All posts by Keumars Afifi-Sabet

Microsoft spruces up Outlook in a bid to catch up with major G Suite upgrades


Keumars Afifi-Sabet

5 Jul, 2019

Outlook is set to get a range of new features this month including a dark mode, a redesigned email experience and improvements to calendar synchronicity as part of a major overhaul of the platform.

Users of Microsoft’s Office 365 email service will see a number of improvements to the way messages can be read, categorised and organised, the firm announced. Changes to calendar and meeting functionality, and a series of significant aesthetic tweaks, make up the full complement of changes.

The new Outlook will feature categories that make it easier to tag, find or organise messages, with users able to add multiple categories to a single message.

A favouriting mechanism, in which contacts, groups or entire categories can be highlighted, also offers easier access to certain aspects of any user’s inbox. As with Gmail, meanwhile, users can also draft multiple emails on-the-go using ‘tabs’ that rest on the lower portion of the user interface (UI).

There’s also a snooze function for emails that need to be dealt with later. Snoozing a message removes it temporarily from the inbox, with it reappearing as an unread message at top of the pile once the snooze period expires.

Among the most eye-catching features, however, is a new dark mode, which lets users personalise their UI for night-time or low-light browsing. The lights can be turned back on when reading a specific email or composing one by configuring this mode in the settings menu.

The firm’s main rival in this space, Google, has spent the past year or so updating G Suite productivity suite, including a number of significant changes to Gmail, notably the use of artificial intelligence (AI) for predictive responses and inbox management.

Meanwhile, tweaks are also being made to Outlook’s calendar functionality, including the ability to search across multiple calendars, as well as filters to adjust the parameters when hunting for a person or event.

It’s also now possible to quickly create events and book rooms for meetings from the calendar surface on Outlook, while the ‘week view’ dedicates a larger screen area to today and tomorrow.

The changes will be implemented from in late July, with ‘targeted release’ customers no longer able to see an opt-in toggle that switches between the old Outlook and the beta version of the latest iteration.

‘Software glitch’ to blame for global Cloudflare outage


Keumars Afifi-Sabet

3 Jul, 2019

Cloudflare has resolved an issue that led to websites serviced by the networking and internet security firm to show 502 ‘Bad Gateway’ errors en masse for half an hour yesterday.

From 2:42pm BST the networking giant suffered a massive spike in CPU utilisation to its network, which Cloudflare is blaming on bad software deployment. This affected websites hosted in territories across the entire world.

Ironically, even Downdetector was knocked offline during the outage

Once this faulty deployment was rolled back, its CTO John Graham-Cumming explained, service was returned to normal operation and all domains using Cloudflare returned to normal traffic levels.

“This was not an attack (as some have speculated) and we are incredibly sorry that this incident occurred,” Graham-Cumming said.

“Internal teams are meeting as I write performing a full post-mortem to understand how this occurred and how we prevent this from ever occurring again.”

The incident affected several massive industries, including cryptocurrency markets, with users not able to properly access exchanges like CoinMarketCap and CoinBase.

Cloudflare issued an update last night suggesting the global outage was caused by the deployment of just one misconfigured rule within the Cloudflare Web Application Firewall (WAF) during a routine deployment. The company had aimed to improve the blocking of inline JavaScript used in cyber attacks.

One of the rules it deployed caused CPU to spike to 100% on its machines worldwide, and subsequently led to the 502 errors seen on sites across the world. Web traffic dropped by 82% at the worst point during the outage.

“We were seeing an unprecedented CPU exhaustion event, which was novel for us as we had not experienced global CPU exhaustion before,” Graham-Cumming continued.

“We make software deployments constantly across the network and have automated systems to run test suites and a procedure for deploying progressively to prevent incidents.

“Unfortunately, these WAF rules were deployed globally in one go and caused today’s outage.”

At 3:02pm BST the company realised what was going on and issued a global kill on the WAF Managed Rulesets which dropped CPU back to normal levels and restored traffic, before fixing the issue and re-enabling the Rulesets approximately an hour later.

