Dropbox has announced a deal to acquire assets from Boxcryptor in an effort to bring end-to-end encryption to its service.
Dropbox is one of the most popular cloud storage services, but it doesn’t have end-to-end encryption like Tresorit and other more security-conscious services. Dropbox is looking to change that by acquiring assets from Boxcryptor. Boxcryptor is an independent service that helps user encrypt their files across a range of cloud services, adding an extra layer of security.
Today, we’re excited to share that we’ve signed an agreement to acquire several key assets from Boxcryptor, a provider of end-to-end “zero-knowledge” encryption for cloud storage services. The combination of Boxcryptor’s leading encryption capabilities and Dropbox’s easy-to-use product, with our already robust security features, will help us better meet our customers’ evolving needs.
The only downside to Dropbox’s plans is that it seems Boxcryptor’s features will only be available to business users:
We plan to embed Boxcryptor’s capabilities natively within Dropbox for our business users on our paid plans, adding an additional layer of security by encrypting files locally on their devices prior to syncing their content to Dropbox.
Despite the limitation, Dropbox’s announcement is good news for security-minded customers.
Microsoft will purchase a 4% equity stake in the London Stock Exchange Group (LSEG), forming a 10-year cloud partnership.
The financial sector is an increasingly important one for cloud providers, with all of the major cloud providers vying for partnerships in the industry. Microsoft has scored a major one, forming a 10-year strategic partnership with the LSEG, one that will see the Redmond-based company take a 4% equity stake.
In exchange, the LSEG will migrate its data to Microsoft Azure and will use Microsoft Azure, AI, and Microsoft Teams to build its next-generation solutions. The deal will also see Scott Guthrie, Microsoft’s Executive Vice President, Cloud and AI Group, appointed as a non-executive director of LSEG.
“This strategic partnership is a significant milestone on LSEG’s journey towards becoming the leading global financial markets infrastructure and data business, and will transform the experience for our customers,” said David Schwimmer, CEO of LSEG.
“Bringing together our leading data sets, analytics, and global customer base with Microsoft’s comprehensive and trusted cloud services and global reach creates attractive revenue growth opportunities for both companies.
“We are delighted to welcome Microsoft as a shareholder. We believe our partnership with Microsoft will transform the way our customers discover, analyse, and trade securities around the world, and create substantial value over time. We look forward to delivering on that potential.”
The two companies will also explore other opportunities to integrate digital market infrastructure with cloud technology.
“Advances in the cloud and AI will fundamentally transform how financial institutions research, interact, and transact across asset classes, and adapt to changing market conditions,” said Satya Nadella, Microsoft CEO.
“Our partnership will bring together the industry leadership of the London Stock Exchange Group with the trust and breadth of the Microsoft Cloud — spanning Azure, AI, and Teams — to build next-generation services that will empower our customers to generate business insights, automate complex and time-consuming processes, and ultimately, do more with less.”
Apple is finally adding a major feature to iCloud, upgrading its security to include end-to-end encryption (E2EE).
iCloud has always included strong encryption, labeled “Data Protection,” but it did not offer E2EE, meaning Apple ultimately held the key to unlocking users’ data. Apple reportedly investigated the possibility of adding E2EE years ago, but abandoned plans in response to FBI objections.
The company has now announced plans to roll out full E2EE for iCloud under its “Advanced Data Protection.”
“Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”
Advanced Data Protection is already available to Apple Beta Software Program members and will be available to all users in the US by year’s end. The feature will make its way to worldwide customers in early 2023.
Not surprisingly, the FBI is renewing its objection, saying it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”
“This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the bureau said in an emailed statement to The Washington Post. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”
Despite the FBI’s concerns, many other organizations are praising Apple.
“We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data,” writes the Electronic Frontier Foundation. “Encryption is one of the most important tools we have for maintaining privacy and security online. That’s why we included the demand that Apple let users encrypt iCloud backups in the Fix It Already campaign that we launched in 2019.”
Apple has completely abandoned one of its most controversial initiatives that would have involved scanning all devices for CSAM.
