Category: Specials

Getting ready to procure managed services to help support or augment your security team? You’re not alone: 62% of organizations said they plan to outsource some or all of their IT security functions in 2022, according to the Foundry 2021 Security Priorities Study.

Before going down that route, it’s wise to gather your requirements and think about the services you want from a managed security services provider (MSSP).

There are a several basic considerations when choosing your service provider, including: the MSSP’s experience, the types of support and services they offer, and how their service level agreements are structured. You’ll also want to know the MSSP’s specific domains of expertise and how they correlate with your needs.

In addition, small and midsize businesses (SMBs) in particular should pay attention to several factors when evaluating their potential partner. When you’ve got a small IT staff, you’ll need to trust the MSSP is adequately able to address:

• Business continuity: How well does the service provider protect you from different types of business interruptions? Servers, software, and cloud services are subject to outages, and humans make mistakes. Ask the MSSP if they have a disaster recovery site and a strategy for failures in their infrastructure or human errors. Also find out if they have insurance to cover potential liabilities.

• Self-protection: Third-party and vendor security is critical, especially in light of cyberattacks that affect an entire supply chain. How the MSSP protect itself and your data from being compromised, stolen or encrypted? Which best practices or solutions do they employ to protect their own infrastructure? Do they have storage-side and in-transfer data encryption mechanisms? How do they handle access control and multi-factor authentication?

• Data accessibility: You must be able to get your data quickly when you need it. Find out how access to your data is regulated and what level of control you will have over your data? Also ask if there are self-service capabilities that give you greater and faster control.

The steps SMBs must take to prepare internally

Data is the lifeblood of your organization, so in addition to accessibly, ensure you — and your MSSP — sufficiently plan for data protection.

“We recommend five vectors around data protection,” said Alex Ruslyakov, channel chief at Acronis. “The first is that organizations should always keep a copy of their data for recovery in case of a security incident.”

The other four:

• Data accessibility anywhere, anytime
• Data control with visibility into its location and use
• Data authenticity: proof that a copy is an exact replica of the original
• Multiple layers of security for air-tight data protection against bad actors

Although no vendor or service provider can claim 100% protection from cyberattacks, the right MSSP has a plan for when an incident does occur, Ruslyakov said. Ask about their recovery strategy and how they ensure that the data being recovered was not compromised/infected.

Finally, it’s important to have visibility into exactly what you’re paying for. What level of detail can you expect in your invoice? Can the MSSP validate usage for which you’re being charged?

A service provider’s proven track record and use of best-in-class technology goes a long way toward establishing confidence that the MSSP can fill your security needs. However, SMBs should also dig into the details to ensure their data and business are protected.

From applications to infrastructure, click here to see how Acronis can help your organization fill security gaps and protect your business.

Above a desk somewhere at Apple HQ someone has probably pasted the slogan, “Another week, another lawsuit,” and this week seems no different as the EU is targeting Apple Pay, or to be more specific, how Apple constrains use of the NFC chip inside iPhones.

What’s the claim?

The second charge in Europe this year, EU antitrust regulators have alleged that Apple restricts competitors by denying access to the NFC (Near-Field Communications) technology it uses in its mobile wallet.

Apple has been sent a statement of objections in which regulators detailed how it has abused its dominance position in markets for mobile wallets on iOS in contravention of Article 102 of the TFEU.

Apple Pay has access to the NFC Input APIs, which the company does not make available to third-party payment firms. However, other platforms do permit third parties to access NFC tech to make such payments.

The EU statement says it “does not take issue with the online restrictions nor the alleged refusals of access to Apple Pay for specific products of rivals that the Commission announced that it had concerns when it opened the in-depth investigation into Apple’s practices.”

Both the latter matters were part of the investigation when it began in 2020, allegedly in response to complaints raised by PayPal.

The case is different from the proposals within the EU Digital Markets Act, which will also affect Apple’s business. Apple is facing scrutiny and regulation in most of its major markets, including the UK, US, Korea, Europe, Japa,n and elsewhere.

What the EU says

“In our Statement of Objections, we preliminarily found that Apple may have restricted competition, to the benefit of its own solution Apple Pay. If confirmed, such a conduct would be illegal under our competition rules,” Executive Vice President Margrethe Vestager said in a statement.

