When Melissa Di Donato joined SAP in 2017, having counted Salesforce, IBM and Oracle among her previous employers, she told this publication it was like ‘coming home.’ Now, as chief executive of Linux enterprise software provider SUSE, it is more a step into the unknown.

Yet it is not a complete step. Working with a proprietary software company means your experience is primarily in selling it, implementing it and aligning it to others’ business needs. With SUSE, Di Donato knows far more acutely what customers want.

“Though I don’t have a whole load of open source experience per se, I’ve got all the detail and all of the understanding of what it is to be a SUSE customer,” Di Donato tells CloudTech. “That’s really important because, as we go to market and look at who we want to be, who we are for, who we are now and who we want to become, it’s really about embracing this collaborative nature of creating software in a community, but pivoting around customer needs.”

Having that portability, regardless of what platform you choose, is becoming very important – what’s good on Azure today may be better on Google tomorrow

Since being named as SUSE CEO in July, Di Donato has been visiting customers and crafting the company’s message around two themes. For the enterprise market, while the buzzwords around containers, software-defined storage, multi-cloud and hybrid cloud remain, solid progress is harder to come by. Add in that every customer has different needs, after all, and the strategy needed to be boiled down somewhat.

Not unlike other organisations, SUSE’s customer base is split into various buckets. You have traditionalists, which comprise about 80% of customers, hybrid beginners, cloud adopters and cloud-native; the latter three all moving in ever decreasing circles. Regardless of where you are in your cloud journey, SUSE argues, the journey itself is the same. You have to simplify, before you modernise, and then accelerate.

Di Donato argues that cloud and containers are ‘very, very overused words’, and that getting to grips with the technology which holds the containers is key – but all journey paths are valid. “Whether cloud means modernising, or container means modernising, VMs, open source… [customers’] version of modernising is really important, and they want to simply and modernise to then get to a point where they can accelerate,” she says. “Regardless of what persona you are, what customer type you are, everyone wants to accelerate.”

These days, pretty much everyone is on one of the hyperscale cloud providers as well. SUSE has healthy relationships with all the major clouds – including AWS, which is a shot in the arm for its occasionally-criticised stance on open source – aiming to offer partnerships and value-adds aplenty.

The problem is that the hyperscalers do little to assist the simplification process. At re:Invent in December, AWS said that at last count it offered more than 175 services. “We’re overwhelmed by the number of services and tools being offered to our customer base,” says Di Donato. “There’s a whole different conversation [before] about how, as a complex enterprise, [you] get to public cloud. If you have one small application on public cloud, [you can] choose from hundreds more.”

So what can SUSE do? Ironically enough, by offering as many options as possible to its customers. “How do I get our natives and traditionalists, at two opposite ends of the spectrum, into an environment where they can move and continually modernise?” says Di Donato. “It’s going to need to be flexible, it’s going to need to be agnostic, it’s going to need no lock-in and be able to simplify the complexity around the various components that hyperscalers have.

“Having that portability, regardless of what platform [customers] choose, is becoming very important,” Di Donato adds. “What’s good on Azure today may be better on Google tomorrow – and we have to have the flexibility and simplicity to be able to move our customers over, the easiest way forward.”

The other message – and arguably an even more important one – is around ‘daring to be different.’ It was the title of an article Di Donato wrote on LinkedIn when she joined SUSE, which focuses on the wider community and message. “I’m fortunate to have a platform from which I can be an activist and an advocate for openness, diversity and inclusion,” Di Donato wrote at the time, adding she particularly advocated opportunities for girls to move into STEM. “I believe we can all give back more than we take.”

The ‘openness’, given SUSE’s heritage, should be a given – but it isn’t across every area. “The company is inherently open and collaborative – in an open source environment you can contribute literally from anywhere – however you don’t see a load of diversity in open source as an industry right now,” says Di Donato. “The need to always have diversity and inclusion on the agenda is really important.”

More than anything else, this was priority number one when Di Donato took over the reins at SUSE. Among other initiatives, an employee network around women in tech was launched. It is now more than 150-strong, for men and women “to ensure we evangelise the brand and get out there and show the world just how diverse we are and can be in open source at SUSE,” as Di Donato puts it.

Di Donato has been discussing greater representation for women in STEM for almost as long as she has been a senior executive. At her first role, at SAP as an R3 developer, she was the only female in her cohort. “10 years ago we stopped talking about women in tech because we were getting bored of it in the UK, right?” she says.