Tech companies are always looking for ways to identify and root out Child Sexual Abuse Material (CSAM) from their platforms. Google, Microsoft, Meta, and others routinely scan content on their cloud platforms against a centralized database of CSAM content maintained by the National Center for Missing & Exploited Children (NCMEC).
Apple’s proposed solution was much different. Apple created a two-step process that involved scanning a consumer’s device. Apple planned to install a database of hashes representing the files in NCMEC’s database on each and every iPhone, iPad, Mac, and Apple TV.
To be clear, Apple was not going to place CSAM material on devices, only mathematical hashes that represent them. Any device with iCloud enabled would then run the same mathematical hash on local photos and videos and compare them to the database of NCMEC hashes. Once a threshold of matches was reached, the case would undergo human review before being forwarded to the authorities if the matches were accurate. Until that happened, all results would remain completely anonymous.
After pushback from the industry and security and privacy experts, Apple originally delayed rollout and has now abandoned its plans in favor of other, less dangerous methods.
“After extensive consultation with experts to gather feedback on child protection initiatives we proposed last year, we are deepening our investment in the Communication Safety feature that we first made available in December 2021,” the company told WIRED in a statement. “We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos. Children can be protected without companies combing through personal data, and we will continue working with governments, child advocates, and other companies to help protect young people, preserve their right to privacy, and make the internet a safer place for children and for us all.”
The company will instead focus on its opt-in Communication Safety features that parents can activate to flag inappropriate texts, pictures, and videos sent to their children via iMessage.
“Potential child exploitation can be interrupted before it happens by providing opt-in tools for parents to help protect their children from unsafe communications,” the company continued in its statement. “Apple is dedicated to developing innovative privacy-preserving solutions to combat Child Sexual Abuse Material and protect children, while addressing the unique privacy needs of personal communications and data storage.”
The new approach is a far more balanced one to the responsibilities Apple is trying to wield while preserving individual privacy. While Apple’s original scanning approach seemed promising in terms of privacy, it also posed a host of problems. Security and privacy experts immediately pointed out the danger of Apple being forced by governments to use its matching algorithm for other purposes, such as political, religious, or human rights surveillance. There are also documented instances of non-CSAM images being placed in the NCMEC database, opening the possibility of false positives.
Not surprisingly, the EU recently proposed new rules that sound eerily similar to Apple’s method, while simultaneously acknowledging “the detection process would be the most intrusive one for users.”
Interestingly, Princeton researchers developed a similar system shortly before Apple and ultimately tabled it, and wrote a paper on why it should never be used.
“Our system could be easily repurposed for surveillance and censorship,” the researchers wrote. “The design wasn’t restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser.”
Overall, Apple’s announcement is a welcome one. To be fair, however, more time will need to pass to ensure Apple lives up to its promise and has not been forced to implement its scanning technology covertly.
Verizon is letting users test drive its 5G network without any commitment for 30 days
Verizon is competing with T-Mobile and AT&T for the 5G market, although both it and AT&T still have quite a bit of ground to cover in their efforts to catch up. Verizon is hoping a free test drive will help, offering users 30 days to try “America’s Most Reliable 5G Network” with “no strings attached.”
“There is no better time to switch to Verizon than right now and we are confident that once you take a test drive, you’ll wonder why you ever settled for one of the discount carriers,” said Chris Emmons, vice president of devices and accessories at Verizon. “So confident, in fact, that we’ve created Verizon Test Drive, a simple, seamless way for new customers to try out our network and services on an unlocked eSIM smartphone, for free, over a 30-day trial period without any contractual obligations.”
The Verizon Test Drive will give users full access to the company’s fastest 5G Ultra Wideband network, its 5G Nationwide network, as well as its 4G LTE network. Potential customers will also have unlimited talk and text, as well as up to 100 GB of 4G and 5G data, and 480p streaming. Individuals can try Verizon’s service with no credit check, and without losing their existing service.
The Pentagon has awarded contracts to multiple cloud vendors as it seeks to replace the defunct JEDI contract.
