All posts by Keumars Afifi-Sabet

Commvault launches ‘Metallic’ SaaS backup suite


Keumars Afifi-Sabet

15 Oct, 2019

Backup specialist Commvault has lifted the lid on a spin-off software as a service (SaaS) venture that allows customers to safeguard their either on-prem or cloud-based files and application data.

Launched at the firm’s annual Commvault GO conference, the Metallic portfolio is geared towards addressing a growing demand among Commvault’s customers for SaaS backup and recovery services.

Metallic will be pitched at large businesses of between 500 and 2,500 employees and is set to launch with three strands that span the breadth of SaaS-based data management, including one service devoted entirely to Microsoft Office 365.

Its launch is also significant in the way Commvault has pointedly decided to assign the platform a brand in and of itself, rather than including this under the Commvault umbrella.

This, according to the firm’s CEO Sanjay Mirchandani, is because Metallic signifies a divergence from how Commvault has traditionally developed and launched a product.

“Part of what Metallic represented for us as a company is a new way of building,” said Mirchandani. “We funded it and created a startup within the company, they could tap into anything they wanted to within Commvault or not.

“Choose the go-to-market model, choose the partners they wanted to work with, give them the freedom to create something that is world-class and designed to solve real problems for customers. And they had the best of both worlds.”

The three strands comprising Metallic include Core, Office 365 and Endpoint services, each aimed at varying elements of protecting data within a large organisation.

Core, for instance, centres on the ‘essentials’ of data spanning from VMware data protection to Microsoft SQL database backup. By contrast, Endpoint backup and recovery focuses on protecting data stored locally on machines within an organisation.

The Office 365 provision, meanwhile, is dedicated to protecting an organisation’s work within the productivity suite of apps and services to safeguard against potential issues like accidental deletion and corruption.

Available in only the US at first, these are available either through monthly or annual subscriptions, while prospective customers can sign up to a free trial through the platform’s dedicated website.

Commvault decided to build the Metallic brand, Mirchandani added, after extensive consultation with partners and its customers. Its developers decided the best approach to building Metallic would be to adopt the viewpoint of an organisation’s chief information officer (CIO) and consider their backup needs.

Google is able to access sensitive G Suite customer data, former employee warns


Keumars Afifi-Sabet

11 Oct, 2019

Employees whose organisations deploy G Suite have been urged to stay mindful of keeping sensitive data on the productivity suite, following a report that suggests Google and IT admins have extensive access to private files.

Google itself, as well as administrators within a business, have vast access to the files stored within G Suite, and can monitor staff activity, according to a former Google employee. This data, which is not protected by end-to-end encryption unlike other Google services, can even be shared with law enforcement on request.

This level of intrusion is necessary to perform essential security functions for business users, such as monitoring accounts for attempted access, ex-staffer Martin Shelton claimed in his post, but, in turn, this demands enormous visibility on users’ accounts.

Organisations using G Suite Business or G Suite Enterprise have even offered administrators powerful tools to monitor and track employees’ activity, and retain this information in a Google Vault.

“In our ideal world, Google would provide end-to-end encrypted G Suite services, allowing media and civil society organisations to collaborate on their work in a secure and private environment whenever possible,” Shelton said.

“For now we should consider when to keep our most sensitive data off of G Suite in favour of an end-to-end encrypted alternative, local storage, or off of a computer altogether.”

Of particular concern is a sense of uncertainty over who within Google has access to user data kept on its servers. Shelton added that Google claims to have protections in place, but that it’s not known how many employees are able to clear the bars set by the company.

These protections include authorised key card access, approval from an employee’s manager as well as the data centre director, as well as logging and auditing of all instances of approved access.

G Suite administrators, meanwhile, can see a “remarkable level” of user data within an organisation in light of the powerful tools offered by Google. G Suite Enterprise offers the most amount of access into users’ activities, with G Suite Business allowing for slightly more restricted visibility.

These tools include being able to search through Gmail and Google Drive for content as well as metadata including the subject lines and recipients of emails. Administrators can even create rules for which data is logged and retained, depending on how they wish to configure their G Suite.

Audit logs, for example, lets IT admins see who has looked at and modified documents, while the use of apps like Calendar, Drive and Slides can be monitored on both desktops and mobile devices.