Regulators argue that Apple has significant market power in the mobile device market and dominates mobile wallets. The Commission argues that the company is abusing this power by reserving access to NFC tech on its devices to Apple Pay, to the detriment of competitors and consumers.

Apple will now have time to examine the allegations and respond to them as part of the ongoing investigation.

The Statement of Objections should not be confused with being a final judgement — though Vestager has already rejected counterarguments concerning security and regulators seem deaf to the need for user privacy.

What Apple says

In a statement provided to me, Apple defended itself, saying: “We designed Apple Pay to provide an easy and secure way for users to digitally present their existing payment cards and for banks and other financial institutions to offer contactless payments for their customers.

“Apple Pay is only one of many options available to European consumers for making payments and has ensured equal access to NFC while setting industry-leading standards for privacy and security. We will continue to engage with the Commission to ensure European consumers have access to the payment option of their choice in a safe and secure environment.”

It is worth noting that Apple recently opened the NFC chip to Apple developers for use with Apple’s Tap to Pay feature, which turns iPhones into card readers. This does not yet allow rivals to use the NFC chip to make payments from iPhones. Apple also recently published a report that showed how successful third-party apps could be on its platforms.

What’s the history?

Apple really began laying the foundations for payment tech in iPhones years before the 2014 introduction of Apple Pay. In 2010, it acquired contactless/near field communications tech firm, VIVOtech and soon recruited industry expert Benjamin Vigier as its product manager of mobile commerce.

Vigier was likely a key hire to enable Apple’s plans; he also led development of mobile payment systems for Starbucks and Paypal. That hire wasn’t random. Apple had already filed patents for use of NFC tech by then, and speculation concerning Apple’s plans to hold flight tickets on iPhones had already begun.

When Apple did launch the service, it did so long behind everyone else, but Apple Pay soon eclipsed that of similar services from Samsung, HTC, and others. It turned out that people making mobile payments wanted brand trust, security, and biometric identity to seal these transactions.

Since then, Apple Pay has possibly become the most widely used NFC-based payment system in the world; it’s arguable that the iPhone maker has done more than most to break down initial consumer resistance to mobile payment systems.

Why is this happening?

Apple is a victim of its own success. When the company introduced the iPod and launched its iTunes ecosystem, it was a small company fighting for survival against Microsoft and others.

The same basic business plan Apple used with iTunes was subsequently transposed around iPhone and the App Store. Today the company has become the world’s most valuable tech company, which means it is under a different set of rules.

While before it was a small player fighting for position, today it has become a major firm and must anticipate scrutiny. It must also develop a new approach to this side of its business, while shoring up revenue elsewhere.

It seems inevitable the mobile payments space would become messy.

Arguably, most mobile payment systems have failed amid suspicion about the entire sector that emerged in 2010. Apple has built a far deeper currency of trust across its customer base and seems to have bigger ambitions in the financial services space. These ambitions inevitably pit the company against incumbents in the space, so it’s of little surprise to see the regulators getting involved.

What’s at stake?

Money. If the EU finds Apple guilty, it could be fined up to 10% of its global turnover, though it is unlikely to be punished to that extent. Apple Pay is used by more than 2,500 banks in Europe along with over 250 challenger banks and fintech services.

In the background, we also have continued speculation around Apple’s plans to introduce new payment services and to extend Apple Card availability outside the US. Associated with this, we also hear rumors the company may intend to launch an Apple-as-a-service plan.

What might happen?

Apple seems ready to fight tooth and claw to protect its strategy of making some features platform specific. Total control of its ecosystem has always been part of its approach, so this is philosophically in keeping with that strategy.

All the same, the shades of tech regulation cast heavy shadows on the company at this time, and as in any conflict resolution will eventually be reached through a combination of negotiation and regulation.

This could take years, but the arguments being made elsewhere concerning its ecosystem probably also apply here.

I think the ultimate question will be how much Apple can charge third-party companies for access to profitable parts of its system without being seen as anti-competitive. And to what extent will regulatory activity dilute the user experience?

During the course of events, I imagine Apple will attempt to say that those complaining about its business practices in mobile payments are attempting to capitalize on its work, given other attempts to create systems as popular as its own have already failed.

That argument likely won’t win regulators over to its position, but may help the company justify a right to demand a slice of any future transactions made using its platforms on services provided by third parties. I doubt the latter will get a free ride.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Otter.ai has been updated for iOS, introducing new tools that move it forward from being a transcription solution toward becoming a work productivity hub. Sam Liang, Otter.ai co-founder and CEO, told me a little about the company’s plans.