The Joint Enterprise Defense Infrastructure (JEDI) contact was the Pentagon’s attempt to modernize its IT operations and migrate to the cloud. AWS was largely seen as the frontrunner until Microsoft was awarded the entire $10 billion contract. AWS responded by suing the Pentagon relentlessly until the DoD canceled the contract in favor of the $9 billion multi-vendor Joint Warfighter Cloud Capability (JWCC).
“The purpose of this contract is to provide the Department of Defense with enterprise-wide, globally available cloud services across all security domains and classification levels, from the strategic level to the tactical edge,” the DoD writes in the award notices. “The Joint Warfighting Cloud Capability will allow mission owners to acquire authorized commercial cloud offerings directly from the Cloud Service Providers contract awardees. Joint Warfighting Cloud Capability is a multiple award contract.”
The multi-vendor contract was awarded to AWS, Google Cloud, Microsoft, and Oracle. Rather than define the share of the contract each company will receive, each company is part of the same $9 billion pool and will receive funds as their services are needed.
“No funds will be obligated at the time of award; funds will be obligated on individual orders as they are issued,” the DoD continues.
Only time will tell if all four cloud players, especially AWS, accept the terms or resort to lawsuits in an effort to secure more favorable terms.
Update: Amazon has reached out to WPN with the following statement:
“We are honored to have been selected for the Joint Warfighting Cloud Capability contract and look forward to continuing our support for the Department of Defense. From the enterprise to the tactical edge, we are ready to deliver industry-leading cloud services to enable the DoD to achieve its critical mission.”
Maryland has become the second state to ban TikTok over cybersecurity concerns, also banning other Chinese and Russian apps and services.
Concerns have been growing over the security and privacy risk TikTok poses. South Dakota banned the app from state-owned devices and Maryland has now followed suit. Governor Larry Hogan issued an emergency cybersecurity directive banning TikTok from state agencies. The directive also bans other Chinese and Russian apps.
“There may be no greater threat to our personal safety and our national security than the cyber vulnerabilities that support our daily lives,” said Governor Hogan. “As the cyber capital of America, Maryland has taken bold and decisive actions to prepare for and address cybersecurity threats. To further protect our systems, we are issuing this emergency directive against foreign actors and organizations that seek to weaken and divide us.”
The ban covers the following entities:
TikTok; Huawei Technologies; ZTE Corp; Tencent Holdings, including but not limited to: Tencent QQ, QQ Wallet, and WeChat; Alibaba products, including but not limited to: AliPay; and Kaspersky.
State agencies must remove all such services and take measures to prevent their installation and use.
“This action represents a critical step in protecting Maryland State systems from the cybersecurity threats caused by foreign organizations,” said State CISO Chip Stewart.
IBM is raising the price of storage for customers outside the US, the latest indication of the effects of growing inflation.
IBM has announced storage price increases for customers in Canada, Europe, Japan, the Caribbean, and regions in Africa including South Africa and Morocco, according to TechRadar and The Register.
Customers will see 5% to 10% increases for FlashSystem 5000, FlashSystem 7000, IBM Elastic Storage System (ESS), IBM SAN Volume Controller, and IBM Cloud Object Storage (COS).
While IBM has not officially commented on the reason for the price increase, rapidly rising inflation is likely the cause.
SolarWinds is facing monetary and enforcement consequences as a result of its supply chain attack in 2020.
SolarWinds was the victim of a supply chain attack in which attackers compromised one of SolarWinds IT tools that was used by companies and government agencies around the world. As a result, at least 18,000 of SolarWinds customers downloaded the compromised software, with many being directly hacked.
It appears the company is now facing the consequences, both with shareholders and the SEC. In a filing with the SEC, the company says it has agreed to pay shareholders $26 million.
SolarWinds entered into a binding settlement term sheet with respect to the previously disclosed consolidated putative class action lawsuit….The settlement, if approved, would require the Company to pay $26 million to fund claims submitted by class members, the legal fees of plaintiffs’ counsel and the costs of administering the settlement.
In addition, the company also revealed that it had been notified of an SEC Wells notice, which could lead to enforcement action.