Shelton has recommended that employees audit their own use of G Suite and be mindful of any sensitive data that’s either kept in Drive or discussed with others via Gmail.

The former employee has also suggested users get details from their G Suite administrators pertaining to the level of visibility they have over employees within their organisation, including which rules they’ve enabled as part of Google Vault.

Concerns over privacy within G Suite have emerged in the past after accusations were made in 2018 that third-party developers were able to view users’ Gmail messages.

Google said, at the time, that such a practice was normal across the industry and users had already granted permission as and when this occurred.

SAP launches a string of data-driven cloud services


Keumars Afifi-Sabet

8 Oct, 2019

SAP has announced several improvements to its business technology platform for enterprises to allow customers to exploit business insights and gain value from data points.

The company has released services pertaining to data warehousing, analytics and cloud deployment through its business technology platform, offering enterprise customers a single platform from which to deploy SAP technology.

The SAP Cloud Services suite, set to get a raft of improvements, includes SAP HANA Cloud, SAP Data Warehouse Cloud and SAP Analytics Cloud.

“Our business technology platform brings SAP HANA and analytics closer together with SAP Cloud Platform so users can make smarter, faster and more-confident business decisions,” said SAP CTO Juergen Mueller.

“SAP ensures high levels of openness and flexibility including out-of-the-box integration, modularity and ease of extension in cloud, on-premise and hybrid deployment models. With this open and flexible approach, SAP is committed to helping our customers achieve superior business outcomes.”

SAP Data Warehouse Cloud serves as a platform that ties in all aspects of a business’ data together before translating the dataset into insights relevant to its specific field. The feature will be released towards the end of the year, with approximately 2,000 customers currently registered for the beta programme.

The tool goes beyond conventional modelling to encompass aspects like data governance and creating a single data landscape from several sources such as cloud and on-premise from within a company, as well as externally.

“Thanks to the data virtualization capabilities, we can connect all our data without creating redundancies,” said Andreas Foerger, manager of the analytics and reporting team at SAP customer Randstad Germany.

“The semantic layer that SAP Data Warehouse Cloud comes with helps us sync all our data from different sources in a way that makes perfect sense to the business.”

SAP HANA Cloud, meanwhile, aims to bring customers an interface that offers virtual interactive access with a scalable query engine. This service, alongside SAP Analytics Cloud, which comprises tools that improve internal business planning, will also be released towards the end of the year.

UK data centres blitz climate change targets


Keumars Afifi-Sabet

27 Sep, 2019

Data centre operators in the UK have fulfilled their climate change obligations two years ahead of schedule, exceeding the requirement of a 13.52% reduction in power usage by a healthy margin.

Under the climate change agreement (CCA) scheme for data centres, participants are required to reduce their Power Usage Effectiveness (PUE) by 15% by the end of 2020. Calculations by techUK, a trade association for the UK’s tech industry, show the sector achieved a reduction of 16.72%.

“Provisional results from the Climate Change Agreement (CCA) for Data Centres suggest that the sector has successfully met its efficiency target, the third of four milestones in the life of the scheme,” said techUK’s associate director for data centres.

“Collectively, UK operators have performed so well that they have fulfilled the final scheme target two years ahead of schedule. However, at individual facility level, the picture is more mixed, so the sector is not complacent and will be working harder than ever to build on these improvements in the final stage.”

The headline figure serves only as an aggregation for outcomes in 150 sites, with a more detailed examination suggesting there’s plenty of work to be done still. Of 88 target units, with ‘target units’ defined as combinations several data centre sites, 40 passed the requirements while 48 failed.

Those sites which failed to meet their targets and did not have surplus carbon from previous assessment periods were obliged to buy out the carbon needed to meet their targets if they wished to remain certified.

Brexit uncertainty has been cited as a key reason for this failure among sites that have not met their targets, due to a reduction in enterprise customers in the last few years. Older sites that were full at the start of the scheme in 2013 will also be disproportionately affected as they have struggled to realise the benefits of efficiency improvements.

Despite the reported success of UK data centre operators, critics have criticised the PUE metric as not being a robust enough performance metric of energy efficiency. It’s calculated as a ratio of the total amount of energy used by a facility, against the energy delivered to computing equipment.