Many on social media were speculating during the outage that the 502 Bad Gateway errors may be the result of a distributed denial-of-service (DDoS) attack. However, these suggestions were fairly quickly quashed and confirmed to be untrue by the firm.

Equinix ploughs $1bn into building xScale data centres across Europe


Keumars Afifi-Sabet

2 Jul, 2019

Data centre firm Equinix will invest $1 billion (approximately £793 million) into building six data centres across Europe to support some of the biggest cloud players like Microsoft Azure and Google Cloud Platform (GCP).

Backed by Singapore’s sovereign wealth fund GIC, Equinix will establish new xScale facilities in key locations around Europe, including London and Paris. They will be based near, or on, the firm’s International Business Exchange (IBX) campuses and provide companies with heightened connectivity and edge computing capabilities.

Equinix is only targeting hyperscale companies initially. These, in addition to Azure and GCP, includes Alibaba Cloud, Amazon Web Services (AWS), and Oracle Cloud Infrastructure, to support their unique workloads.

“It has been a long journey to reach this point, but we are tremendously excited to announce the formation of our first xScale data centers joint venture,” said Equinix president and CEO Charles Meyers.

“Partnering with a world-class investment partner like GIC will provide the opportunity to make significant capital investments in order to capture targeted large-footprint deployments while continuing to optimize our capital structure.

“The JV [joint-venture] structure will enable us to extend our cloud leadership while providing significant value to a critical set of hyperscale customers.”

Six xScale data centres, of which two are to be based in London, will allow customers to add core deployments to their existing access points so they can expand on a single platform. These are also specifically-engineered to meet the technical and operational requirements of hyperscale companies’ workloads.

The infrastructure will be managed and staffed by Equinix while being connected to the Equinix global platform in order to provide a non-disrupted experience for hyperscale firms.

“As hyperscale companies expand around the world, they will increasingly look to partners to provide both broad global scale and deep local knowledge when deploying data center space,” said vice president for datacentre infrastructure and services with 451 Research Kelly Morgan.

“By increasing the number of hyperscale facilities in the EMEA region, the joint venture between Equinix and GIC aims to accelerate the adoption of hybrid and multicloud as the IT architecture of choice by companies throughout the region.”

Equinix will sell its London LD10 and Paris PA8 IBX data centre facilities to the fund that manages this $1 billion joint-venture, with new xScale data centres expected to come to fruition on these sites.

New data centres will also be built in Amsterdam, London and on two sites in Frankfurt.

Microsoft bids for behind-the-scenes access to Linux flaws


Keumars Afifi-Sabet

1 Jul, 2019

Microsoft has applied to join two security boards for representatives of Linux distributions to discuss and coordinate vulnerabilities and security issues.

The linux-distros mailing list is used as a private channel where developers can discuss flaws in Linux systems and co-ordinate fixes for issues that have not yet reached the public domain. The oss-security group is used to discuss vulnerabilities that are already known.

Microsoft’s ‘Linux Kernal Hacker’ Sasha Levin sent an application to join the security boards last week, which could see the Windows developer to be party to behind-closed-doors conversations on ongoing security issues.

Members of this community include Chrome OS, Red Hat, Oracle, SUSEand Amazon Linux AMI.

There are several criteria that organisations need to meet to join the linux-distros group. For example, Levin cited Azure Sphere and Windows Subsystem for Linux v2 as examples of the company actively maintaining Unix-like operating system distro with open source components.

Successful applications must also have a userbase that isn’t limited to their own organisation, which Microsoft said it fits through millions of cores its customers run on systems such as those aforementioned.

Organisations must also be able to demonstrate at least a year-long track record of fixing vulnerabilities, including some on Linux distros, and releasing fixes for known issues within 10 days or fewer.

Applications would also have to gain the recommendation of an individual who has been active on oss-security of years but is not affiliated with the organisation. Levin copied in renowned Linux developer Greg Kroah-Hartman, who replied separately in the email chain to vouch for Microsoft’s submission.

“I can vouch for Sasha,” Kroah-Hartman said. “He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees.

“I also suggested that Microsoft join linux-distros a year or so ago when it became evident that they were becoming a Linux distro, and it is good to see that they are now doing so.”