Also on October 28, 2022, the enforcement staff of the U.S. Securities and Exchange Commission (the “SEC”) provided the Company with a “Wells Notice” relating to its investigation into the previously disclosed cyberattack on the Company’s Orion Software Platform and internal systems. The Wells Notice states that the SEC staff has made a preliminary determination to recommend that the SEC file an enforcement action against the Company alleging violations of certain provisions of the U.S. federal securities laws with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.
It is not surprising the SEC is taking such action. The SolarWinds attack was one of the most devastating cyberattacks in history and had a profound impact on companies and agencies. The US Judiciary even went so far as to return to paper records in the wake of the attack.
Rackspace is dealing with a “security incident” involving its Hosted Exchange service, prompting the company to shut the service down.
Rackspace first became aware of the issue on Friday, December 2. The company acknowledged the issue on its incident report page:
On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.
The company updated its report Sunday, saying it was working on the problem but customers should considering using Microsoft 365 in the meantime:
We continue to make progress in addressing the incident. The availability of your service and security of your data is of high importance. We have committed extensive internal resources and engaged world-class external expertise in our efforts to minimize negative impacts to customers. We will continue to report our progress and update you as we have more information that we can share.
In order to best protect the environment, this will continue to be an extended outage of Hosted Exchange. At this time, moving to Microsoft 365 is the best solution for customers, and we highly encourage affected customers to move to this platform. Since our last update, we have been able to successfully restore email services to thousands of customers on Microsoft 365.
AST SpaceMobile has signed a five-year deal with Nokia as it works to develop the only space-based cellular network.
AST SpaceMobile’s goal is to provide 4G and 5G cellular service from space. Such a network would be largely immune from many of the geographical issues that can impede traditional terrestrial network rollouts. Like any spaced-based service, AST SpaceMobile’s service will require ground base stations, which Nokia will provide, according to the companies.
Nokia will provide equipment from its comprehensive, energy-efficient AirScale portfolio including its AirScale base stations powered by its latest generation of Nokia’s ReefShark System-on-Chip (SoC) chipsets. AST SpaceMobile will benefit from Nokia’s modular baseband plug-in cards which add capacity where it is needed offering flexibility and efficiency. Nokia will also provide its NetAct solution for network management and seamless daily network operations as well as optimization and technical support services.
The combination of Nokia’s technology and expertise, combined with AST SpaceMobile’s plan for global coverage, should help close the connectivity gap for millions of people around the world.
“With the integration of Nokia’s AirScale system, AST SpaceMobile and Nokia are taking an important step toward closing connectivity gaps all over the world,” said Scott Wisniewski, Chief Strategy Officer at AST SpaceMobile. “Nokia is supporting us with dozens of engineers and development professionals, including leading architecture research experts at Bell Labs, the world-renowned industrial research arm of Nokia. In the coming months, we are scheduled to launch our BlueWalker 3 test satellite into low Earth orbit, which has a 64-square meter phased array antenna designed for direct-to-cell connectivity. With this satellite, we plan to conduct testing all over the world with leading mobile network operators, leveraging Nokia’s technology solutions on the ground.”
Networks may be the critical component that makes the world work, but 70% of CEOs believe theirs is inhibiting business growth.
NTT has released its 2022 Global Network Report (via TechRepublic, and it paints a worrying picture about the state of many companies’ networks. A staggering 70% of CEOs believe their network is actually inhibiting their companies’ growth, while only 50% believe their network tech is aligned with business goals.
The adoption of new technologies, such as cloud deployments, AI, edge computing, and more, has led to a struggle to have staff with the necessary skills. In fact, 71% of organizations say they lack the necessary in-house talent to handle their network needs.
These challenges come at a time when the competitive and security factors driving advanced network adoption is higher than ever.
“Levels of investment in the network have surged, with the results of this research showing many organizations are leaning towards key partners and managed service solutions to fulfill their requirements,” said Amit Dhingra, executive vice president at NTT.
Because many executives are looking to network-as-as-service to help deal with these challenges, NTT emphasized the specific factors companies should consider:
“Businesses should consider security, skills competency, ability to scale, private 5G and software-defined networking when selecting a network service provider,” Dhingra said. “In the long term, blockchain, further AI and automation, AR and VR, quantum networking, 6G and photonic computing will affect how networks are delivered.”
