IBM’s board of directors has elected the company’s CEO, Arvind Krishna, as its chairman, as it continues to revamp its business model.

Krishna again succeeds former CEO Ginni Rometty, who is set to completely retire from the company on 31 December 2020.

Rometty’s departure as CEO was announced back in January along with Krishna’s appointment to the helm. He officially took charge in April and the company has made seismic changes during his brief time in charge.

Krishna previously oversaw IBM’s cloud and cognitive software divisions and also played an integral role in its acquisition of Red Hat. The tech giant has prioritised hybrid cloud and artificial intelligence services and will spin off its managed infrastructure business by the end of 2021.

How long these changes have been in the works is unknown, but they have undoubtedly been pushed by the spread of the coronavirus and the resulting mass acceleration of migrations to the cloud.

In January, the firm pinned its first quarter of growth for more than a year on the uptick in its cloud division, with 2019 Q4 results showing a 21% rise in total cloud revenue, at $6.8 billion. Over the next 12 months, the company continued to invest and prioritise cloud, particularly hybrid cloud services, with a number of announcements made in October.

The month began with IBM expanding its partnership with SAP to help customers move into hybrid cloud environments. The firm also announced a new partnership with telecoms provider AT&T for 5G-based hybrid cloud architecture, and a blockchain platform with R3 that works across IBM’s Cloud Hyber Protect Service.

IBM is still a year away from its deadline to spin off its legacy business, which suggests that it will continue to invest and release more hybrid-cloud based applications. So far, its decision to focus on cloud services has been vindicated by its quarterly reports – for 2020 Q3, total cloud revenue was up 19%, year-over-year, at $24.4 billion.

If 2020 was the year to accelerate your digital transformation plans, then 2021 could be the year to explore all the wonders you might now have at your disposal. 

From containers to artificial intelligence, businesses now have a lot more power in their hands. While much of this won’t necessarily be new technology, a more varied uptake of it may lead to new use cases, greater insights and lots more experimentation. 

Pip White has been the managing director of Google Cloud’s UK and Ireland operation since June. She tells IT Pro that this year may be about exploring the benefits of all those cloud migrations. 

“Until now, cloud migration has been an infrastructure decision, promising to change the way business devices and information systems interact with each other,” White explains. “But cloud migration brings another type of transformation too – of a company’s culture – and it’s coming to the forefront of conversations.

“As we enter 2021, cloud migration will be increasingly driven by the need to establish a culture of continuous innovation to keep pace with rapid change. Untethering staff from low value, labour-intensive tasks and allowing them to focus on innovation and high-impact projects. Companies will move away from what might have been top-down corporate strategies, to fully infusing transformation and letting every person in an organisation transform.” 

White also cites a term coined by Gartner: The “anywhere operations model”, where businesses allow employees to access services from any device, any time and, as the name suggests, from anywhere. This will naturally result in greater cloud security functions, which we should see more of in 2021, though that is an area that has seen lots of attention over the last few years. 

The “Open” cloud

The ever-evolving workplace will force businesses to prioritise agile and “responsive” models, according to White. This may include a move to an “open” cloud approach, rather than using one vendor, with containerisation moving up the agenda.

“As businesses continue to stabilise themselves post-pandemic, a renewed focus will be placed on projects that enhance employee and customer experiences, reduce costs, increase operational efficiencies and boost revenue,” White says. “To enable an open cloud, build new environments and modernise old ones, the open-source community will dial-up investment in container and serverless functions, creating a spike in global demand.”

This is a fairly safe bet as containers have been steadily increasing in popularity for the last few years. Developers use them to build applications and going into 2021, demand for that skill is likely to grow. 

AI and ML shift

With the mass migration to the cloud, more and more businesses will suddenly be using artificial intelligence and or machine learning to improve customer services, boost productivity and enhance their use of data, according to White. 

