Amazon Web Services (AWS) reported 40% revenue growth year-on-year despite enduring a quarter marred by outages. 

The cloud arm of Amazon generated $17.8 billion in the fourth quarter of 2021, once again boosting the overall earnings of its parent company. 

​

The online retail giant reported profits of $14.32 billion on Thursday with sales up 24%. However, almost 13% of Amazon’s total revenue came from AWS and 153% of its overall operating income has been attributed to cloud services. 

«On the growth rate, I think it’s a combination of things. We’ve been adding resources in sales and marketing over the last two years, and that is starting to pay off,» Brian Olsavsky, Amazon’s finance chief, said during a conference call with analysts.

Its continued growth is all the more impressive considering the service was shaken by major outages over the fourth quarter. Each became headline news around the world because they the dominance of AWS and the risks associated with having so many services reliant on a single cloud vendor. 

However, while AWS still accounts for a third of the worldwide market it should be looking over its shoulder at the «truly impressive growth» of Microsoft and Google Cloud, according to SRG Research’s chief analyst John Dale.

 
«It has taken Microsoft 18 quarters to double its market share, which has now passed the 21% mark,» Dale told IT Pro. «Despite a relatively late start, Google too is now accelerating the pace of its cloud activities. Its market share remains at less than half that of Microsoft, but it continues to post some strong growth numbers.» 
 
While Google Cloud is mopping up market share, the service is still some way off profitability, with the business posting a loss of  $3.1 billion for 2021.

​

Google Cloud has launched a new threat detection solution for Google Cloud Platform (GCP) specifically designed to tackle the mounting cases of cryptomining malware operating through compromised cloud instances.

Google Cloud said the Virtual Machine Threat Detection (VMTD) is a first-to-market solution from a major cloud provider, now available in public preview as an added security layer within Security Command Center (SCC) Premium.

Virtual machine-based computing accounts for a significant portion of businesses’ operations running in the cloud and according to a November 2021 threat intelligence report from Google Cloud, cryptomining activity was observed in 86% of all compromised GCP instances, making it the leading issue affecting Google Cloud customers.

The time it took for attackers to install this financially-motivated malware was quick, too, with more than half of cases (58%) seeing malware installed within just 22 seconds of compromising the platform.

Google Cloud said in most cases, this was due to exploitation of poor customer security practices or vulnerable third-party software. Leveraging the power of cloud computing can improve the efficiency of cryptomining malware due to its scalable nature, potentially raising monthly cloud bills for businesses by a large sum.

«The economy of scale enabled by the cloud can help fundamentally change the way security is executed for any business operating in today’s threat landscape,» said Timothy Peacock, product manager at Google Cloud. «As more companies adopt cloud technologies, security solutions built into cloud platforms help address emerging threats for more and more organisations.

«VMTD is one of the ways we protect our Google Cloud Platform customers against growing attacks like coin mining, data exfiltration, and ransomware,» he added.

Now available in public preview, VMTD detects cryptomining attacks but as it moves closer towards general availability, Google Cloud said customers can expect to see a steady release of new detective capabilities that will integrate with other parts of GCP.

Google Cloud said VMTD complements the existing threat detection capabilities supplied by the existing Event Threat Detection and Container Threat Detection products, providing cover for compute while the others services areas like Kubernetes, identity, managed services, networking, and API.

Agentless approach

Google Cloud’s VMTD provides memory scanning for customers on an agentless basis, which means GCP users can expect a smaller performance impact, lowered operational burden, and a less-exposed attack surface.

This is unlike a traditional endpoint security model which involves running additional software inside virtual machines to gather signals and telemetry. Instead, Google Cloud said it ‘instruments the hypervisor’ – the underlying software that «orchestrates» its virtual machines – to include threat detection that’s difficult to tamper with.

Security heads at some of the world’s largest companies have revealed how they managed to stave off the cloud skills crunch by retraining staff to fill some of the most sought-after roles in the industry.

Speaking at cyber security firm Check Point’s CPX 360 conference this week, the CISOs of media giant TikTok, and business and financial information company Euromoney Institutional Investor, said they both resorted to upskilling existing staff in order to support their move to the cloud.

​

Martyn Booth has held the CISO position at Euromoney for six years and said that during his time business objectives such as costs and efficiencies drove the cloud transition initially, but the company found it difficult to attract the right security talent.

Now with 70% of Euromoney’s business running in the cloud, he said specialised cloud security talent is needed and security-specific cloud skills are still scarce, years after his original search for talent.

«Having access to people that knew what they were doing was always going to be a bit of a challenge,» said Booth in a one-on-one interview with Check Point. «So, we’ve had to skill-up people quite quickly, rather than just go to market because some of those people weren’t available and then use those people to protect those environments.»