NTT’s report is good news for tech workers, as it shows there are plenty of opportunities for advancement in the industry, and such opportunities show no sign of abating.
Zorin OS is an excellent Linux distro aimed at new users, although it offers a little something for everyone.
Although I briefly played with Linux Mandrake and Caldera Linux a couple of decades ago, Zorin OS was my first introduction to Linux when I decided to switch from the Mac in early 2022. Since I am a former Mac user, where UI design plays a major part in the Apple experience, I was attracted to the professional design of Zorin OS and its desktop-centric focus.
Zorin OS Background
Zorin OS is a Linux distro built and maintained by the two Zorin brothers in Dublin, Ireland.
Zorin is based on Ubuntu LTS (long-term support). Ubuntu is hands-down the most widely-used distro in the world and has the largest selection of available apps, making it a wise choice to base a distro on it. Zorin’s initial release was in 2009, giving the distro a decently long track record.
Editions, Desktop Environments (DE), and Appearance
Zorin comes in three editions: Core, Pro, and Lite.
Core is the main edition and comes with the Gnome DE. This isn’t your father’s Gnome, however, as Zorin has heavily customized the look and feel. In so doing, Zorin avoids many of the criticisms that are often leveled against Gnome.
Zorin Lite, on the other hand, uses Xfce for a lighter footprint, although it is a heavily customized implementation like its Gnome counterpart. In fact, while Xfce is often criticized for being fairly plain-looking, Zorin is widely praised as having one of the most beautiful implementations of Xfce.
Zorin offers a Pro version for both the Core and Lite editions. The Pro versions come with all the software the average user coming from Mac or Windows might need to get up and running. Nothing is unique or something that can’t be installed independently, but for $39 the Pro version saves some work. Upgrading to the Pro version also provides installation support, something that few distros provide.
Springing for the Pro version also provides a way for Zorin OS users and fans to help support the project and ensure its longevity. Certainly not required, but its an easy way to support an important open source project for the price of a few coffees.
One of Zorin’s hallmark features is the Zorin Appearance app. The app allows users to change between several different interface presets, such as macOS, Windows, Ubuntu, and more. Users who spring for the Pro version will have access to a couple of additional presets.
Zorin Windows 11 and macOS Layouts – Credit Zorin
Software Availability
As stated, Zorin OS is based on Ubuntu. As the most popular distro, Ubuntu has the largest selection of apps. In fact, it’s a safe bet that if a developer only has the bandwidth to support one family of distros, it’s probably going to be Ubuntu’s .deb files.
In addition to native packages, Zorin supports Ubuntu’s Snap packages, which are designed to be self-contained applications. Whereas native packages are fairly small in size and rely on whatever system libraries are installed, Snap packages have all their dependencies contained within and are one of a new generation of Linux packaging formats designed to make it easier for developers to support multiple distributions. Since Ubuntu’s parent company, Canonical, developed Snaps, many of Ubuntu’s child distros support the format.
Where Zorin rises above Ubuntu is in its support for Flatpaks, a package format that competes with Snaps. While Snaps are used for desktop, server, and IoT apps, Flatpak is focused exclusively on the desktop. As a result, many users prefer Flatpaks over Snaps, but Flatpak is not installed by default on Ubuntu. Zorin, on the other hand, includes Flatpak out of the box, alongside Snaps and native packages.
To be clear, Flatpak can be easily installed on any distro, including Ubuntu. But the fact that Zorin includes all three package formats out of the box is just one more way in which it is geared toward new users and requires very little additional setup to take advantage of the wealth of apps available. All three package types are supported in the Zorin software store, giving users an easy way to install the package of their choice from a graphical interface.
Zorin also includes Zorin Connect, a fork of KDE Connect, which allows you to connect their Android phone to your computer to sync texts and notifications, send files and pictures, and control various aspects of your computer from your phone.
Zorin Connect – Credit Zorin
For users with Nvidia drivers, which are always a bit of a challenge on Linux, Zorin makes it incredibly easy to install the necessary drivers.