“The CCA target of 15 per cent improvement in PUE has been criticised by external observers unfamiliar with the commercial data centre business model,” techUK’s report said. “They claim that this is not nearly tough enough.

“Commercial operators providing colocation (or colocation-style services) control the infrastructure and not the IT, which remains a customer matter. PUE is a performance metric limited to infrastructure, so it is the best, or perhaps more accurately the least worst, metric to use for this type of provider.”

The role of the tech industry in exacerbating climate change has come under scrutiny in recent years. This has especially been the case with regards to the role data centres play in maintaining cryptocurrencies like Bitcoin.

Apple has even speculated on the silver linings of climate change, suggesting more natural disasters could fuel iPhone sales.

The CCA was struck following negotiations between the Department for Business Energy and Industrial Strategy (BEIS) and techUK, and is expected to end in 2023. There is, as of yet, no indication that BEIS will devise a replacement energy efficiency programme once the CCA expires.

Dropbox launches admin controls and collaboration hub amid major workspace push


Keumars Afifi-Sabet

26 Sep, 2019

Dropbox has launched a slew of new features as part of its new desktop app that aims to reposition the file-sharing service as a digital workplace hub.

The headline Dropbox Spaces addition aims to transform folders into collaborative workspaces in which teams can organise and share documents, as well as synchronise calendars and facilitate better communications.

The smart workspace feature will also introduce several key integrations over the course of the next few months, including Paper, HelloSign and Trello. Spaces will also allow workers to add comments directly into files, and configure a notifications feed.

This is part of the company’s wider ambitions to shake off its image as a mere cloud storage service and branch out into productivity. The cloud firm first announced a huge overhaul of its desktop app in June, and announced several features like G Suite and Microsoft Office integration, as well as native integrations with partners like Zoom and Slack.

Dropbox also launched a file-sharing service in July called Dropbox Transfer, which aims to combat the limitations of sharing large files via email. This feature will also make its way into the company’s flagship desktop app in the coming months.

“When we talk about the experience of using technology at work, what was stunning to me, even a few years ago was like, man, our industry just keeps making things more complicated, and just keeps throwing new stuff onto the pile,” Dropbox founder and CEO Drew Houston told Cloud Pro in June. “Like, who’s making everything work together?

“Increasingly we saw that our customers are seeing Dropbox more as this workspace in which they use the Office suites and things like that, which triggered a pretty big mental shift for us and completely changed the concept of the product that we wanted to build.”

The company has also made a number of key changes to Dropbox Business, hoping to make lives easier for IT administrators and team managers. These additions include greater access to employee activity and tools for data security and compliance.

Through the enterprise console, IT admins can gain high-level control and visibility while also delegating levels of control to individual team leaders in appropriate cases. Users can also be reviewed and managed across several workspaces, with different controls and settings based on the needs of each department.

Staff can also be monitored through an activity page with search functionality, and the capacity to filter and report, and take quick action. The firm has also teased a dashboard, set for a future release, that will allow for high-priority user activity to be highlighted.

Microsoft issues urgent Internet Explorer and Windows Defender security patches


Keumars Afifi-Sabet

24 Sep, 2019

Microsoft has urged users to patch their Internet Explorer browsers immediately after learning that cyber criminals are exploiting a flaw to execute arbitrary code on target devices.

The firm has also issued a patch for a separate flaw in Windows Defender, the company revealed on Monday. The severity of the flaws has meant the patches have been released out-of-sync with its Path Tuesday releases; normally the second Tuesday of every month.

The Internet Explorer flaw, dubbed CVE-2019-1367, involves a remote code execution (RCE) vulnerability that allows hackers to exploit the way the web browser’s scripting engine handles objects in memory.

This could corrupt memory in a way that could allow an attacker to execute arbitrary code and gain the same user rights as the target user. This flaw affects Internet Explorer versions 9, 10 and 11, the company confirmed.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” the Microsoft Security Research Centre (MSRC) said.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The Windows Defender flaw, dubbed CVE-2019-1255, centres on a denial of service zero-day vulnerability when Microsoft Defender improperly handles files. An attacker could exploit this to prevent legitimate accounts from executing system binaries.

The Windows Defender flaw will be fixed as part of an automatic update mechanism, and will be shipped within the next couple of days through the Microsoft Malware Protection Engine. The Internet Explorer vulnerability, however, must be applied manually.