The headlines keep on coming, however. As CloudTech reported in October, the Forbes Cloud 100, an influential list of top privately-held cloud companies, featured a grand total of three firms led by women. The month before, another Forbes list, of America’s 100 most innovative leaders, featured just one woman, drawing opprobrium.

Even in her current role, Di Donato has gone to certain geographies to find herself the only female in the room. “We haven’t come very far,” she says, laughing ironically. “I tend to think that for any network of people that talk this passionately about a particular topic, over decades, you would think the dial would move. Yet we still struggle.”

As a mother of three and newlywed – having previously been widowed when her youngest child was 18 months old – Di Donato is especially concerned at getting more focus for parents, such as not penalising them if a family crisis meant they could not make the office.

Women need to be role models to show young executives the importance of being capable of juggling more than just one or two things

Rachel Keane, co-founder of the Women in Data series of events, previously told this publication of another danger for women: in an industry as fast as cloud computing, a year away means a huge gap of knowledge. Nothing is insurmountable, however. “For most people, they can’t imagine naturally what they’re capable of,” says Di Donato. “You can only understand what you’re capable of at a turning point in your life.

“We need to be role models to show other executives, particularly young talent, the importance of being capable of juggling more than just one or two things.”

More than anything else, however, wherever you are today, it is about being true to one’s self. Di Donato wants to exemplify this with her platform as CEO. “I’m faced with maybe exacerbating the fact that I’m quite loud, I’m quite vocal, I speak to a lot of employees, a lot of customers, and I’m a woman, right?” she says. “That’s a learning experience for me too – try and communicate in a way that people understand and are used to, but at the same time don’t lose myself either.

“I am enthusiastic and I am passionate and focused, and I am opinionated and I am driven,” adds Di Donato. “I don’t want to lose that purely because I’m different than everybody else right now.”

Picture credit: SUSE

Read more: Building confidence and power: Exploring greater female leadership and participation in cloud and data analytics

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Dave Mitchell

Jane McCallion

Foreign exchange firm Travelex has taken itself offline after discovering that a “software virus” had compromised its systems.

The incident, which is ongoing at the time of writing, began on New Year’s Eve 2019. The company said in a statement that while there’s no indication any customers’ personal data has been accessed, it took the decision to close down its systems “as a precautionary measure in order to protect data and prevent the spread of the virus”.

It added that its physical branches will continue trading, but foreign exchange services will be carried out manually.

The company has said it has deployed teams of IT specialists as well as external cyber security consultants to “isolate the virus and restore the affected systems”. This, however, is cold comfort for customers, some of whom claim to have been left with no access to money while abroad.

Perhaps this explains why we have been stuck in Canada for four days with no access to our money? I%u2019ve been calling you every day for an update, maybe your phone agents could explain the situation instead of constant false promises?

— MattBartlett (@MattBRecruiter) January 2, 2020

pic.twitter.com/GLnkZN6ZN5

— AJR (@AJR42877534) January 2, 2020

Recommendations to visit Mastercard’s Cash Passport service, which underwrites Travelex’s currency cards, seem to be fruitless as well.

Your suggestion to use money passport was no help. Didn%u2019t recognise travelex card number.

— Lucy Southee (@lsouthee) January 3, 2020

The incident has implications beyond Travelex as well. HSBC and Virgin Money, which both use Travelex for their currency exchange services, are both displaying a notice saying their online services are unavailable due to “planned maintenance”.

Tesco Bank, meanwhile, simply says it can’t offer online foreign currency services and advises users to head into its branches.

The severity of the attack and whether a full data breach has occurred is currently unclear. However, a spokesperson for the UK’s data regulator, the Information Commissioner’s Office (ICO) confirmed to IT Pro this morning that it had not received a report from Travelex.

IT Pro has contacted Travelex for further clarification, but hadn’t received a response at the time of publication.

In many organisations today, IT is more than a utility: it has become an essential platform for their ongoing business development. Therefore, they crave a superior IT experience for their employees and other key stakeholders. For most, cloud computing is a fundamental ingredient of the digital transformation agenda.

The common commercial use cases for public cloud services have already been exploited by many organisations. Front-office applications, such as customer relationship management, online commerce, and numerous consumer-facing apps, constitute the bulk of the workloads that reside on cloud service provider shared infrastructure.

