Amazon Web Services (AWS) has announced three new database capabilities for business applications as part of this week’s Re:Invent 2021 event.

Customers now benefit from a managed database service that customises existing databases and operating systems, an optimised table class for Amazon DynamoDB for lowering storage costs, and a machine learning-powered service that diagnoses and remediates database performance issues.

According to AWS, the aforementioned database features will help businesses manage data cost-efficiently and at scale.

Amazon RDS Custom caters to business applications requiring customizable underlying databases and operating systems. The managed service automates administrative tasks such as capacity provisioning capacity, scaling, and backup, and is compatible with commercial databases including Oracle and MS SQL Server.

Furthermore, the Amazon DynamoDB Standard-Infrequent Access (Standard-IA) table class offers DynamoDB users a 60% reduction in costs for infrequently accessed table data. DynamoDB Standard table class, by contrast, offers up to 20% lower throughput costs than Standard-IA, making it the most cost-effective option for tables with high throughput.

Finally, Amazon DevOps Guru for RDS, a new machine learning-powered feature built into Amazon DevOps Guru, identifies and diagnoses performance bottlenecks and operational issues in a database, providing detailed recommendations on how to fix them.

NetApp SVP and GM of Cloud Volumes, Ronen Schwartz, said: “NetApp offers cloud services to enable organisations to easily run highly efficient, cost-effective relational database migration and operation programs from on premises to the cloud. However, some organisations running applications that require customisation to the database environment and operating system have been unable to move to a fully managed database service in the cloud due to the customisations these applications require”. 

“With Amazon RDS Custom, these organisations now have a managed database service for applications that require operating system and database customisation. Organisations can run Amazon RDS Custom on NetApp ONTAP to benefit from advanced data protection, autonomous efficiencies, and continuous optimisations.”

Meta has picked Amazon Web Services (AWS) to be its strategic cloud partner as it looks to expand its artificial intelligence capabilities.

Meta, the parent company of Facebook, said it will use AWS services to «complement» its on-premise infrastructure and also broaden its use of AWS compute, storage and security services.

Expanding on an existing partnership, Meta will now run third-party collaborations on AWS and use the cloud to support acquisitions of entities that are already powered by AWS. The use of AWS compute services will also be used to accelerate Meta’s AI research and development programmes.

Additionally, the partnership will also include work on PyTorch, which is an open source machine learning library developed by Facebook’s AI Research Lab. It’s based on the Torch library and used for applications such as computer vision and natural language processing. AWS will work on improving performance for building, training, deploying and operating PyTorch AI and ML learning models.

«We are excited to extend our strategic relationship with AWS to help us innovate faster and expand the scale and scope of our research and development work,» said Jason Kalich, vice president of production engineering at Meta. «The global reach and reliability of AWS will help us continue to deliver innovative experiences for the billions of people around the world that use Meta products and services and for customers running PyTorch on AWS.»

The two companies will collaborate on new native tools for PyTorch and simplify the deployment of models in production. This will include enhancements to TorchServe, which is the feeding engine for PyTorch. By working on these open-source contributions, AWS and Meta aim to help organisations bring large-scale deep learning models from research to production faster and easier with optimised performance on AWS.

«With this agreement, AWS will continue to help Meta support research and development, drive innovation, and collaborate with third parties and the open source community at scale,» Kathrin Renz, vice president of business development and industries at AWS. «Customers can rely on Meta and AWS to collaborate on PyTorch, making it easier for them to build, train, and deploy deep learning models on AWS.»

Microsoft has launched a standalone tier of Microsoft Teams specifically aimed at small businesses.

Teams Essentials, which is available now, offers video meetings and chat features for the «lowest price in the market today», according to Microsoft.

​

The Essentials tier offers unlimited group meetings for up to 30 hours and can support up to 300 participants at a cost of $4 (£3) per user, per month. Each user will also have 10GB of cloud storage. On the free tier of Teams, users are only able to host 100 participants for 60 minutes at a time.

The service also includes «existing and new capabilities», some of which are already available in the free version of Teams, to meet the needs of small businesses, according to Microsoft. This includes a new Google Calendar integration, which Microsoft said will be available «soon», and in-meeting tools like meeting lobby, virtual backgrounds, Together mode, and live reactions.

Essentials will also have a «Small business group chat template», which is a collaboration hub where users can manage projects, assign tasks and create polls.

«We know how difficult the past 20 months have been for small businesses. They’ve had to demonstrate extreme flexibility to adapt, often with limited access to tools and technology,» said Jared Spataro, corporate vice president of Modern Work at Microsoft. «Teams Essentials is built specifically to meet the unique needs of small businesses, enabling them to thrive in this new era of work.»