Non-technical people in the business typically think one security professional is full-purpose and can cover the full breadth of what’s required but this isn’t the case, he said.

The key to this successful internal upskilling program, he added, was having hungry staff – people within the security side of the business that wanted to learn new skills.

«We had some people that were interested in doing it, it suited me for them to do it, so it was a reciprocal arrangement, really – that they wanted to learn something new and it’s something that I needed them to know,» said Booth.

«So, we took the decision to train people internally, and those people now will probably consider themselves, and I would consider them, as cloud security experts. Before, we had a very limited ability to manage that internally.»

TikTok’s CISO, Roland Cloutier, told of a similar experience at the cloud-first media platform, and its «multi-pronged approach» to talent acquisition that covers numerous pipelines.

Such pipelines include higher education partnerships, early education, outside hires from adjacent industries such as government and the military, and internal hires – both from a security background and from wider areas of the business looking for a change in career path.

«We have to create a pipeline that’s 10 years out… and then internally, one of our focus areas, being a converged security organisation, is where do our practitioners want to go,» said Cloutier.

«Maybe you’re in risk management today, but tomorrow, you want to be leadership in the fusion centre – what does that career progression look like for you. So we spend a lot of time focusing on where our people want to go, and how that’s going to help our pipeline going forward,» he added.

«And of course, when we find super great people that are looking to join TikTok, they’re coming even potentially from other areas within the business; it’s always great to give those opportunities as well.»

Cloud security’s extreme skills shortage

The shortage of talent in the wider technology industry is well documented and has been widening for years, but the shortage is especially apparent in cloud computing – a newer technology that is still struggling to attract professionals en masse.

«It’s a fairly new technology, and it’s a complex technology, so the knowledge gaps there are huge and it means critical data is really in danger,» said Maya Horowitz, VP of research at Check Point, speaking to IT Pro.

«The ones that really are cloud experts, they are so rare that they go to work for pure cloud companies and there aren’t enough left for other organisations… definitely, we’re in shortage of cloud experts.»

The anecdotal reports are backed by research with HashiCorp figures showing more than half of IT organisations (57%) think a skills shortage is the primary challenge in cloud adoption, and nearly half (47%) said security is a top cloud inhibitor too.

​

Cisco has announced a range of services and products to support hybrid working, including a private 5G service for enterprises and new high-performance Wi-Fi access points tailored for enterprise campus environments.

The announcements focus on bolstering on-site enterprise networks to improve performance and accessibility for hybrid workers when they come to the office.

​

They target network infrastructures capable of supporting emerging business applications, including higher-resolution video traffic and immersive interfaces, Cisco said.

The private 5G service includes both 5G radio and Wi-Fi capabilities. Offered on a pay-as-you-go subscription model, the service is designed to minimize initial customer investment, and work is being done with third-party service providers to scope out customer environments and create tailored packages, Cisco explained.

Cisco will manage the cellular part of the solution, and customers use a cloud-based management portal to monitor and manage policy and enterprise networking devices, the vendor added. It also includes identity management, with secure access policies that allow users to access only the resources they need.

The company launched Wi-Fi 6E access points targeting hybrid business environments. Wi-Fi 6E extends Wi-FI 6 into the 6GHz radio spectrum for faster speed and reduces radio interference from other Wi-Fi devices. Cisco expects this to be useful for applications including augmented and virtual reality, which require high bandwidth and low latency.

The Meraki MR57 is a cloud-managed device featuring gigabit speeds. It offers radio optimization with multi-antenna MU-MIMO support and measures local metrics, including visit lengths and repeat visit rates so that administrators can measure performance across different campus locations over time.

Cisco also expanded its own line of silicon to power its Catalyst switches. Silicon One, its own ASIC architecture launched in December 2019, was its attempt to create a single silicon architecture that could be used in multiple products across the network. It was previously only available in service provider switches and routers, but now it will be available in its enterprise-class products, the company said.

This brings 400 Gbit capabilities into lower form-factor devices for enterprise campus environments with lower power demands, executives said.

The first products to get it are the Catalyst 9500X and 9600X switches, also announced on Thursday.

Cisco has already made forays into more immersive interfaces for hybrid workers. It recently announced plans for augmented reality capabilities in its Webex conferencing platform. Participants could see hologram-like video of each other using augmented reality headsets, it said.

​

Cloudflare, a provider of web infrastructure and security services, has announced the launch of its public bug bounty program.

Bug hunters and security researchers can now report vulnerabilities found in Cloudflare products as part of the company’s latest program, which is hosted on HackerOne.

​

A private bounty program was previously launched in 2018, following a vulnerability disclosure program in 2014. The company paid $211,512 in bounties during the lifetime of this program, with 292 out of the 430 reports receiving a reward.