These initial use cases have validated the proven benefits of cloud computing architectures that are appealing to software developers – including speed of deployment, dynamic resource acquisition, application elasticity, and service reuse across workloads.

Leveraging the inherent benefits of cloud service offerings, organisations are now focused on the potential of utilising IT infrastructure for innovation, process improvement, streamlined operations, entering new markets, and the creation of a preemptive response to potential disruption by new tech startups.

According to the latest worldwide market study by the IBM Institute for Business Value (IBV), organisations report success with public cloud initiatives, especially those forward-looking business transformation projects related to digital growth.

Meanwhile, mission-critical, security-dependent applications — such as customer databases, transaction processing, finance and accounting, supply chain, and manufacturing — are somewhat less likely to reside on a public cloud service provider’s platform.

This is particularly true for highly regulated industries, such as financial services and healthcare, where the greatest proportion of their online business processes have yet to move to a cloud service delivery model.

In many cases, these computing and storage workloads are better suited to the private cloud — or a mixture of public, private, and non-cloud traditional IT infrastructure.

In order for the next phase of cloud computing benefits to be realised, an open and adaptable approach to IT infrastructure architecture is required to address the multitude of use cases.

The evolution of cloud services adoption

The hybrid IT model permits public clouds, private clouds, and on-premises non-cloud IT infrastructure to connect across all three standardised technology interfaces: Linux OS, Open Container Initiative, and Kubernetes. These technologies enable developers to innovate with scale and agility, improving responsiveness and constraining cost, despite growing complexity.

Hybrid IT enables workloads to be deployed on the optimal compute and storage environment.

• Public clouds are well suited for many front-office workloads.
• Private clouds are well suited for many of the mission-critical workloads where the benefits of cloud are desirable — but the security and assurance of a private environment are preferred.
• And traditional IT environments are suited for workloads that don’t inherently take advantage of cloud benefits — and demand the dedication of computing resources.

According to the IBM IBV assessment, as hybrid cloud solutions become widespread, there will be more variations of cloud service adoption across all industries. However, in the more regulated industries, the cloud service mix will tilt toward private cloud adoption, rather than public cloud. In the less regulated industries, the cloud service mix will likely tilt the other way.

In all cases, there’s a universal need to interoperate between public, private and traditional IT.

Hybrid cloud’s intrinsic interoperability and portability can mean that organisations are less likely to become locked in to a proprietary environment or to one particular public cloud service provider. Savvy CIOs and CTOs will choose to place their workloads on the best-fit platform and maintain interoperability between IT environments and between different public cloud service providers.

Why freedom to choose matters

Hybrid cloud can also help to address security concerns and other potential barriers to an otherwise successful cloud service deployment. The IBM IBV research study findings indicate that IT security and governance are the two top reasons cited as justification to keep enterprise workloads on-premises.

Armed with hybrid cloud solutions, organisations can run applications and store data in the specific IT environments best aligned with security, regulatory, and governance requirements.

Hybrid cloud also allows enterprises to manage their cloud transition dynamically, selecting acceptable levels of downtime and overcoming the possibility of operational constraints.

The next chapter in the evolving cloud computing story is about gaining access to enhanced capabilities – in particular, the cloud-enablement of complex mission-critical software apps.

The IBM IBV outlined key steps toward the hybrid cloud model:

Architect the destination: Think open, multi-cloud, hybrid cloud. Your organisation will live with the decisions you make today for years. Think through which of your workloads fit best in the public cloud, private cloud, and traditional IT environments. Avoid both environment lock-in (to only one of the three) and vendor lock-in, and reassess approaches that might not survive as standards and technologies evolve.

Sequence the journey: Avoid “ready, fire, aim” approaches. Layout a careful, clear roadmap of what you want to do and in what order. You may experience pressure to skip ahead without building a solid, open foundation. Resist it.

Mobilise the right skills and assets: Draw upon talent within and outside your enterprise. It’s important to develop and maintain in-house skills, but working with trusted third-party services providers, enabled by greater interoperability, can help bridge short-term gaps while reducing fixed costs.

Manage to create clear outcomes: Establish meaningful qualitative and quantitative measurements and be tenacious in holding to them. Remain flexible and incorporate new technologies as they emerge. Always stay true to your business, architectural, and technical principles.