There are small business-focused tiers on other platforms but Microsoft appears to have found a way to undercut rivals by offering better value-for-money than competitor options. The «Pro» version of Zoom, for instance, comes at a monthly cost of £11.99 per user and only accommodates 100 participants per meeting. The video-conferencing giant has also launched an advertising pilot for it’s free package as a way to find more revenue streams, rather than reducing the price on its middle-tier. Workplace from Meta (formally Facebook) offers a «Core» tier for the same price as Teams Essentials, but users need to opt for a number of «add-ons» to match the offerings available on the Microsoft service.

There is a free tier for Google Meets, but all participants need an account to join and the next tier is only available as part of a £7.99 monthly Workspace subscription.

Essentials is also being offered as a standalone service, with no need for users to subscribe to an Office 365 bundle. Invites can also be sent to anyone with an email address, so there is no need to sign in or install Teams to participate in meetings.

​

Amazon Web Services (AWS) has announced a new IoT-based platform that signals an expansion into robotic fleet management.

IoT RoboRunner, which was revealed on the first day of the company’s annual Re:Invent conference, is designed to help enterprises build and deploy applications so that their robotic fleets all operate as one. 

RoboRunner is an expansion of the RoboMaker cloud-based simulation service launched in 2018. It addressed developer frustrations around the challenge of operating different robot types, such as autonomous guided vehicles (AGV) and robotic manipulators.

«When a new robot is added to an autonomous operation, complex and time-consuming software integration work is required to connect the robot control software to work management systems,» AWS principal developer advocate, Channy Yun said.

«AWS IoT RoboRunner lets you connect your robots and work management systems, thereby enabling you to orchestrate work across your operation through a single system view.»

RoboRunner includes tools to create a programme in the AWS Management Console to build repositories for storing robot and task data. Developers can also integrate codes for connecting robots and systems via RoboRunner’s Fleet Gateway Library and also tools from managed applications services such as AWS Lambda and Greengrass.

Additionally, the cloud giant has also launched the AWS Robotics Startup Accelerator, which will offer mentorship to robotics startups. This accelerator will include a four-week programme with hands-on AWS training and $10,000 in promotional credits for use of AWS services. 

The first day of Re:Invent saw a plethora of new services launched for AI, machine learning, storage and quantum computing.

Amazon Braket Hybrid Jobs, for example, was launched as a new offering to help reduce extensive infrastructure and software management and confidently execute algorithms quickly and predictably, with on-demand priority access to QPUs.

There was also an expansion of CodeGuru Reviewer with an automated tool to help developers detect secrets in source code or configuration files, such as passwords or access tokens. 

Accenture has revealed it will expand its UK workforce with 3,000 new roles over the next three years, as the company’s clients aim to capitalise on growth while the UK is recovering from the pandemic.

Half of the new roles will be based outside of London, expanding the company’s presence in Leeds, Manchester, Newcastle, Edinburgh, and Glasgow and adding to its existing UK workforce of around 11,000 people.

The company said that the new roles are being driven by increased client demand for services in platforms, cloud engineering, cyber security, and data and intelligent operations.

The UK economy is rebounding swiftly following the pandemic and Accenture is seeing strong demand from clients seeking to capitalise on this growth opportunity, said Simon Eaves, market unit lead at Accenture in the UK and Ireland. 

“We are committed to growing our footprint across the UK which is why I am particularly excited about our plans across Scotland and northern England where we see some of the best technology talent in the country,” added Eaves.

Accenture’s initiative to create thousands of new cyber security roles over the next three years has been called “promising” by John Fokker, head of cyber investigations for McAfee Enterprise’s Advanced Threat Research team.

Fokker said this will help raise awareness of the skills needed to succeed in a cyber security role and help the industry take a step towards closing the cyber security skills gap.

“This will be particularly important in bolstering security teams when things get busy, with our research telling us that 75% of organisations struggle to maintain a fully staffed security team during peak periods,” he said.

Accenture’s move to create new jobs has been welcomed by the UK government, with digital secretary Nadine Dorries saying it was fantastic to see Accenture creating thousands of new high-skilled jobs in a number of the UK’s regional tech hubs. 

Dorries added that the investment is testament to the UK’s global reputation for innovation and talent and underlined the government is determined to level up opportunity across the country and is investing in digital skills and infrastructure so businesses can thrive.

A coalition of EU-based tech firms has filed a formal complaint against Microsoft alleging anticompetitive conduct related to the bundling of its productivity apps with Windows.

German content collaboration platform Nextcloud is leading the complaint and is joined by nearly 30 additional companies in the software and cloud sectors.