At the same time, more experienced users who want to install the apps of their choice can choose the “Minimal install” option and build up their system from there.
Versions and Updates
Since it’s based on Ubuntu LTS, Zorin doesn’t always have the latest and greatest version of the software, as some other distros do. Instead, LTS versions of Ubuntu and its derivatives focus on stability and reliability.
For example, the Core edition of Zorin OS 16.2 (the most current version released October 2022) is still running Gnome 3.36.1, while the latest version of Gnome is 43 (Gnome jumped from 3.38 to Gnome 40). This puts it several versions behind the official release.
At the same time, however, because Zorin relies on such a heavily customized version of Gnome, most users won’t really notice that it’s behind. In fact, some of the features that have just made it into Gnome 43, such as accent colors, have been in Zorin’s customized implementation for some time.
This also holds true for the other apps included with the OS. Because Flatpak and Snap are both supported out of the box, users aren’t stuck with the older versions of apps that are in the native repos. Instead, they can enjoy the benefit of a stable LTS base while relying on Flatpaks and Snaps for more up-to-date versions of their favorite apps.
Support and Community
As mentioned, Zorin OS Pro comes with installation support provided by the development team.
The distribution has a vibrant and friendly forum on the company’s website where users can find answers to any issues they may encounter. In addition, because Zorin is based on Ubuntu, the vast majority of Ubuntu answers and solutions that would show up in a search will work perfectly on Zorin as well.
Rating
As stated at the outset, Zorin OS is an outstanding distro with something for everyone. New users will appreciate its pre-built layouts that provide a familiar starting point. More advanced users will no doubt enjoy the option to choose a minimal install while having access to the widest breadth of software available, thanks to the inclusion of both Flatpaks and Snaps.
Ultimately, it’s hard to go wrong with Zorin OS, and it would be one of my first choices for anyone looking to give Linux a spin.
According to a new report, software as a service (SaaS) adoption is slowing despite widespread popularity.
BetterCloud has released its 2023 State of SaaSOps report, shedding light on the SaaS industry. The report contains feedback from 743 IT and security professionals, providing valuable insights into the state of affairs.
Some 40% of those polled reported consolidating redundant SaaS apps, accounting for a significant slowdown in adoption. Despite the slower pace, adoption is still up 18% from last year, with organizations using an average of 130 SaaS apps.
Interestingly, despite the importance of SaaS, 59% of those polled reported it was a challenge to manage “SaaS sprawl,” with shadow IT being a prime culprit. Shadow IT refers to instances where departments within an organization deploy their own IT systems without the oversight of the IT department. Demonstrating the extent of the problem, respondents reported that 65% of all SaaS services are deployed without authorization from IT, raising additional security and privacy concerns.
In response to these challenges, IT departments are increasingly bringing SaaS services under their control, with 57% doing so in the last 12 months. Many IT departments are also turning to automation to help manage their SaaS services, with 71% having automated at least one help desk service and 43% having a dedicated SaaSOps automation role or team.
Despite the challenges, BetterCloud is optimistic about the future of the SaaS industry.
“This is our tenth year surveying IT about the SaaS-powered workplace and one thing remains true: SaaS is critical to doing business and to providing a better employee experience,” said David Politis, CEO, BetterCloud, in a statement to WPN. “Yet, in the last few years, the rush to adopt SaaS has outpaced IT’s ability to keep up with management and security challenges. Our research this year highlights these growing pains, but also shows that investments in automation are helping IT stay one step ahead of SaaS application growth.”
BetterCloud’s 2023 State of SaaSOps report is well worth a read and contains additional insights into the industry that every IT professional should know.
Microsoft CEO Satya Nadella is bullish on the Asian data center market, including China and India, at a time when trade tensions are ramping up.
Microsoft operates the second-largest cloud platform and, as such, operates data centers around the world. As one of the world’s largest growth markets, Asia represents tremendous opportunity for the company.
Nadella singled out two countries as especially important to the company’s future: China and India.