The hybrid IT strategy questions to ask include:

• To what extent do your people understand the implications and opportunities of next-generation cloud on your business and your competitive environment?
• How is your organisation, and your competition, taking advantage of hybrid cloud, particularly data and processes that, until recently, have been difficult to move?
• What adjustments have you made in hiring and training to have the right people at the right time working on the right things in dynamic ecosystems powered by hybrid cloud?

The quest for hybrid IT nirvana

In summary, organisations will continue to seek the essential benefits of a hybrid model because it offers them the freedom of choice that forward-thinking CIOs and CTOs require. Put simply, they’ll need the flexibility and agility of a Hybrid IT environment to achieve their bold goals for digital transformation.

From the C-suite perspective, this quest isn’t about technology. Rather, it’s about applied IT enabling strategic business outcomes. The goal: deliver a unified experience across platforms that abstracts the underlying IT infrastructure. The ‘everything-as-a-service’ platform accelerates the achievement of commercial objectives. It also reduces the risk of cyber threats by assuring digital trust.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

It is derived from the plant Ricinus communis, also called the castor oil plant. Castor beans get pressed into a versatile, pale-yellow vegetable oil with a very distinct flavor and smell. As mentioned, it has immense moisturizing benefits, so it can soften flaky skin and infuse life into it. It can also provide a barrier on the skin and protect against moisture loss. For hair, it acts as a lubricant, coating and conditioning strands to improve smoothness and shine. To put it in a nutshell, you must add it to your beauty regimen immediately.

read more

The way that consumers and end-users interact with businesses and their services has changed dramatically in the last decade. Today, nearly every transaction is supported by applications, meaning the role of IT has evolved from being a back-office function to a strategic enabler that makes the difference between success and failure for everyone in the business. 

If organisations want to succeed in 2020 and beyond, they need to deliver seamless user experiences. The only way to achieve this is with a multidisciplinary view of user experience and digital services across the organisation. Digital business application owners, IT and DevOps teams need to understand the direct link between user experience, application performance and business outcomes.

Struggling with tunnel vision

However, while the data to unlock that insight is already flowing through the business and being analysed, it’s usually siloed across disparate tools. This makes it nigh on impossible to understand data in context and turn it into actionable answers that can improve business outcomes.

These silos have evolved as different teams within the organisation have adopted their own tools for a variety of use cases. These tools all provide important information, but their siloed nature leaves individual teams with tunnel vision, as they are unable to see the wider context of what each set of data means for the business as a whole.

As a result, it is very difficult to determine the impact IT performance has on business outcomes without a lot of manual correlation. That takes time and in some cases is nearly impossible to do at all given the dynamic and complex nature of modern cloud environments. As such, it fails to provide actionable answers when they’re needed most – in real-time.

Looking at the bigger picture

To make more informed decisions and prioritise efforts to optimise digital services based on the impact on business outcomes, organisations need access to software intelligence that provides context. For example, IT teams and application owners could use business and application performance data to prioritise initiatives to improve customer journeys based on how revenues and conversions are being affected. This can only be achieved by breaking down the silos between tools and implementing a common data model that ties user experience, customer behaviour and application performance data together with business metrics.

If that data model is combined with deterministic AI, which provides precise insights into the root cause of anomalies, it’s possible to analyse the vast quantities of data flowing through the organisation and uncover real-time answers to business questions. In some cases, these answers can be used to automate remediation, so teams within the business don’t even need to manually intervene and resources can be used more effectively to provide better outcomes for the organisation.

Getting ahead of the game

Ultimately, today’s businesses live or die based on the ability to deliver perfect software and seamless digital journeys. In such an environment, it’s crucial that everyone in the organisation has access to real-time answers that reveal how business outcomes are being impacted by application performance. That’s impossible to achieve if everyone is just looking at their own piece of the puzzle.

Digital business application owners, IT and DevOps teams need to put their heads together and work collaboratively to see the full picture of what’s happening. By breaking down the walls between tools and taking a new, multidisciplinary approach to how they run the business, organisations can leap ahead of their competitors in 2020, by unlocking the answers they need to improve business outcomes.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

To say 2019 was a busy year for cloud would be no surprise. Yet the past 12 months has seen innovation, expansion, and drama which represents a poke in the eye for those who dismiss the industry as being consolidated and saturated.

Without any further ado, here is CloudTech’s traditional look back on the year in focus – and what the following 12 months will have in store for industry players and watchers alike.