The formal complaint has been filed to the European Commission’s Directorate-General for Competition and Nextcloud has also reported the coalition’s concerns to German antitrust authorities, the Bundeskartellamt.

The tech firms driving the complaint are against Microsoft’s «monopolistic» practice of bundling the likes of OneDrive, Teams, and other services with Windows 10 and Windows 11.

The companies claim the practice is pushing consumers to register for the services and hand their data over to Microsoft, stifling consumer choice and genuine market competition. 

The coalition said Microsoft has grown its market share to 66% of the EU market in the last few years while smaller vendors have seen their shares shrink by as much as 26%.

«This is quite similar to what Microsoft did when it killed competition in the browser market, stopping nearly all browser innovation for over a decade,» said Frank Karlitschek, CEO and founder of Nextcloud. «Copy an innovators’ product, bundle it with your own dominant product and kill their business, then stop innovating.

«This kind of behaviour is bad for the consumer, for the market and, of course, for local businesses in the EU,» he added. «Together with the other members of the coalition, we are asking the antitrust authorities in Europe to enforce a level playing field, giving customers a free choice and to give competition a fair chance.»

IT Pro contacted Microsoft for comment but it did not reply at the time of publication.

Microsoft is currently the subject of an EU probe into its alleged anti-competitive practices, first brought to the Bloc’s attention more than a year ago by workplace collaboration company Slack.

Slack originally complained of Teams, Microsoft’s own workplace platform, and how it is bundled with the market-dominant Office 365 productivity suite illegally forced its software on users. 

The complaint and resulting probe into Microsoft’s business is the latest development in a long-running feud between the two companies. 

​Organizations in the education sector and local and state government are most at risk from email threats, according to a new report.

The report, published by IT security firm Cyren, also found that phishing remains the dominant form of attack against all industries.

Based on data gathered from nearly 45,000 incidents, researchers found that the education sector received over five threats per thousand emails received. State and local government bodies received just over two threats per thousand emails received, nearly double the amount received by the next most targeted industry, software.

The report also looked at the number of attacks per 100 users across a wide range of industries. It found that there were nearly 400 per 100 users in education compared to just over 150 in the construction industry.

Researchers said there was a surprisingly low rate for manufacturing, especially when compared to the construction industry, which is closely related.

“We observed 20 confirmed threats per 100 users in the manufacturing vertical. Without solid detection and automated incident response, a manufacturer with 100 Office 365 users would spend at least 16 hours manually investigating and remediating emails,” they added.

In a blog post, security researchers found that the data supported a widely held theory that phishing is a precursor to more damaging attacks such as business email compromise (BEC) and ransomware.

The report looked at phishing compared with malware and BEC attacks across four industries. Phishing remained the dominant threat in healthcare (76%), finance and insurance (76%), manufacturing (85%), and real estate (93%).

In healthcare, BEC attacks made up the remaining 24%. Researchers said that robust malware detection capabilities in the healthcare industry explains the high rate of BEC attempts. 

“Attackers understand that they can’t easily slip malware past automated defenses, so they have shifted to social engineering tactics,” said researchers.

Researchers said that when it comes to solving the email threat problem, user education is an important component, but several organizations have “over-rotated” on the idea that users are responsible for keeping sophisticated email threats at bay.

“The predominant trend is to use an email hygiene technology such as Microsoft Defender for Office 365 to catch 80% of threats, deploy a specialized add-on to catch and contain zero-day phishing and most BEC attempts, enable employees to perform initial analysis on the small percentage of emails that are classified as suspicious (rather than malicious or clean), and automate incident response workflows to save time and reduce exposure,” added researchers.

Google Cloud has revealed that 86% of hacked Google Cloud Platform (GCP) instances in 2021 led to cryptocurrency miners being dropped into customers’ environments.

Cryptocurrency miners being installed in cloud instances was the leading issue facing GCP customers this year with 58% of compromised instances having cryptominers installed within just 22 seconds of attackers gaining access.

Google Cloud’s Threat Analysis Group (TAG) said this led it to believe the process was script-driven without requiring human intervention.

GCP customers were targeted heavily with attackers attempting to leverage the high levels of compute available to them, without having to foot the bill.

Google Cloud also revealed cloud instances have been compromised in as little as 30 minutes, with the majority taking just eight hours.

The TAG at Google’s cloud arm noticed attackers are monitoring the public IP address space for signs of unsecured GCP instances, knowing how quickly they can compromise each one. 

«Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted,» the report read.

«The amount of time from the launch of a vulnerable Google Cloud instance until compromise varied with the shortest amount of time being under 30 minutes.»