Microsoft has shifted towards embracing Linux technology and open source principles over the last few years, and increasingly under CEO Satya Nadella’s leadership. This is after its former CEO Steve Ballmer infamously referred to Linux as a “malignant cancer” and “communism” almost 20 years ago.

A significant change happened a decade ago when Microsoft released 20,000 lines of code to the Linux open source community. This led the executive director of the Linux Foundation Jim Zemlin to declare at the time that “hell has frozen over”.

To demonstrate how much Linux popularity has surged in recent years, Sasha Levin added in a further message to the email chain that the usage of this technology on Microsoft’s Azure cloud services has now surpassed Windows. This is just two years after Microsoft said that 40% of virtual machines in Azure are running Linux.

As a result of this increased usage, Microsoft’s security centre has started receiving a higher volume of security reports of issues with Linux code from users and from vendors.

Microsoft unveils public preview for Azure Bastion


Keumars Afifi-Sabet

19 Jun, 2019

Microsoft has lifted the lid on its managed platform as a service (PaaS) product that seeks to protect exposed virtual machines (VMs) from outside threats.

The firm says it’s worked with hundreds of cloud customers across a wide area of industries to launch a preview of the service, which sits between the Azure portal to virtual interfaces.

It is said to guarantee a degree of safety when accessing off-internet VMs by providing seamless remote desktop protocol (RDP) and secure shell (SSH) connectivity via the secure sockets layer (SSL).

“For many customers around the world, securely connecting from the outside to workloads and virtual machines on private networks can be challenging,” Microsoft’s corporate vice president for Azure networking Yousef Khalidi said.

“Exposing virtual machines to the public Internet to enable connectivity through Remote Desktop Protocol (RDP) and Secure Shell (SSH), increases the perimeter, rendering your critical networks and attached virtual machines more open and harder to manage.”

Azure Bastion will feed directly into a customer’s Azure Virtual Network without the need to worry about managing network security policies, Khalidi added. The feedback Microsoft received from customers centred on the need for an easy and integrated way to deploy, run, and scale jump-servers or bastion hosts within Azure infrastructure.

Among the features are increased protection against port scanning due to limiting the exposure of VMs to the public internet. Azure Bastion is also reinforced by automatic patching, handled by Microsoft, to best guard customers against zero-day exploits.

Bastion hosts are generally known to be special purpose computers on networks that are specifically built to withstand cyber attacks. The computer normally hosts just one app, and all other services are removed or limited to reduce the threat surface.

Microsoft will be building out Azure Bastion over the coming months and adding more features as its developers progress the platform towards its general release.

Intel adds cloud support for Unite collaboration platform


Keumars Afifi-Sabet

10 Jun, 2019

Intel will target small and medium-sized business (SMBs) with a significant cloud upgrade to its flagship Unite communications platform.

The four-year-old system has traditionally required customers to install physical hardware at a cost to integrate Intel’s collaboration and video conferencing tools. From Wednesday 12 June, however, the firm is hoping to eliminate these barriers and pave the way for smaller companies to take on the platform.

The firm is also seeking to infiltrate new areas such as schools and hospitals. One example may be a doctor taking advantage of pre-installed screens to communicate information to a patient instead of relying on handwritten notes or a tablet device.

The Unite platform itself is built on the Intel vPro PCs, CPUs, chipsets and Wi-Fi components, which allows for a secure hardware encryption engine, as well as remote management. It will also support a wider array of integrated apps, ranging from unified communications tools like Cisco Webex to AV systems such as Panacast.

Fundamentally, Intel wants to introduce a baseline level of technology across an organisation, in rooms of varying sizes, to ensure workflows are continuous and colleagues can collaborate anywhere. These areas include huddle spaces, medium collaboration space and the board room.

The largest change involves adding a cloud-powered rotating PIN service that provides managed security and login between the Unite hub PC and a device running the Unite app. This has been designed to ensure that only people meant to attend a meeting hosted by Unite are allowed access to it, and bypasses the need for an on-premise server to handle PIN orchestration.  