“Technologies like AI and ML will be crucial to extracting meaningful insights from data sets,” White says. “For example, the banking industry has dialled up AI investment to enhance personalisation, deliver financial well-being insights and better manage risk. Even industries who are not already using AI or ML will start to experiment with technology to create tailored experiences, from anywhere.”

Again, this isn’t necessarily new, but to businesses that made the jump to the cloud in 2020, or ones that invested more into established setups, a world of automation and data analytics awaits them.

Amazon Web Services (AWS) has urged a US judge to halt the Pentagon’s $10 billion JEDI contract and assess the remaining issues with Microsoft’s winning bid. 

In a redacted court filing from October, the cloud giant said that the award must be “invalidated” as it was “the product of systematic bias” and a “flawed and politically corrupted decision”. 

AWS has again accused Donald Trump of exerting “undue influence”. The US President reportedly said “screw Amazon” when discussing the bidding process, allegedly due to an ongoing spat with the company’s founder Jeff Bezos. 

The cloud migration project was awarded to Microsoft in October 2019, but the Redmond-based tech giant hasn’t yet been able to begin its work due to legal challenges brought by AWS. Of all of the issues the cloud giant cited, a US court only found a problem with a pricing scenario quoted by Microsoft. 

In September the Department of Defence (DoD) said a court-ordered reevaluation determined that Microsoft’s proposal still represented the best value for the government, which AWS now claims is incorrect.  

“After the Court rejected the flawed initial JEDI evaluation, the DoD spent over four months attempting to revive Microsoft’s non-compliant bid and reaffirm that flawed and politically-biased decision,” an AWS spokesperson said. 

“As a result of the DoD fixing just one of many errors, the pricing differential swung substantially, with AWS now the lowest-priced bid by tens of millions of dollars.” 

The cloud giant’s argument is that the one issue the DoD did fix caused a “substantial” change, in this case making Amazon’s bid more cost-effective. As such, it is pushing for a reevaluation of the “errors that remain unaddressed”.   

“We had made clear that unless the DoD addressed all of the defects in its initial decision, we would continue to pursue a fair and objective review, and that’s exactly where we find ourselves today,” the spokesperson added.  

Microsoft did not immediately respond to CloudPro’s request for comment. 

Smart city development firm Connexin has announced plans to expand its Internet of Things (IoT) network across the entirety of the UK, with all local authorities and regions now able to link up with the company’s flagship platform.

Such a universal carrier-grade roaming long ranger wide area network (LoRaWAN) aims to lower the barriers to entry for regional governments hoping to launch their own smart city projects. This also eases the process for all organisations hoping to adopt IoT products.

This national rollout is the first of its kind in the UK and has started following successful regional deployments in Yorkshire, with organisations such as Yorkshire Water, Hull City Council and Amey among those which are already using the system.

Using the LoRaWAN network can allow any organisation in public service, from councils to utility firms, deploy IoT products without having to build their own network as they can tap into Connexin’s universal system.

“With a low-cost wide-area networking solution becoming available to all organisations across the UK, it opens up opportunities for those looking to deploy IoT solutions for a fraction of the cost of existing cellular infrastructure solutions,” said the founder and CEO of Connexin, Furqan Alamgir. 

“Not only does this promote the development of new IoT-based technology but it allows existing solutions to be rolled out nationwide to encourage further adoption and will allow more people to utilise and benefit from affordable, carrier-grade IoT connectivity.”

This news builds on an £80 million fundraising effort in September, with the company aiming to become the UK’s chief smart cities provider following successful regional deployments in Sheffield, Hull, and the South Coast. The expansion of its national IoT network to cover all areas of the UK is now underway.

The presence of a national IoT network may help to kickstart smart city projects across the UK, with only limited implementation and success to date. Many projects are either small in scale, or in the pipeline for future development, such as the government’s £90 million cash injection to build ‘future transport zones’. These will be located in the West of England Combined Authority, Portsmouth and Southampton, and Derby and Nottingham.

Security researchers have disclosed three critical vulnerabilities within the XML parser of the Go programming language that could allow hackers to completely bypass the SAML authentication that features in many popular web applications.