Although the Internet Explorer vulnerability is being actively exploited in the wild, its userbase has shrunk in recent years to represent just 2.61% of web users, according to W3 Counter figures.

A vast swathe of businesses may still be using Internet Explorer as the browser of choice in their workplace, however, particularly if they’re also persisting with older Windows systems.

Microsoft confirms a Teams client for Linux is on its way


Keumars Afifi-Sabet

10 Sep, 2019

Microsoft is developing an iteration of its collaboration tool, Teams, for Linux systems after high demand from users, but hasn’t provided a release date.

The company confirmed on a user feedback forum last week that it’s actively working on a Teams client, and that more information would be divulged soon. Users have previously been forced to use an in-browser version of Teams on Linux systems, which suffers from limitations in functionality and user experience (UX).

The popular collaboration tool is currently available on Windows, macOS, iOS and Android, as well as within a web browser, with Linux the only missing piece of the puzzle.

The biggest issues with the web iteration of Teams include the inability to video conference or share desktops and applications effectively, as well as difficulty organising presentations.

Linux users have been demanding a client for Teams for years, with the original post that Microsoft replied to on UserVoice, for example, dating back to November 2016.

Notably, Teams’ biggest rival in the collaboration space is Slack, which does have a functional Linux client that launched last year. The Ubuntu Snap tool has been used to put the app into a bubble so it could run in a Linux environment, and provide secure isolation.

In confirming a Linux client for Teams, Microsoft is encroaching on one of Slack’s most significant differentiating factors from the industry giant.

It’s particularly significant given that Microsoft announced in July that it has more users than its key competitor; boasting more than 13 million active daily users versus Slack’s latest reported figures of 10 million users.

This can partially be attributed to the fact it’s packaged into Microsft’s Office 365 ecosystem of productivity apps by default. But it’s also been considered fairly staggering considering Teams was lagging behind its rival as soon as April.

The rivalry between the two platforms has indeed been hitting up during 2019, with Microsoft banning its employees from using Slack in June, declaring some versions of the workplace service are not secure.

Oracle earnings flat as CEO steps down citing health reasons


Keumars Afifi-Sabet

12 Sep, 2019

Oracle’s chief executive Mark Hurd is stepping down from the company on a temporary basis for health-related reasons, as the software giant released its quarterly earnings earlier than expected.

The co-CEO, who shares his role with fellow chief executive Safra Catz, requested a leave of absence to address health-related issues, the company announced yesterday, following nine years at the company.

The news was announced in conjunction with the latest financial results, and has been disclosed just a few days before the company’s annual OpenWorld conference is set to kick off in San Francisco next week.

“To all my friends and colleagues at Oracle, though we all worked hard together to close the first quarter, I’ve decided that I need to spend time focused on my health. At my request, the Board of Directors has granted me a medical leave of absence,” said Hurd. 

“As you all know, Larry, Safra and I have worked together as a strong team, and I have great confidence that they and the entire executive management team will do a terrific job executing the exciting plans we will showcase at the upcoming OpenWorld.”

Hurd’s announcement overshadows the company’s roughly flat financial results for the first quarter of the 2019/20 financial year. Oracle declared revenues of $9.2 billion last quarter; the same figure year-on-year versus the first quarter for 2018/19.

Cloud services and license support revenue, meanwhile, climbed slightly to $6.8 billion versus $6.6 billion year-on-year, while cloud license and on-premise license revenue slumped to $812 million from $867 million.

“Autonomy is the defining attribute of a Generation 2 Cloud,” said Oracle’s CTO Larry Ellison. “Next week at our OpenWorld conference, we will announce more Autonomous Cloud Services to complement the Oracle Autonomous Database.”

As for the company’s leadership, Catz will continue on as sole CEO, while Ellison, who co-founded the company, will handle Hurd’s responsibilities. The company hasn’t announced how long Hurd will be away from his post.

Telstra partners with Microsoft on business-focused data-sharing hub


Keumars Afifi-Sabet

5 Sep, 2019

Telstra has launched a platform to give customers the capacity to seamlessly share data from their Internet of Things (IoT) devices using Microsoft’s Azure cloud platform.