“This is going to obviously give more deployment choice for existing customers,” said Tom Loza, the company’s global director for sales of Unite. “It will provide potentially, for those customers that are on-prem to move to the cloud, a lower maintenance cost of the solution. And just give a broader, more simple managed solution to our small business customers.”

Launched as a wireless sharing platform in 2015, Unite has since added a host of additional capabilities over time, including full client device support and moderator controls. Intel said these changes are all the result of user feedback, as is the cloud launch.

The upgrade not only opens new markets to Intel, Loza noted, but enables further scaling through channel partners, and expands the capabilities of these firms by signing them up to dedicated training programmes.

Salesforce launches blockchain platform for CRM


Keumars Afifi-Sabet

31 May, 2019

Salesforce is connecting a low-code blockchain platform with its customer relationship management (CRM) suite to open up new services and operations for its customers.

The cloud-powered software developer has launched the platform to allow companies to create blockchain networks, workflows and apps, in a way that’s easier and faster than traditional methods.

The Salesforce Blockchain platform is a low-code system built on the open source technology developed by Hyperledger Sawtooth and is customised to fit with the company’s flagship Salesforce Lightning CRM product.

Beyond building networks, users can layer blockchain data above existing sales, service, or marketing workflows, and run artificial intelligence-powered algorithms to integrate this data into sales forecasts and other predictions.

Salesforce says that blockchain’s distributed ledger technology can help with authenticating and sharing data across multiple third parties, where traditionally this process has been clunky and slow. Principally, the company says it streamlines how transactions and documents are created and exchanged.

“Blockchain allows us to upend antiquated processes like these and rebuild them entirely with customers at the centre,” said Salesforce’s senior vice president for emerging technologies Adam Caplan.

“Data can securely flow beyond an organization’s four walls and be extended to partners. Every party in the blockchain network can verify and see each transaction in an open, transparent way.

“The information is secure, trusted, and – if the need arises – can be audited.”

Organisations across several industries can use the technology for conventional business processes like asset tracking, credentialing, and authentication of goods. Salesforce says that combining CRM with blockchain data can see firms devise new business processes and models across sales, marketing, and services.

A real-life application of Salesforce’s blockchain platform involves Arizona State University, which is using the system to design and create an education network that allows universities to verify and share information securely.

S&P Global Ratings, meanwhile, is using the service to reduce the time it takes to review and approve new business bank accounts by bringing together multiple reviews for greater transparency in this process.

The main problem Salesforce is aiming to tackle involves a greater need for businesses to harness and share massive amounts of data with an ever-growing network of partners and third parties – and to do so securely.

The firm, therefore, sees blockchain’s distributed ledger as a means to plugging any ‘trust gap’ that arises if companies fail to manage to increased costs and inefficiencies that it said this process will introduce.

Salesforce is just the latest company to introduce a blockchain service after its CEO Mark Benioff teased such a platform in April last year.

Amazon Web Services (AWS) and Microsoft have both released blockchain-powered services, with the former targeting the healthcare and finance sectors with its Blockchain as a Service (BaaS) templates released last year.

Salesforce Blockchain is currently available to select design partners ahead of its general release in 2020.

Exposed business data rises by 50% to 2.3 billion files


Keumars Afifi-Sabet

30 May, 2019

More than 2.3 billion sensitive corporate documents, including customer data and passport scans, are thought to be sitting on publicly accessible online storage systems.

One year after researchers disclosed the scale of exposed business files hosted using technologies like the server message block (SMB) protocol and Amazon Web Services (AWS) S3 buckets, new findings reveal this figure has risen by approximately 750 million.

Data exposed via these misconfigured systems mean companies across the world are at risk of handing data to cyber criminals and violating data protection laws, according to security research firm Digital Shadows, with 2,326,448,731 (2.3 billion) files exposed as of 16 May. This is in contrast with the 1.5 billion files detected in 2018.

Despite the steep rise in the total number of files left exposed, researchers did see a noticeable decline in the number of files being leaked through misconfigured AWS S3 buckets, which have in the past been responsible for some of the largest data leaks. Experian data on more than 120 million American households was exposed in 2017, while similar leaks also hit the NSA, WWE, Accenture and, most recently, a third party app built from Facebook data.