The new hybrid cloud: Outposts leads and others follow

It was the hottest topic as 2018 drew to a close; the launch of AWS Outposts, with VMware as partner in crime, which promised to deliver a ‘truly consistent hybrid experience’ to ‘virtually any’ on-premises facility.

Naturally, as Microsoft and Google’s big events rolled around in 2019, attention turned to this area above all others. Google Cloud Next in April saw the launch of cloud services platform Anthos. Or, rather, it was a relaunch: to ‘build and manage modern hybrid applications across environments’, as well as accommodate AWS and Azure. In November, Microsoft launched Azure Arc, and outlined its theory of ‘hybrid 2.0’. Hybrid capabilities ‘must enable apps to run seamlessly across on-premises, multi-cloud and edge devices’, as Azure CVP Julia White noted at the time.

This means that the three largest cloud vendors are in a state of ‘collaborative détente’ right now, in the words of Pivot3 CMO Bruce Milne. Speaking to CloudTech at VMworld in August, Milne noted of the ‘obvious strategic tension’ to “watch this space because that friction is sure to generate sparks eventually.”

Kurian’s busy year as Google’s cloud chief

Another area industry watchers pencilled in for 2019 was how Thomas Kurian would take over the mantle left behind by Diane Greene as Google Cloud’s CEO. Among the in-tray items for the new boss were expansion and enterprise sales – or in the case of the latter, at least talking a good game.

This was exemplified in Kurian’s debut speaking slot as chief executive. At a Goldman Sachs conference in February, the former Oracle executive told delegates that old-school sales tactics were key to pushing Google’s message of differentiation. How has that gone? It’s hard to say; while Google still remains shy when it comes to revealing specific cloud figures, the overall soundbites have been solid around customer momentum and partnerships, while Anthos was well received.

As far as 2019 went, Google was the busiest hyperscaler in terms of acquisitions. While AWS had CloudEndure at the start of the year and Microsoft moved for Movere in September, Google’s shopping list had four items in total. Alongside Looker, the biggest deal, were moves for enterprise data pipeline provider Alooma, storage firm Elastifile, and VMware workload runner CloudSimple. New expansion areas included Poland, Switzerland, and Japan.

Open source providers open a can of worms

Maintaining your open ethos and turning a profit is frequently an area of tension, particularly for companies who deal in cloud and big data software. Indeed, 2019 was set to be a vital year for open source development in this context; the IBM-Red Hat acquisition hinted at it.

So it proved. In February, Redis Labs modified its licensing terms with this in mind, before having to change them again to appease open source and developer communities. The change meant developers were free to use the software, modify the source code et al – which they of course were always allowed to do – stipulating that the end result could not be a database, caching, search, indexing or stream processing engine, or anything to do with machine learning, deep learning, or artificial intelligence.

The month before, Confluent secured a $2.5 billion valuation having undergone a license change of its own. At the time, co-founder Jay Kreps maintained that the way forward building fundamental infrastructure layers was with open code. “As workloads move to the cloud we need a mechanism for preserving that freedom while also enabling a cycle of investment, and this is our motivation for the licensing change,” he wrote.

Speaking to CloudTech at the time of the change, Redis CEO Ofer Bengal said that, aside from AWS – frequently cited as the primary culprit for this behaviour – ‘the mood [was] trying to change’ between the big clouds and open source software providers. The proof of this theory was borne out in April, when Google Cloud announced at Next what it described the ‘first integrated open source ecosystem’ with seven vendors. Confluent and Redis Labs were both part of this group, with Bengal joining Kurian on stage to announce the deal.

Trump’s turn: Microsoft pips AWS to JEDI contract in shock decision

For the vast majority of 2019, the common consensus was that Amazon Web Services would secure the $10 billion JEDI (Joint Enterprise Defense Infrastructure) cloud contract. Yet many were not banking on the intervention of the US President. In July, around the time Oracle’s legal challenge was running out of gas, President Trump announced he was looking at the procurement process, citing complaints from multiple rivals.

In October, the Department of Defense announced Microsoft had won the contract. Many industry pundits took to link the stormy relationship between the president and Jeff Bezos to explain the decision; a book from former secretary of defence James Mattis alleged that President Trump told him to ‘screw Amazon’ out of the contract.

AWS has, not surprisingly, sought to appeal the ruling. Aside from the procurement process itself, this publication explored the definition of multi-cloud in a federal context. The award was, and always had been, for a single provider – a bone of contention in itself. Yet given AWS has been running the CIA’s cloud for years, what does this mean? “The DoD argued [it needed] one supplier simply because [they] need the level of tight integration and security,” cloud pundit Bill Mew told CloudTech in October. “I totally buy that if that’s their argument – but then why are they not going to the same supplier the CIA has?”