The flaws were discovered earlier in the year by cloud collaboration provider Mattermost. It has been working alongside Go’s internal security team since August on addressing these vulnerabilities, as well as with organisations and individuals downstream projects.

All three revolve around the way Go processes XML documents over multiple rounds of parsing, allowing attackers to use specific XML markup language to trick systems. According to a blog post by Juho Nurminen, product security engineer at Mattermost, there are several potential security problems created by these flaws, with one of the most significant being the risk it introduces to the integrity of the web-based SAML single sign-on (SSO) standard.

The first flaw, CVE-2020-29509, is an XML attribute instability in Go’s encoding/xml. An affected SAML implementation can interpret a SAML Assertion as signed, but then proceed to read values from an unsigned part of the same document due to namespace mutations between signature verification and data access. This can lead to full authentication bypass and arbitrary privilege escalation within the scope of a SAML Service Provider.

The other two vulnerabilities – designated CVE-2020-29510 and CVE-2020-29511, respectively – can also be exploited to fully bypass authentication. The former is an XML directive instability while the latter is an XML element instability.

“As evident from the titles, the vulnerabilities are closely related. The core issue is the same in all three: maliciously crafted XML markup mutates during round-trips through Go’s decoder and encoder implementations,” said Nurminen. “In other words, passing XML through Go’s decoder and encoder doesn’t preserve its semantics.”

“Because of these vulnerabilities, Go-based SAML implementations are in many cases open to tampering by an attacker: by injecting malicious markup to a correctly signed SAML message, it’s possible to make it still appear correctly signed, but change its semantics to convey a different identity than the original document.”

“The actual impact of these XML round-trip vulnerabilities of course varies by use case,” he said, “but in SAML SSO it’s easy to understand: if your SAML messages can be altered to say you’re someone you’re not, the result is arbitrary privilege escalation within the scope of the SAML Service Provider, or in some cases even complete authentication bypass.”

At present, it has not been possible to patch the vulnerabilities, despite significant efforts by the Go security team, although the Go team has reported that it hopes to introduce some changes in future versions of the language to address them.

There are, however, mitigations in place. Mattermost identified three major open-source SAML implementations which are vulnerable to these flaws:  Dex SAML Connector, github.com/crewjam/saml and github.com/russellhaering/gosaml2. The company has already collaborated with the maintainers of these projects, and patches are now available for all three. Mattermost says it has also privately contacted the maintainers of “significant applications and products” that rely on impacted SAML implementations, and any organisations within that group are advised to start patching as soon as possible.

In addition, it has also open-sourced an XML validation library that can be used as a workaround until a more permanent solution is established. Nurminen noted that refactoring code to avoid encoding round-trips may be an acceptable long-term solution, although he conceded that this would not be possible in all cases.  

UK mobile network operator Giffgaff has outlined plans to shift its entire IT infrastructure and operations to Amazon Web Services (AWS), completing its migration from on-premise data centres by the end of the year.

Giffgaff will opt into more than 60 of AWS’ 175 cloud services, the company announced, including compute, analytics, storage, databases, containers and machine learning. In doing so, the firm will become the first European mobile virtual network operator (MVNO) to be powered by AWS in its entirety. 

The company will have shifted its IT infrastructure and application development operations to AWS by 2021, as it aims to become more capable of experimenting at pace, and speeding up a host of internal processes. The company claims to have already transformed its development lifecycle from a complex and monolithic approach to a modern, microservices-based architecture that’s enabled fast-paced development.

“We started out with a traditional, on-premises infrastructure, but the need for ongoing maintenance made this model overwhelming for our technical team. For example, it used to take us up to two weeks to provision a new server,” said chief operating and technical officer at Giffgaff, Steve MacDonald. 

“When we began to adopt AWS, we were able to turbocharge our development lifecycle by focusing on innovation rather than wasting time on maintenance. It’s such a powerful capability for a digital-native business like ours.”