Due to changes in the way S3 buckets are configured, made in November, researchers found only 1,895 exposed files on 16 May, compared to around 16 million prior to default encryption being added.

However, this is overshadowed by a dramatic rise in the number of files expose through the SMB protocol, amounting to 1.1 billion or roughly 48% of exposed business documents. This compares against 20% of files made public through misconfigured FTP services, and 16% of the 2.3 billion documents exposed via rsync sites

“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant,” said Photon Research analyst Harrison Van Riper.

“Countries within the European Union are collectively exposing over one billion files – nearly 50% of the total we looked at globally – some 262 million more than when we looked at last year.

“Some of the data exposure is inexcusable – Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organizations to regularly audit the configuration of their public facing services.”

In their previous report, published last April, the researchers detected exposed data totalling 12,000TB hosted across S3 buckets, rsync sites, SMB servers, file transfer protocol (FTP) services, misconfigured websites (WebIndex), and network attached storage (NAS) drives. This volume of information was roughly 4,000 times greater than the Panama Papers leak three years ago.

The first set of findings were based on files detected during a three-month window between January and the end of March 2018, while their latest report has extended the observation window to between April 2018 and mid-May 2019.

Based on their most recent findings, researchers are particularly worried about a “troubling” rise in files exposed through SMB-enabled file shares, partially because they’re “not entirely sure why that’s the case”.

One potential indicator could be that AWS Storage Gateway added SMB support in June 2018, allowing file-based apps developed for Windows an easy way to store objects in S3 buckets. But the greater concern centres on ransomware, with more than 17 million ransomware-encrypted files detected across various file stores.

Elsewhere, the researchers discovered a variety of sensitive data exposed through misconfigured systems, including one server that contained all the necessary information an attacker would need to commit identity theft. The FTP server held job applications, personal photos, passport scans, and bank statements. All this data was publicly available.

Another example centred on medical data, with 4.7 million medical-related files exposed through the files stored the researchers analysed. The majority of these were medical imaging files, which doubled in volume from 2.2 million last year to 4.4 million today.

In light of its findings, Digital Shadows has advised organisations to use the Amazon S3 ‘Block Public Access’ setting to limit public exposure of buckets that are intended to be private. Logging should also be enabled to monitor for any unwanted access or potential exposure points.

Researchers have also advised businesses to disable SMBv1 and update to SMBv2 or v3 for systems which require the protocol. IP whitelisting, too, should be used to enable only authorised systems to access the storage systems.

NAS drives, as with FTP servers, should be placed internally behind a firewall with access control lists implemented to prevent unauthorised access.

Nvidia launches edge platform to ramp up AI and IoT data processing


Keumars Afifi-Sabet

28 May, 2019

Nvidia has launched an edge computing platform to give businesses a greater swathe of tools to perform heavier processing workloads from data derived from Internet of Things (IoT) devices.

By establishing a multitude of edge servers across the world, the chip manufacturer is hoping that firms in industries like healthcare and manufacturing can process their data instantaneously to improve business operations.

This is in light of an expected explosion in IoT devices within the next few years, and the data the monumental amount of data the ecosystem will produce.

Nvidia’s EGX platform is touted as being able to perceive, understand and act in real-time on continuous data streaming between 5G base stations, warehouses, retail stores, factories, and other locations.

“Enterprises demand more powerful computing at the edge to process their oceans of raw data – streaming in from countless interactions with customers and facilities – to make rapid, AI-enhanced decisions that can drive their business,” said Bob Pette, vice president and general manager of Enterprise and Edge Computing at NVIDIA.

“A scalable platform like NVIDIA EGX allows them to easily deploy systems to meet their needs on premises, in the cloud or both.”

The device at the heart of Nvidia’s new edge servers is the company’s Jetson Nano, a small module that can enable the development of low-power AI systems. Nvidia says this device can provide 500 billion operations per second using just a few watts of power, for tasks like image recognition.