2019’s major cloud mergers and acquisitions

October: Digital Realty acquires Interxion for $8.4bn in biggest data centre deal of them all
August: VMware moves in for Pivotal and Carbon Black at combined $4.8bn
June: Google Cloud looks to Looker in $2.6bn all-cash deal for greater multi-cloud analytics
June: Salesforce to acquire Tableau for $15.7bn to combine AI with BI bulk (link to MarketingTech)

2020 outlook

Henrik Nilsson, vice president EMEA, Apptio

As seen in other software industries, overly aggressive price wars would likely upset the cloud market. As a result, AWS, Azure and Google Cloud Platform will all continue to enhance their specialities in 2020 – for instance focusing on scale, or a specific sector, or AI capabilities – to provide differentiation.

This will have a knock-on effect on costs. Apples to apples comparisons of pricings is already difficult, but moving forward businesses will have to do a much better job of tying value to cloud to make the right decisions for their business needs. In 2020 companies will need to establish a cloud centre of excellence and a ‘FinOps’ mindset, whereby all areas of the business have greater understanding of, and accountability for, cloud spend.

Dave Chapman, head of customer transformations, Cloudreach

The new era of enterprise cloud adoption will be among ‘cloud-native businesses’; organisations built directly with the cloud’s scalability and efficiency in mind. We’ve already seen how valuable it can be to have this agility built into a company’s DNA – look no further than the behemoth that is Netflix – so in 2020, expect to see more organisations migrating workloads to the cloud in an effort to meet the growing demands of today’s digital businesses.

Sanjay Castelino, chief product officer, Snow Software

Today’s cloud infrastructure is relatively easy to understand compared to what it will look like in 2020 and beyond. For example, when provisioning a cloud instance today, a user only needs a basic idea of how it operates and what it will cost. But when new cloud approaches like serverless become more popular, cloud usage will be managed by the people writing code.

In serverless computing, the code drives the cost to deliver the service, and businesses are not yet prepared to deal with these new consumption models. In the next year, companies need to priorities understanding consumption models because those models will have a significant impact on their business.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Zakia Miami Face Mask Brush Set: 7-Pack Facial Mask Applicator Kit – Hairless Soft Silicone Applicators for Clay Mask Mixing Bowl, Body Lotion And Body Butter Application – Beauty Mask Applying Tools Set.

read more

Cloud Pro

​In what has become a regular feature here at IT Pro, we’re back again to take a look at some of the year’s most dramatic security stories, many of which were scarily similar to those we saw in 2018.

What’s clear is that businesses continue to face the same old threats, although you’ll see from our picks that there are plenty of examples of attackers using ingenious methods to breach systems.

Here’s our pick of 2019’s scariest security stories.

VFEmail’s nightmare year

The first entry on our list, and one of the earliest of 2019, involved an attack on US email provider VFEmail. In what was described as a catastrophic breach on VFEmail’s systems in February, the company’s infrastructure had been virtually wiped out overnight, with every disk on every server, including its backups, being destroyed.

Perhaps the most chilling part of the story is that there appeared to be no apparent motive behind the attack and that VFEmail may have been targetted randomly. No ransom was ever offered in exchange for the data, nor was there any evidence that the attacker was even interested in stealing the data.

We were under DDOS attack this weekend. If you received 'Unable to connect to server' warnings, that's an unfortunate side-effect of Cloudflare's active protection. Though without it, the site was completely inaccessible.

— VFEmail.net (@VFEmail) October 21, 2019

Despite the loss, VFEmail remained committed to staying operational, although the company would come under repeated attack throughout the rest of 2019. Customers would face phishing attacks over the following few months, only for the main service to be hit by three consecutive DDoS attacks in late October and early November. To date, work is still ongoing to restore full functionality to its services.

NASA narrowly averts catastrophe

Next up we have one of our most widely read stories from the year, and an example of how the miss-handling of relatively new hardware can pose a serious threat to legacy systems. In June, NASA revealed that a Raspberry Pi device had been blamed for a 2018 data breach that saw the theft of 500MB of mission system data.

An employee was said to have brought a Raspberry Pi into work without permission and connected it to NASA’s Jet Propulsion Laboratory network, which a hacker later targetted to gain access to adjoining systems.