Rewards for Cloudflare’s latest program vary with the severity of the vulnerability. Each security flaw is assigned a severity rating based on the Common Vulnerability Scoring Standard (CVSS) version 3.

There is a $3,000 payment for a critical vulnerability report, while high, medium, and low vulnerabilities are worth $1,000, $500, and $250, respectively. However, rewards vary for secondary and other targets.

As a way to make vulnerability research easier, Cloudflare also developed a sandbox called CumulusFire, which provides a standardized playground for researchers to test their exploits. The sandbox will also assist Cloudflare’s security teams in reproducing potential exploits for analysis.

“CumulusFire has already helped us address the constant trickle of reports in which researchers would configure their origin server in an obviously insecure way, beyond default or expected settings, and then report that Cloudflare’s WAF does not block an attack. By policy, we will now only consider WAF bypasses a vulnerability if it is reproducible on CumulusFire,” explained Cloudflare.

A good place to start is to refer to the documentation on Cloudflare’s developer and API portals, the Learning Center, and its support forums.

The firm also aims to add additional documentation, testing platforms, and a way for researchers to interact with its security teams to ensure submissions are valid.

​

Google’s cloud division reported another year of losses, despite extending the life of its hardware by a further 12 months. 

The cloud giant lost $890 million in the fourth quarter of 2021 and $3.1 billion over the entire year, according to financial results posted by its parent company, Alphabet. 

Last year Google extended the operational lifespan of its cloud servers from three to four years in a bid to offset some costs. While the switch saved the company $3.6 billion in reduced depreciation expenses and brought in a $2 billion net income increase, it still wasn’t enough to make the tech giant’s cloud arm profitable. 

Cloud losses were relatively minor compared to Alphabet’s overall financial outlook; the company reported record-breaking revenues of $257 billion for 2021, a 41% year-on-year increase. The company also reported Q4 revenue of $75.3 billion, which is a 32% increase compared to 2020. 

«Q4 saw ongoing strong growth in our advertising business, which helped millions of businesses thrive and find new customers, a quarterly sales record for our Pixel phones despite supply constraints, and our Cloud business continuing to grow strongly,» Alphabet and Google CEO Sundar Pichai said.

Alphabet doesn’t usually reveal specific financial or sales information when it comes to its hardware, or even for its Android mobile operating system, and typically bundles them into a category listed as «Google other». This category brought in $8.16 billion of revenue for the fourth quarter, and it is worth pointing out that its latest Pixel handsets – Pixel 6 and Pixel 6 Pro – both went on sale just before.  

2021 was the first time Alphabet surpassed $200 billion in revenue, pulling in $258 billion, which is almost triple what it reported in 2016 ($90 billion).

Google has announced a new Gmail layout that changes how Chat, Meet and Spaces are integrated with the service. 

The new ‘integrated view’ makes it so that the messaging apps are no longer little windows floating alongside emails by giving each one its own screen, accessed via larger buttons on the left-hand side. 

​

 All Google Workspace users – except those on Workspace Essentials – will be moved to the new interface. Users can choose to switch to this new look on 8 February, with an option to switch back still available.

However, the new layout will become the default option by April and, eventually, the only option by the end of the second quarter of 2022. 

With the application buttons tucked away to the left, the changes give Gmail a similar look to Microsoft’s Outlook. The new app position removes the need for users to switch between tabs or windows in order to use Chat or Meets because they can now use them directly in the same browser window.

Credit

Google

There will also be notification bubbles for each app and, soon, Google will also offer a ‘unified’ search function so that it shows results from all integrated applications. 

The refreshed interface is a win for those that like data density and having all their work apps in one place. However, it could be a little confusing having multiple app notifications all going off in one window, potentially adding more stress to those looking to focus on one task at a time. 

Whether the changes are agreeable or not, users may have suspected they were coming, given the changes Google has made to Workspace (formally G Suite) during the pandemic. The company has sought to make its platform more conducive to hybrid and remote working by tweaking the way various elements work with one another, with the rebrand to Workspace, itself, also a nod to greater integration and ease of use.

​

Citrix is set to be acquired by affiliates of Vista Equity Partners and Evergreen Coast Capital in an all-cash deal valued at $16.5 billion.The transaction is inclusive of Citrix’s debt.

​

The deal also calls for the merger of Citrix with Tibco, a portfolio company of Vista. Tibco offers enterprise data management solutions that help businesses connect, integrate, and accurately predict business outcomes. 

Citrix’s digital workspace and application delivery suite, combined with Tibco’s data and analytics capabilities, will enable customers to access secure applications and insights to accelerate digital transformation and navigate hybrid workplaces.

The Citrix-Tibco merger will also accelerate Citrix’s defined growth strategy and shift to software as a service (SaaS). 

In addition, the firm stated that the combined entity will be positioned to provide secure, optimized, and comprehensive infrastructure for enterprise application, desktop delivery, and data management to advance hybrid cloud computing solutions.