TAG researchers also noted that threat actors gained access to GCP instances through exploiting poor customer security practices in almost 75% of all cases.

Half of these cases were compromised because of attackers exploiting instances with weak or in some cases no passwords for user accounts or API connections.

This meant unsecured GCP instances could quite easily be scanned by attackers and brute-forced with minimal difficulty.

Google Cloud customers were also at fault in 26% of cases for installing third-party software in their instance which was then exploited to gain access.

Google Cloud’s basic recommended mitigations to the flaws allowing attackers into GCP instances include ensuring accounts always have strong passwords, updating third-party software before a cloud instance being exposed to the web, and not publishing credentials in GitHub projects. 

Container Analysis is also available to GCP customers to perform vulnerability scanning and metadata storage for containers, while the Web Security Scanner in the Security Command Center can identify security vulnerabilities in their App Engine, Google Kubernetes Engine, and Compute Engine web applications.

IBM researchers have unveiled a novel method of training machine learning (ML) models that minimises the amount of personal data required and preserves high levels of accuracy.

The research is thought to be a boon to businesses that need to stay compliant with data protection and data privacy laws such as the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

In both GDPR and CPRA, ‘data minimisation’ is a core component of the legislation but it’s been difficult for companies to determine what the minimal amount of personal data should be when training ML models.

It’s especially difficult when the goal of training ML models is usually to achieve the highest degree of accuracy in predictions or classifications, regardless of the amount of data used.

The findings from the study, thought to be a world-first development in the field of machine learning, showed that fewer data could be used in training datasets by undergoing a process of generalisation while preserving the same level of accuracy compared to larger ones.

At no point did researchers see a drop in prediction accuracy below 33% even when the entire dataset was generalised, preserving none of the original data. In some cases, the researchers were able to achieve 100% accuracy even with some generalisation.

In addition to adhering to the data minimisation principle of major data protection laws, researchers suggest that smaller data requirements could also lead to reduced costs in areas like data storage and management fees.

​

Data generalisation process

Businesses can become more compliant with data laws by removing or generalising some of the input features of runtime data, IBM researchers showed.

Generalisation involves taking a feature value and breaking it down into specific values and generalised values. For a numerical feature ‘age’, the specific values of which could be 37 or 39, a possible generalised value range could be 36-40.

A categorical feature of ‘marital status’ could have the specific values ‘married, ‘never married’, and ‘divorced’. A generalisation of these could be ‘never married’ and ‘divorced’ which eliminates one value, decreasing specificity, but still provides a degree of accuracy as ‘divorced’ implies that an individual has, at one point, been married.

The numerical features are less specific, adding three additional values, while the categorical feature is less detailed. The quality of these generalisations is then analysed using a metric. IBM chose to use the NCP metric over others in consideration as it lent itself best to the purposes of data privacy.

Credit

IBM

Researchers then selected a dataset and trained one or more target models on it to create a baseline. Generalisation was then applied, the accuracy was calculated and re-calculated (see diagram above) until the final generalisation was ready to be compared to the baseline.

Credit

IBM

The accuracy of the target model is calculated using decision trees (see above) which are gradually trimmed from the bottom upwards, taking note of any significant decreases in accuracy.

If accuracy is maintained or meets the acceptable threshold after generalised data is applied, the researchers then work to improve the generalisation by gradually trimming the decision tree from the bottom upwards, increasing the generalised range of a given feature, until the final optimised generalisation is made.

​

Small and medium-sized businesses (SMBs) are being urged to update their software ahead of Black Friday and Cyber Monday to avoid financial and reputational damage.

The warning comes after the National Cyber Security Centre (NCSC) identified 4,151 online shops that had been compromised using a vulnerability within the e-commerce platform Magento. With 250,000 clients, the Adobe subsidiary is the third-largest e-commerce system globally, after WooCommerce and Shopify.

NCSC alerted the affected retailers of the vulnerability in late September, with Magento issuing a security patch on 12 October. 

All online businesses are being urged to update their software, as the mass shift to e-commerce since the start of the pandemic has caused more customers to shop online than ever before, increasing their risk of falling victim to online scams.

Hence, the NCSC has issued guidance on running a secure website and avoiding threats including skimming, which has been described as “a threat to all retailers” by British Retail Consortium assistant director Graham Wynn.

The trade association has urged “all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period”.

NCSC deputy director for Economy and Society, Sarah Lyons, said that the agency wants “small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period”.

“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” she added.

Last year, Check Point’s security researchers observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday, with phishing emails having increased by over 13 times in early November 2020. In December 2020, RiskIQ security researchers discovered around 37,000 fake retail websites set up to scam holiday shoppers, with 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas”.