The incident sparked a wider investigation into the organisation’s systems and networks, which found myriad flaws in its database management techniques and methods used to track devices and applications using internal networks. It was ruled that the JPL network was, in fact, incapable of detecting whether an unauthorised or unsecured device was attached to its network.

The report issued ten urgent recommendations for fixing NASA systems, all but one of which were implemented immediately. NASA was fortunate in this instance, as the relatively minor security incident revealed far greater problems plaguing its systems, which were mercifully fixed before disaster could strike.

Hackers at the door

For our next entry, we fast forward to November, where a vulnerability in Amazon’s Ring doorbells was discovered that could allow hackers to intercept their owner’s Wi-Fi passwords.

Researchers at Bitdefender discovered that by accessing a Wi-Fi network’s credentials, criminals could launch much larger and far more sophisticated attacks against a household. This was possible as the device stored passwords in plain text which were then communicated between a smartphone app and the doorbell using HTTP rather than the far more secure HTTPS.

The news prompted further calls for tougher legislation around the manufacture of connected devices, particularly when they are destined for the home.

King’s Cross, we barely recognise you

In what will likely set a precedent for the use of cutting-edge technology in public spaces, August saw an investigation by the Information Commissioner’s Office into the use of facial recognition technology at King’s Cross.

Private owners of the 67-acre site, which houses 50 buildings and is home to major companies such as Google, said they had introduced facial recognition technology alongside their CCTV system to improve the on-site public experience. However, both campaign groups and the Mayor of London Sadiq Khan criticised the decision as it was unclear precisely how the technology was being used. It also raised serious concerns about the capturing of personal data without consent.

The technology was eventually scrapped at the site, however, the owners have not ruled out the possibility of the technology returning at a later date.

The Collection Folders

What’s unusual about 2019 is that it only took 17 days before we saw what would be one of the largest data leaks of the year. Between late January and early February, a group of researchers determined that around 600GB worth of personal data had been leaked and was circulating online in caches known as “Collection” folders.

The initial discovery of the Collection #1 folder unearthed 773 million unique email addresses and 22 million passwords, figures that were then dwarfed when Collection folders 2 through 5 were then found. In total, it’s believed that around 2.2 billion emails and passwords were in the complete cache, now being shared around hacking forums.

It’s also believed that the data is an amalgamation of various leaks sourced from high profile data breaches, such as the enormous Yahoo hacks of 2013 and 2014. Despite the age of the data, security experts believe that criminals have relied on a lax approach to password hygiene and that many of the email and password pairs could still be exploited.

Citrix vs IRIDIUM

In March, Citrix revealed that it was working with the FBI to look into a breach on its systems after a number of documents had been reported stolen. Initial reports were light on detail, mainly as only very brief statements were issued by the company, and it would only be through the release of a report by cyber security firm Resecurity that we’d learn that around 6TB of data had been swiped in the raid.

The company had a number of high-profile customers at the time, including large corporations and both the US military and government.

Resecurity had traced the attack back to an Iranian hacking group known as IRIDIUM, which had bombarded a number of Citrix accounts with commonly used passwords, known as password spraying, before gaining a foothold. After this, the group was then able to methodically bypass each additional security layer, including two-factor authentication.

The IRIDIUM group had reportedly targetted hundreds of thousands of people at more than 200 companies during the previous two years leading up to the hack on Citrix, according to figures provided by Microsoft.

Microsoft: “We told you so…”

One of our most-read stories of the year actually surfaced at the beginning of December.

According to Microsoft threat researchers, 44 million of its customers were still using passwords that had been compromised in the past by large scale data breaches. This included both general users of Microsoft Service Accounts, as well as Azure Active Directory accounts owned by businesses.

Following a check on a database of three billion credentials sourced from public accounts and law enforcement, it was found that the 44 million customers were using the same compromised passwords across a number of online services.

The discovery forced Microsoft to issue a password reset to all affected customers, including an alert to business admins to reset user credentials. The company also urged customers to turn on multi-factor authentication.

Despite the shocking figure, the news potentially served as a great PR for Microsoft – the company has long been attempting to move customers away from passwords onto more secure passwordless authentication. The company revealed to IT Pro in November that it had managed to move 100 million customers to biometric authentication, although it would take at least three more years to move the remaining 700 million users.

Keumars Afifi-Sabet