Frankfurt, Sauce Labs continues to be at the forefront of empowering organisations in Europe to quickly and reliably scale both the volume and velocity of their tests, enabling them to successfully move forward with their digital initiatives while meeting mounting compliance requirements.”

The new Frankfurt-based data centre will offer European businesses a platform to test devices, alongside its existing European real device data centre, significantly boosting its resources.

The company also announced the appointment of Joe Pynadath, as vice president of sales for the EMEA region and Karolin Beck as vice president of EMEA marketing.

Inmarsat and Microsoft team up on network-sharing deal


Clare Hopping

26 Feb, 2019

Inmarsat and Microsoft have announced a joint collaboration that will see the former’s customers transfer data collected via their IoT solutions to the latter’s Azure IoT platform.

Businesses in the agriculture, mining, transportation, and logistics sectors will be able to connect the data they’ve collected with cloud-based apps to gain more insight into their customers, their supply chain and the market in general.

Microsoft customers will also be able to access Inmarsat’s global satellite communications network to transfer their data to the cloud.

“Our relationship with Microsoft Azure will provide customers with the reliable global connectivity and cloud services they need to take advantage of the Internet of Things wherever they are,” said Paul Gudonis, president of Inmarsat Enterprise.

“Industrial IoT solutions have the potential to bring transparency and intelligence to the global supply chain and by partnering with Microsoft we are making it easier and faster than ever for businesses from all sectors to exploit the technology and achieve competitive advantage.”

Inmarsat and Microsoft plan to extend the partnership to include other verticals in the future, but feel these key areas will be of most benefit at present.

“Microsoft Azure is being built as the world’s computer; extending the reach of our cloud through IoT and intelligent edge services,” added Sam George, director of Azure IoT.

“Our goal is to enable customers to take advantage of connected IoT solutions no matter where they are in their journey. With Inmarsat, customers across industries from agriculture to mining and logistics sectors, will benefit from the power of the intelligent cloud and intelligent edge with global satellite connectivity in the most remote parts of the globe.”

Alibaba Cloud debuts new data intelligence tools


Clare Hopping

26 Feb, 2019

Alibaba Cloud has introduced a set of tools it claims will make it easier for businesses to take advantage of data intelligence and gain greater insight into the running of their business.

Businesses in the retail, fin-tech, logistics, media and entertainment, digital branding, and marketing sectors are expected to be the primary beneficiaries of the new tech.

Alibaba’s Realtime Compute processes events, such as fraud detection, social analytics, and QoS monitoring of telco networks. It then presents these as business insights that can be used to take action based on behaviour displayed.

For businesses that need to manage and analyse large swathes of data, Alibaba has created DataWorks and MaxCompute 2.0 that can together process up to 100 petabytes of data a day.

For businesses with unstructured data sets, Data Lake Analytics can be used to query massive data lakes but only pay for the data crawled.

“Businesses around the world are increasingly relying on data intelligence to drive innovation, digitalise operations, and delight customers,” said Henry Zhang, senior staff product manager at Alibaba Cloud International.

“We work with customers from many industries along this digital transformation journey. We are keen to turn our proven in-house technology into broadly applicable services and pass the benefits on to customers globally so they can quickly build applications on top, such as for 5G, edge computing, and IOT, and shorten the time-to-market.”

Alibaba used this week’s Mobile World Congress (MWC) event in Barcelona to unveil a number of other tools, including ApsaraDB for MariaDB TX that allows businesses to deploy enterprise, database-centric applications, while SQL Server Enterprise Always On allows organisations to take advantage of high availability and disaster recovery plans.

Cloud Parallel File System offers businesses deploying High Performance Computing workloads to offer the highest levels of efficiency, while Elastic Container Instance makes it easier for Alibaba customers to run containers

Check Point reveals cloud and mobile security threats are growing


Clare Hopping

22 Feb, 2019

Criminals are increasingly targeting the cloud and mobile environments of businesses because they’re the least protected infrastructure, Check Point has revealed.

The insights are backed up by evidence in the form of the cyber security company’s 2019 Security Report, with almost a fifth of businesses having experienced a security incident over the last 12 months, including data leaks and breaches and malware.

“The third installment of our 2019 Security Report shows just how vulnerable organizations are to attacks targeting their cloud and mobile estates, because there is a lack of awareness of the threats they face and how to mitigate them,” said Zohar Alon, head of cloud product line at Check Point Software Technologies. “As nearly 20% or organizations have experienced a cloud incident in the past year, it’s clear that criminals are looking to exploit these security gaps.”

The reason so many businesses are being targeted is because 30% feel it’s the responsibility of their cloud provider to protect them against threats and this means they’re not sufficiently protecting their cloud infrastructure. However, it’s widely recommended by cloud providers that this duty to protect a cloud environment is shared between the provider and the customer.

The most prevalent threats in the cloud are misconfiguration of cloud platforms, which was highlighted by 62% of businesses, with unauthorised access to cloud platforms cited as a problem by 55% of IT professionals. Those questioned also said insecure interfaces and APIs were a big problem in their organisation.

Mobile environments are also more at risk because businesses are failing to use mobile defences to protect their infrastructure, whether that’s by implementing malware detection or monitoring the usage of devices for system vulnerabilities.

In fact, less than 10% of IT professionals thought mobile threats presented a significant risk to their business, failing to recognise that malware can very easily propagate between mobile devices on a central network.

“By reviewing and highlighting these developments in the Report, organizations can get a better understanding of the threats they face, and how they prevent them impacting on their business,” Alon said.