As part of the project, Nvidia has also teamed up with Red Hat to integrate and optimise its Edge Stack software with OpenShift, a container application platform. Mellanox and Cisco’s security, networking and storage technologies have also fed into the edge platform.

It will also be offered through major public cloud providers, including Amazon Web Services (AWS) and Microsoft’s Azure platform, with users able to remotely manage their Nvidia Edge Stack service.

Nvidia’s AI research has spanned a number of industries, including healthcare, with the firm previously announcing a partnership with King’s College London to build an AI platform to automate radiology.

Nvidia’s EGX platform has already been at the heart of developing a number of healthcare-related software packages, the company says, as well as applications suitable for large retail chains and organisations involved in smart city development.

View from the Airport: Citrix Synergy 2019


Keumars Afifi-Sabet

24 May, 2019

“Enterprise software sucks today, and we’ve really failed our employees”; these are the words of Sapho co-founder Fouad ElNaggar, parroted by Citrix’s CEO David Henshall during the company’s main keynote address on day one of Synergy 2019.

When Citrix bought out the six-year-old micro-apps platform for $200 million in 2018, the significance hadn’t been fully realised. But in Atlanta, we learned more than anything that ElNaggar’s vision for a massively heightened ’employee experience’ has been injected directly into the heart of the virtualisation company.

The previous 12 months for Citrix have been at times uncertain and at worst torrid. The spectre of a monster 6TB data breach hung over the company throughout Synergy 2019 because executives left it unaddressed. A blog was published the day before but added little to what we already knew. It was only through conversations with the firm’s chief digital risk officer Peter Lefkowitz Cloud Pro was able to gain a sense for how Citrix has tried to learn and move on.

While Citrix didn’t so much dazzle, the company did put forward a defined vision that borrows from elements of its past while, by-and-large, feeling fresh enough from its executives’ perspective, to get excited about.

A major problem business faces today is that the majority of workers are disengaged. Henshall cited research claiming this figure is as high as 85% The reason? Well, enterprise software ‘sucks’. It can be functional but frankly looks like it should belong in a CRT monitor.

The company has pivoted towards improving the user experience (UX) for employees and slashing the time they spend on tasks like filling out expense claims. This chiefly manifests as a host of ‘intelligent experience’ improvements to its flagship Workspace platform, with the ultimate goal being to return one day per week to workers.

To get there, Citrix is stealing user interface (UI) ideas from social media platforms like Facebook, Instagram and Twitter, which the firm concedes is pulling well ahead of the enterprise space. Never-ending newsfeeds, notifications that demand your attention, and single-click buttons are making their way into business software to keep employees switched on in their work lives. This element of consumerisation, according to Chris Marsh, research director at 451 research, is not novel but a much-needed idea that hasn’t yet caught on.

“Enterprise software has been woefully bad at engaging its users,” Marsh told Cloud Pro. “What Citrix is trying to counter is the fragmentation of work across the multiple apps employees are using and all the context switching and productivity losses that result in.

“It’s of course in its interest to have users spend more time in its Workspace but it has a decent rationale as to why a single plane centralising otherwise diffuse and siloed information is necessary and could provide a good experience.”

But assuming there’s truth to this “disengagement epidemic”, to what extent would revitalising clunky UIs make up for other workplace bugbears? I’m thinking along the lines of bad colleague relations, a nasty commute, or the nature of the work itself? Even on the software front, this model can’t solve everything.

“Lightweight, task-based actions it’s pitching its micro-apps as solving are just a fragment of the kinds of work the typical employee has to do,” Marsh continued. “It might be problematic if that’s all Workspace natively enables, i.e. you’d be having to go to its micro-apps for some things, yet everything else still happens within other apps.

“I suspect however that through partners and it’s micro-app builder strategy it’ll widen out what can be intelligently surfaced from other apps into the cards.”

Citrix has shifted through several guises in previous years, and ironically even pitched itself as a “new breed of security company” just two years ago. But, with a great dose of inspiration from the startup it acquired last year, the Citrix of 2019 appears to have finally stumbled upon what it believes is a roadmap for building the ‘future of work’. Time will tell whether it gets lost on the way.