“We’re absolutely committed to all of these countries and in China too,” Nadella said. “Today, we primarily work to support multinational companies that operate in China and multinational companies out of China.”
Similarly, while India is important to the company’s future, Microsoft sees significant changes to the market.
“Microsoft’s presence in India was about mostly multinational companies operating in India. But for now, it’s completely changed,” he said.
“It’s the reverse where these companies who are innovating in India, whether it’s the big large conglomerates, or the new startups, are all using [artificial intelligence] cloud technology to be able to innovate and create services that are obviously popular in India and elsewhere,” he added.
In all, Nadella said Microsoft plans on investing in at least 11 different regions.
AWS is unveiling its latest initiative designed to help it remain the cloud leader: the AWS Digital Sovereignty Pledge.
Digital sovereignty is an increasingly important aspect of cloud computing, as countries and jurisdictions endeavor to legislate privacy, security, and other online concerns. AWS has always strongly supported digital sovereignty, being the first major cloud provider to give customers the ability to control where their data was hosted, as well as how and where it moved.
The company is doubling down on that track record with its AWS Digital Sovereignty Pledge, giving customers the most powerful tools available for managing digital sovereignty.
“Our approach to delivering on this pledge is to continue to make the AWS Cloud sovereign-by-design—as it has been from day one,” writes Matt Garman, Senior Vice President of AWS Sales, Marketing and Global Services. “Early in our history, we received a lot of input from customers in industries like financial services and healthcare—customers who are among the most security- and data privacy-conscious organizations in the world—about what data protection features and controls they would need to use the cloud.”
The company is applying this “sovereign-by-design” approach in several key areas:
Control over data location
Verifiable data access control
Everything, everywhere encryption
Cloud resilience
“At AWS, earning customer trust is the foundation of our business. We understand that protecting customer data is key to achieving this,” Garman continues. “We also know that trust must continue to be earned through transparency. We are transparent about how our services process and transfer data. We will continue to challenge requests for customer data from law enforcement and government agencies. We provide guidance, compliance evidence, and contractual commitments so that our customers can use AWS services to meet compliance and regulatory requirements. We commit to continuing to provide the transparency and business flexibility needed to meet evolving privacy and sovereignty laws.”
Ireland is once again slapping Meta with a hefty fine, this time to the tune of $277 million for failing to protect user data from scraping.
Data scraping is the process of using automated methods and scripts to collect data from a website. The data may be publicly available or require access. News of the scraping breach first broke in early 2021, although the actual incident occurred prior to 2020. In all, some 533,000,000 Facebook accounts were impacted.
Ireland’s Data Protection Commissioner (DPC) has now levied the third-largest fine against Meta, saying the company did not do enough to protect its users’ data and prevent personal information, phone numbers, email addresses, and more from being scraped.
According to Independent.ie, some 1.3 million Irish Facebook accounts were impacted. Some of the impacted accounts included “gardai, sitting judges, prison officers, social workers, journalists and others.” The breach also coincides with a spike in scam attempts across the EU and Ireland.
“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for data protection by design and default,” the DPC said in a statement. “The DPC examined the implementation of technical and organisational measures pursuant to Article 25 [of] GDPR.”
The investigation was evidently started last year, after news of the breach.
“The DPC commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet,” the DPC statement said.
“The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited during the period between 25 May 2018 and September 2019.”
To make matters worse, Facebook apparently is not interested in accepting full responsibility for the incident or fully committing to preventing such incidents in the future. In fact, as we previously covered at WPN, Facebook accidentally sent a memo to a journalist in which the company complained about the negative coverage it was receiving over the breach.
In the memo, the company also outlined its goals moving forward, including efforts to “normalize the fact that this activity happens regularly.”
Thankfully, Ireland’s DPC doesn’t believe data scrapping should be accepted as ‘normal’ and is holding Meta’s feet to the fire.
In a report that surprises no one, half of of small computer shops access customers’ private data, with some copying and saving it.
Small computer repair shops may be a common site, but a new report indicates customers should be wary before taking their computers to them. Researchers at University of Guelph in Ontario, Canada took laptops to 12 repair shops. The laptops were fully functional, except for a disabled audio driver. The researchers specifically chose that issue, since it is easy to diagnose and repair, and does not require access to personal files.