Google introduces hybrid cloud platform for flexible environments


Clare Hopping

22 Feb, 2019

Google has launched itself into the hybrid cloud arena, launching Google Cloud Service Platform to help businesses take advantage of a mixed on-premise and cloud services at once.

CSP is built upon Google Kubernetes Engine (GKE) and integrates GKE On-Prem, which allows all of Google’s services to be pushed through to datacentres if a business doesn’t want to (or their sensitive data doesn’t allow for it to) operate solely on the cloud.

It will especially be useful for highly-regulated businesses that need to keep ownership of their data, but also companies that need to run legacy applications in their own datacentre, rather than in the cloud.

Alongside the ability to run applications in the cloud or on-premise, CSP also introduces other services that will help developers, security professionals and the IT team operate more efficiently.

For example, CSP Config Management enables the IT department to create multi-cluster policies out of the box to make sure that every cluster has the correct access controls and resource quotes set up. Security teams can monitor usage of the CSP environment, monitoring any changes and alerting them to anything suspicious.

StackDriver Monitoring offers a single management console for teams to keeps tabs on both environment at once and compatibility with the GCP marketplace offers open-source, and commercial Kubernetes applications with templates to make it faster to deploy applications.

“Built on open APIs, CSP is a less disruptive and more compliant approach than competing hybrid offerings,” Eyal Manor, vice president of Google Cloud said. “CSP gives you the freedom to modernize your applications at your own pace, innovate faster, and improve operational security and governance.

“Now that our customers have started to modernize their applications in their own data centers with CSP, we believe it will be the enterprise application deployment platform of choice for many years to come.”

Popular password managers found to have serious flaws


Clare Hopping

21 Feb, 2019

Security researchers have revealed that some of the most popular password managers around are also the most vulnerable, allowing hackers to break in and steal information as easily as they would be able to if the information was stored in a text file.

Independent Security Evaluators (ISE) tested a range of password managers – those embedded in browsers and also paid-for software that claim to stop people from being able to steal passwords. It found that every single tool could be broken into and so failed to sufficiently protect information as claimed.

“Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns,” ISE chief executive Stephen Bono said.

The company looked in detail at 1Password, Dashlane, KeePass, and LastPass to see how robust they were at securing users from having their credentials stolen. They all work in the same way – “securely” storing passwords so users are able to keep track of their different credentials across services from one place.

However, every single application had “serious” vulnerabilities, including ease of stealing the master password used to protect the others from prying eyes. Access to the master password means all other passwords stored can be easily obtained, making these platforms pretty useless in terms of their core purpose. 

All four password managers can be hacked when in the background running state when they’re locked by the master password, which is the most common way the applications are used. However, the most recent version of 1Password and Dashlane can be broken into and all passwords leaked while in both the locked and unlocked state. All four password managers could be intercepted using keylogger malware.

“People believe using password managers makes their data safer and more secure on their computer,” added ISE executive partner Ted Harrington. “Our research provides a public service to vendors of these widely-adopted products who must now mitigate against attacks based the discovered security issues, as well as alert consumers who have a false sense of security about their effectiveness.”

ISE recommends that users properly shut down their password managers when they’re not in use.

“Password managers are an important and increasingly necessary part of our lives. In our opinion, users should expect that their secrets are safeguarded according to a minimum set of standards that we outlined as ‘security guarantees’. Initially our assumption and expectation were that password managers are designed to safeguard secrets in a ‘non-running state’, which we identified as true. However, we were surprised in the inconsistency in secrets sanitisation and retention in memory when in a running unlocked state and, more importantly, when placed into a locked state,” ISE concluded in its research. 

“If password managers fail to sanitise secrets in a locked running state then this will be the low hanging fruit, that provides the path of least resistance, to successful compromise of a password manager running on a user’s workstation.

“Once the minimum set of ‘security guarantees’ is met then password managers should be re-evaluated to discover new attack vectors that adversaries may use to compromise password managers and examine possible mitigations for them.”

Cloud resources are increasingly targeted by cyber criminals


Clare Hopping

20 Feb, 2019

Hackers are increasingly aiming cyber attacks at cloud infrastructure, using it as an entry point to drive other attacks and relying on employees and businesses to misconfigure their infrastructure, leaving it open to attack.

That’s according to cyber security firm Symantec’s latest Internet Threat Security Report, which noted misconfigured servers and cloud infrastructure are providing tempting targets for cyber  criminals. 

“The same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud<” Symantec’s report explained. 

“A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet.” 

The security company explained that hardware chip vulnerabilities, which can be found in the systems that underpin cloud infrastructure, such as Meltdown, Spectre, and Foreshadow are also exposing data to criminals.

The reason for cloud infrastructure to increasingly draw the eye of cyber criminals is that they are looking for alternative ways to generate income. as returns from ransomware and cryptojacking attacks are reducing. 

The report noted that cyber criminals are also increasingly targeting online retailers to steal customer details using methods such as formjacking.

Formjacking allows criminals to steal user card data while they’re shopping online. It involves injecting code into badly-secured checkouts on retailer websites used to steal card details.

Symantec reported that more than 4,800 unique websites are injected with malicious code used in such attacks every month and it had blocked 3.7 million attempts to use such methods to steal card details in 2018.

“Formjacking represents a serious threat for both businesses and consumers,” said Greg Clark, CEO at Symantec.

“Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

During 2018, Symantec revealed that the number of hackers using more traditional methods of disrupting a company’s infrastructure, such as ransomware and cryptojacking had decreased significantly in 2018.

The reasons for this, Symantec cited, was that the value of cryptocurrency has reduced significantly and more businesses are adopting mobile and cloud computing, which makes attacks “less effective”.