While the announcement is still fresh, the firm has been partnering with AWS for some time already, using AWS analytics and machine learning services, for example, to understand members’ network experiences.

Aggregating and analysing data across all cases helped the company create an early warning system for network incidents. Prior to moving to AWS, too, it could take Giffgaff up to two weeks to provision a server, which can now be done within a matter of minutes.

Adopting a continuous delivery approach, and moving containerised workloads to the fully managed Amazon Elastic Kubernetes Service (Amazon EKS), meanwhile, has freed up 3,000 days of engineering and development time, according to Giffgaff.

This is equivalent to refocusing up to 15 people on innovation, and has allowed them to devote more resources to creating new apps for members.

Cisco has acquired audience interaction company Slido in efforts to enhance the Webex video conferencing user experience and stay relevant with the likes of Zoom, Teams and Google Meet enjoying a surge in popularity.

The firm is hoping to integrate Slido’s audience interaction and engagement features, such as polls and Q&As, into the Webex platform to improve the quality of the product and make it more appealing for users. 

The acquisition will pave the way for meeting owners to create engaging content such as infographics, get real-time insights as well as obtain feedback. This is in addition to Slido’s inbuilt functionality to support virtual conferences and massive events.​

“Slido technology enables higher levels of user engagement―before, during and after meetings and events,” said Abhay Kulkarni, Cisco’s VP and GM for Webex Meetings. “The Slido technology will be part of the Cisco Webex platform and enhance Cisco’s ability to offer new levels of inclusive audience engagement across both in-person and virtual experiences.

“In the massive shift to “virtual everything,” remote meetings and events have become the lifeblood for connecting people in all aspects of their lives – from friends to family to work colleagues.

“Slido has over seven million participants monthly and provides its customers with an inclusive audience engagement platform that enables real-time feedback and insight before, during and after any meeting or event via dynamic polls, Q&A, quizzes, word clouds, surveys and more.”

Bundling such features into the meetings experience is something that Cisco is hoping can keep Webex relevant at a time where its industry rivals such as Microsoft Teams and Zoom are enjoying rampant success.

This isn’t to say, however, that Cisco’s enterprise collaboration platform hasn’t enjoyed a surge in popularity itself, recording 590 million meeting participants in September, for example, according to Reuters. Zoom, however, boasted a staggering 300 million daily meeting participants during the height of the pandemic in April. 

The company describes its goal as delivering experiences that are 10x better than in-person interactions, which the integration of Slido’s audience engagement tools will help to contribute to. Cisco will also hope to integrate further insights into the broader Webex platform, with a view to raising productivity while workers are still based remotely.

This isn’t the first recent acquisition that Cisco has made squarely with the view to enhance the Webex experience, having previously acquired BabbleLabs earlier this year. The previous deal saw the firm seek to integrate AI processing technology into meetings in order to suppress background noise and enhance speech clarity. 

Amazon Web Services (AWS) has announced an ambitious plan to help 29 million people around the world gain digital skills with free cloud computing training. 

The announcement came on Thursday at re:Invent 2020, the cloud giant’s annual conference. 

The training will include more than 500 free courses, interactive labs, and virtual day-long training sessions. AWS will also continue to invest in its free training courses to help participants earn certification, and will expand its AWS re:Start programme that looks to reach underrepresented communities to help them find work in the tech industry. 

What’s more, AWS will pilot new training programs, such as a two-day AWS Fibre Optic Splicing Certification and its Machine Learning University, a free course designed to teach people ML concepts for business. 

This is just a snapshot of the work Amazon is doing to help individuals around the world, according to Teresa Carlson, VP of worldwide public sector at AWS. 

“As part of our efforts to continue supporting the future workforce, we are investing hundreds of millions of dollars to provide free cloud computing skills training to people from all walks of life and all levels of knowledge, in more than 200 countries and territories,” Carlson wrote.