The two companies have teamed up to co-develop the Telstra Data Hub, a modular system which aims to reduce the barriers that businesses face when it comes to sharing data, including the costs involved.

The technology will allow organisations, initially within the connected supply chain, water management and agribusiness industries, to share and exchange data securely.

The thinking is that by allowing businesses to harness their data through the platform, it’ll lead to productivity gains.

“Our heritage is in building national infrastructure that benefits generations,” said Telstra’s group executive for product and technology Christian von Reventlow.

“We see more than $100 billion in incremental value to customers and the economy through digitisation and data-driven collaboration.

“We are excited to be partnering with Microsoft and unveiling this new innovation today at Telstra Vantage and we look forward to sharing further news as we continue to develop this exciting product.”

The telecoms firm outlined a case study centred on the connected supply chain, in which one of Australia’s largest supermarkets has used the system to track and monitor shipping containers to reduce the cost of missing cargo.

The supermarket, and its partners, can in future use data accessed via the hub to respond to ongoing operational problems, as well as understand chokepoints and improve efficiencies within the supply chain.

Telstra identified several problems it aims to solve, including a reluctance to share data for fear of losing control, high costs in setting up platforms, a lack of data standardisation and having to integrate various systems together.

The partnership is part of a wider effort across the industry to give business customers far more power to access and exploit the vast amounts of data gathered.

Salesforce and Amazon Web Services (AWS), for example, bolstered their existing partnership in September last year to simplify data sharing, and give customers better access to data to drive digital transformation.

CISOs now say cloud technology is ‘just as safe’ as on-prem


Keumars Afifi-Sabet

4 Sep, 2019

The majority of security professionals now consider single-cloud technology to be just as safe, if not safer, than on-premise storage – while multi-cloud environments are deemed the riskiest setups, according to research. 

Cloud technology has seen an explosion in adoption rates among businesses in recent years but has been traditionally considered a riskier option for businesses than on-premise storage.

The majority (61%) of chief information security officers (CISOs), however, have indicated that while security concerns remain, businesses running single-cloud configurations are at no more risk than they would be powering their organisations through on-premise data centres.

There’s also a strong appetite for cloud adoption, with 88% of respondents to a Nominet survey reporting their organisations are either currently engaging in, or have plans to, adopting Software as a Service (SaaS) products.

The research questioned almost 300 CISOs, CTOs and CIOs from large organisations with more than 2,500 employees directly responsible for overseeing cyber security practices.

Some 71% of respondents said they were either moderately, very or extremely concerned with the risk of cyber attack in cloud technology, but these concerns are generally matched by anxieties with on-premise systems.

Interestingly, US respondents were almost twice as likely than CISOs based in the UK to suggest they were “extremely concerned” – 21% versus 13%. This could be based on a host of reasons, including differing compliance regimes, threat landscapes and media coverage of security breaches, the report suggested.

“Security has traditionally always been cited as a barrier to cloud adoption, so it is significant that the perceived risk gap between cloud and on-premise has disappeared,” said Stuart Reed Nominet’s vice president of cyber security.

“It is evident that security concerns are no longer an insurmountable barrier to cloud deployments given the high adoption rate of cloud services.”


Cloud infrastructure is becoming a major funding priority as IT leaders strive towards organisational change. Find out why in this whitepaper.

Download now


He added: “And, as we move into the ‘cloud era’, arguably security teams need to channel their concern into finding solutions that work with the cloud, just as they have been doing in an on-premise environment.”

Adopting a multi-cloud approach, meanwhile, is generally seen as more risk than hybrid and single-cloud approaches.

CISOs adopting such a configuration within their organisations were twice as likely to have suffered a data breach over the past 12 months; 52% versus 24% of single-cloud and hybrid-cloud users.

Organisations adopting a multi-cloud approach were also found to generally suffer a greater number of data breaches, with 69% of respondents reporting 11-30 breaches compared with 19% for single-cloud adopters and 13% for hybrid cloud adopters.

“When it comes to ensuring resilience and being able to source ‘best-in-class’ services, using multiple vendors makes sense,” Reed continued.

“However, from a security perspective, the muti-cloud approach also increases exposure to risk as there are a greater number of parties handling an organisation’s sensitive data.

“This is exactly why an eye must be kept on integration and a concerted effort be made to gain the visibility needed to counter threats across all different types of environments.”