The researchers populated the computers with what appeared to be personal information, online accounts, a crypto wallet, and a variety of sexual and non-sexual pictures. The researchers also made it appear that half the computers belonged to men and half to women.
In 50% of cases, the researchers found that personal files were accessed by the repair shop, although unsurprisingly the computers that seemed to be belong to women were much more likely to have their data accessed. In at least two cases, one for a male customer and one for a female, data was copied and saved onto personal devices.
“We were blown away by the results,” Hassan Khan, one of the researchers, said in an interview with Ars Technica. The researchers were especially concerned with the data copying.
“We thought they would just look at [the data] at most,” Khan added.
With few if any real privacy safeguards in place, most customers would do well to take their computers to reputable large companies, at least until small shops get with the program, in terms of privacy.
Zoom has come a long way since its heyday during the pandemic, with its stock down 90% and challenging growth prospects ahead.
Zoom quickly became the poster child for videoconferencing during the pandemic, as businesses, schools, churches, and families turned to the platform to stay in touch. As things have returned to normal, however, the company has struggled to maintain its growth and fend off larger rivals.
The company’s stock is now down 90% over its pandemic peak. What’s more, growth prospects are far slimmer moving forward, with Slack, Microsoft Teams, and others posing more challenges to its core business. Zoom is trying to address this by rolling out additional applications and services, such as Zoom Mail and Zoom Calendar.
Even with the pivot, however, analysts believe the company still has a long road ahead of it before it can return to the type of growth investors have become accustomed to.
“Zoom has a fundamental flaw – it has needed to spend heavily to keep hold of market share. Spending to cling onto, rather than grow, market share is never a good place to be and was a sign of trouble ahead,” said Hargreaves Lansdown equity analyst Sophie Lund-Yates, according to Reuters.
“The game is not over for them but without acquisitions this is a multi-year path to returning to higher growth,” said Needham & Co analyst Ryan Koontz.
France has shot down the possibility of schools using free versions of Microsoft 365 and Google Workspace.
Schools around the world rely on Microsoft 365 and Google Workspace, since both productivity options provide commercial-grade features for free, especially for schools. As part of the EU, France is concerned the productivity suites are not compatible with EU privacy laws and run afoul of French procurement laws, since there is no payment exchanged.
“Free service offers are therefore, in principle, excluded from the scope of public procurement,” the Ministry of National Education statement says, according to The Register.
Moving to the paid versions of both productivity suites only solves one potential problem, namely the procurement issue, with data privacy still being a major sticking point.
The EU has been cracking down on the use of US-based cloud services that store user data within the US. Because of the vast surveillance programs US agencies engage in, the EU does not deem US-based data storage as a safe option for its citizens.
Microsoft and Nvidia are teaming up to build a cloud-based supercomputer with a focus on artificial intelligence (AI).
Nvidia chips are staples in AI development, with GPUs offering a number of performance benefits over traditional CPUs. Microsoft and Nvidia are collaborating to combine Nvidia’s GPUs with Microsoft’s Azure cloud computing platform.
The companies say the result of the collaboration will be one of the most powerful cloud-based AI supercomputers in the world. In addition, as part of the collaboration, Nvidia will use Azure virtual machine instances to further AI development.
“AI technology advances as well as industry adoption are accelerating. The breakthrough of foundation models has triggered a tidal wave of research, fostered new startups and enabled new enterprise applications,” said Manuvir Das, vice president of enterprise computing at NVIDIA. “Our collaboration with Microsoft will provide researchers and companies with state-of-the-art AI infrastructure and software to capitalize on the transformative power of AI.”
“AI is fueling the next wave of automation across enterprises and industrial computing, enabling organizations to do more with less as they navigate economic uncertainties,” said Scott Guthrie, executive vice president of the Cloud + AI Group at Microsoft. “Our collaboration with NVIDIA unlocks the world’s most scalable supercomputer platform, which delivers state-of-the-art AI capabilities for every enterprise on Microsoft Azure.”