“We will provide training opportunities through existing AWS-designed programs, as well as develop new courses to meet a wide variety of schedules and learning goals. The training ranges from self-paced online courses – designed to help individuals update their technical skills – to intensive upskilling programs that can lead to new jobs in the technology industry.”

The announcement will be welcomed by many around the world, particularly those in industries that have been displaced by the coronavirus, which will likely have a lasting impact on many job roles. Digital or tech roles, such as those with cloud computing specialties, are thought to be of high demand for the post-coronavirus world. 

Google Cloud has acquired a London-based startup called Dataform that builds tools to manage data flows for enterprise customers.

The terms of the deal haven’t been released, but TechCrunch understands that it is an ‘acquihire’ with Google keen to take on the company’s talent.

The company is described as an “operating system” for data warehouses and some of its co-founders are ex-Google employees. Its platform aims to help data-rich businesses draw insights by mining data stored in warehouses.

This is something that usually requires a team of engineers and analysts, but the Dataform system is about making the process simpler and cheaper for organisations.

This is a growing area of data analytics with companies such as Snowflake recently undergoing a successful IPO. Dataform were close to a series A funding round, but have instead chosen to continue its growth under Google.

Under the terms of the deal, Dataform will continue to operate under its management and focus on BigQuery. The Dataform Web will also be made free for all new users from now on with customers transitioned to the free plan immediately.

“After several conversations with the Google Cloud team it became clear that we are deeply aligned on the importance of serving analysts with the right tools and technology in order to fill what we all perceive as a missed opportunity in existing solutions,” co-founder and CTO Guillaume-Henri Huon wrote on Dataform’s website.

“At the same time, as a team of just seven, in a complex, competitive and rapidly changing market, we had more ideas than we had people or resources to accomplish. There has always been so much more we wanted to do each quarter than we could achieve.

“With the support of the BigQuery and Cloud Analytics teams and our combined thought leadership and efforts, we felt that together we could achieve something bigger than we could separately”.

HPE has announced it is offering its High-Performance Computing (HPC) solutions as a service through HPE GreenLake, which include a range of fully managed, pre-bundled HPC cloud services.

These new HPE GreenLake cloud services will allow customers to combine the power of an agile, elastic, pay-per-use cloud experience with proven, market-leading HPC systems, the tech firm said. 

Compatible on-premises or in a colocation facility, the as a service platform has been designed to tackle demanding compute and data-intensive workloads, power AI and ML initiatives, speed time to insight, as well as create new products and experiences.

“We are transforming the market by delivering industry-leading HPC solutions in simplified, pre-configured services that control costs and improve governance, scalability and agility through HPE GreenLake,” commented Peter Ungaro, senior vice president and general manager, HPC and Mission Critical Solutions (MCS), at HPE.  

According to Intersect360 Research, the HPC market will grow by more than 40%, reaching almost $55 billion by 2024. The tech is designed to support ongoing data growth, including data from emerging applications and endpoints such as AI training models and edge devices, to efficiently process and analyse data.

HPE said its HPC as a service offering will dramatically simplify the experience by speeding up the deployment of HPC projects by up to 75% and reducing capital expenditures by up to 40%.

Enterprises can deploy the fully managed services in any data centre environment, the firm added, allowing them to pay for only what they use, focus on running projects to increase time-to-insight and accelerate innovation.

HPE will initially offer an HPC service based on HPE Apollo Systems, combined with storage and networking technologies, which are purpose-built for running modelling and simulation workloads. The firm then plans to expand the rest of its HPC portfolio to as-a-service offerings in future. 

GreenLake for HPC is available in small, medium or large options that can be ordered via a self-service portal, with the service then ready in less than 14 days. 

As part of the offering, customers will also gain access to HPE GreenLake Central, HPE Self-service dashboard HPE Consumption Analytics, as well as HPC, AI & App Services.

“These HPC cloud services enable any enterprise to access the most powerful HPC and AI capabilities and unlock greater insights that will power their ability to advance critical research and achieve bold customer outcomes,” Ungaro added.