“Citrix and Tibco provide mission-critical software and services to many the world’s most successful businesses, and we see tremendous value in combining their respective world-class offerings to help companies gather insight from the growing volumes of data generated by the hybrid work economy,” said John Stalder, managing director at Vista.

“Both businesses have now completed transitions to approximately 90% recurring revenue, poising the go-forward combined business to drive future growth. We look forward to partnering with Evergreen and the Citrix and Tibco teams to ensure this is a seamless transition for all stakeholders,” added Stalder.

As per the terms of the acquisition, Citrix shareholders will receive $104 in cash per share. The firm’s board of directors approved the transaction unanimously, and the deal is expected to close mid-year, pending shareholder and regulatory approvals. Citrix shares will cease to trade on the Nasdaq following the transaction, and the company will go private.

​

Google is investing up to $1 billion in Bharti Airtel as part of its Google for India Digitisation Fund.

The deal includes an investment of $700 million to acquire a 1.28% ownership in the Indian telco and up to $300 million towards mutually agreed multi-year commercial agreements over the course of the next five years.

As part of the first commercial agreement under the deal, the companies will work to scale Airtel’s offerings that cover a range of devices through affordability programmes. In the long term, both companies also plan to co-create India-specific network domain use cases for 5G and other standards, and focus on shaping and growing the cloud ecosystem in India by helping to accelerate digital transformation.

Google also said it’s looking to create new business models to help grow the Android OEM ecosystem in India with Airtel, but didn’t specify what kind of models these would be.

It also highlighted that it has made steady progress on the goals it set out to achieve with its Google for India Digitisation Fund, including building an India-focused Android experience and partnering with companies that build localised content experiences.

“Airtel is a leading pioneer shaping India’s digital future, and we are proud to partner on a shared vision for expanding connectivity and ensuring equitable access to the Internet for more Indians,” said Sundar Pichai, CEO of Google and Alphabet. “Our commercial and equity investment in Airtel is a continuation of our Google for India Digitization Fund’s efforts to increase access to smartphones, enhance connectivity to support new business models, and help companies on their digital transformation journey.”

Airtel has around 30.43% market share of wireless subscribers in India as of 30 November, 2021, according to the Telecom Regulatory Authority of India. Reliance Jio leads the market with a 36.71% share, while Vodafone Idea has 22.88%.

Google outlined in 2020 that it would invest $10 billion in India over the following five to seven years through its India Digitisation Fund. The company is set to invest it through a mix of equity investments, partnerships, operations, infrastructure, and ecosystem investments.

Google said its goal was to make the Internet helpful for 1.3 billion Indians and help power the country’s economic engine.

Google, however, isn’t the only tech firm that has invested in Indian telcos, as in July 2020 Intel invested $253.5 million in Jio platforms, the country’s biggest telco, through its Intel Capital investment arm. The deal gave it a 0.39% stake in Jio.

Three months earlier, Facebook also invested $5.7 billion in Jio, as the telco’s owner Mukesh Ambani was selling off 20-25% of the company to raise money for its debt-ridden parent company, Reliance Industries.

Apple is reportedly planning a new service that will allow businesses to accept payments using an iPhone without the need for extra hardware.

The new feature has been in development since 2020, following Apple’s acquisition of Canadian startup Mobeewave for around $100 million, according to a report from Bloomberg. Mobeewave previously developed technology for smartphones to accept payments with a tap of a credit card.

The system is likely to use the iPhone’s near field communications (NFC) chip that it currently uses for Apple Pay. This is seen as a boost for small businesses as currently to accept an order on an iPhone, merchants must use third-party payment terminals that plug into the device or communicate with it via Bluetooth.

The new feature, however, will effectively create a payment terminal inside the device and remove the need for additional hardware. Users will be able to accept payments with a tap of a credit card or another iPhone onto the back of their device.

This could be bad news for payment providers that use the iPhone to facilitate sales, like Block’s Square. If Apple requires merchants to use Apple Pay or its own payment processing system to use the technology, this would shut out other providers.

For now, it’s unclear whether the new payment functionality will be part of Apple Pay, although Bloomberg has reported that the team building the feature have been working with Apple’s payment division since the Mobeewave acquisition.

Apple could potentially start introducing the feature in a software update in the coming months. It’s expected to release its first beta version of iOS 15.4 soon, with a potential final release for consumers in the spring.

IT Pro has contacted Apple and Square for comment.

The technology is yet another example of Apple’s attempt to dig further into the small business space. The company recently launched a new package of support services designed to help SMB IT teams manage their employee devices in November last year. The package includes 24/7 phone support for IT managers and end-users, business iCloud storage, device management capabilities, and on-site repairs for businesses of 500 employees or fewer.