Otter wants to make distanced working meaningful

We know the pandemic accelerated adoption of remote and hybrid working practices. While this was a visible direction before COVID-19, the need to maintain distance meant even the most refusenik bosses had to support Work from Home (WFH), at least for a while.

It is, of course, true to say that some of these hard-won freedoms have been eroded in some workplaces of late, but remote and hybrid work has seen wider acceptance than ever before. Even Apple, albeit reluctantly, seems to have accepted that staff don’t need to be in the office every day of the week.

A recent Topia study claims 94% of employees think they should be able to work from anywhere, so long as they get their work done. With 34% of workers prepared to resign this year if they don’t get the flexibility they need, it’s only a matter of time before employers truly embrace these new workflows. It turns out that most businesses are run by humans, and they need to be heard.

Perhaps inevitably, remote work prompted a huge shift toward virtual and hybrid meetings. Otter claims over 500 million people attend such meetings daily. The company has seen a 400% increase in the number of meeting minutes it’ transcribed year-on-year — from 3 billion minutes to 12 billion in the last 12 months.

Even while changing the way we work represents a cultural shift that makes some business leaders uncomfortable, it also enables real advantages to smart companies willing to engage with the trend.

Where we are going

Liang explains:

“Before the pandemic, the traditional norms of how meetings were conducted and how businesses were run did not always leverage the skills of everyone and didn’t encourage collaboration,” he said.

“We lived in an extroverted world where meetings were dominated by people who could hear and process information, not worry about distractions, and liked to speak up. This type of communication not only was exclusive and lacking accessibility for many professionals, it prevented a lot of valuable productivity and collaboration.”

Remote work changed this dynamic. It created a slightly more equal environment in which introverts gained a better chance to be heard. And tools like Otter are yielding additional benefits, such as in accessibility. Hard-of-hearing employees can join a meeting and use Otter’s real time transcription to follow the conversation in real time. 

“In this new hybrid work world, more companies are enabling new modalities, meetings, use cases — inherently pushing new tools into the world that empower businesses to leverage all of their talent more and encourage collaboration,” the Otter CEO told me.

The impact? Many improvements in work/life balance that give employees the flexibility they need to do their job both in and out the office, asynchronously, when and where they need to be — with the addition of boosted productivity to ice that cake.

That’s the context, so what’s new in Otter.ai?

Otter.ai’s new tools

The new Otter.ai introduces a series of useful tools to help augment communication using technology – and delivers tools that may optimize those meetings for you.

The Home Feed & Calendar feature, for instance, acts as a central repository of information about your meetings, making it easy to access conversations, highlights of conversations, and any tagged action items.

If you connect your calendar, you’ll also see any upcoming scheduled meetings and can invite Otter Assistant to join in, capture, and share meeting notes. You can also ask the assistant to attend and capture a meeting on your behalf if you can’t make it.

Meeting Gems is another useful tool. These can be generated directly from your meeting by highlighting snippets within the notes. You can use them during the meeting to quickly flag action items or decisions, and then assign, comment, or query those items.

[Also read: In the new workplace, all we want is a chance to Flow and grow]

Why this matters

I think most people can remember when in-person meetings became something like vast workplace icebergs looming into your schedule. You’d know that no matter how busy you happened to be, for the entire period of that meeting you’d get nothing done. You’d sit in a meeting room with your teams to listen to the most dominant voices (and the rare and often-ignored quiet ones) and if you were lucky, someone might remember to take notes.

Poorly managed meetings become a colossal waste of time. This kind of meeting etiquette has been forced to change with the advent of the pandemic. Not only did workers quickly find that taking notes was incredibly important for there to be any chance to make meetings effective, but collaboration software providers soon saw the need to integrate with other solutions to make meeting time productive. Zoom Marketplace (where Otter is also available) is an illustration of how that company recognized this.

Liang said Otter’s primary mission is to make communication productive. Given the root of the solution is AI, he explained: “One way of doing that is turning voice conversations into automated actionable insights,” he said.

To get some sense of the approach Liang’s company is taking, he pointed to Automatic Outlines, another new tool currently in beta with business users. It’s a simple but incredibly useful solution to automatically create a meeting summary, “so you and your colleagues can easily access a summary of what was discussed.”

The final score?

No one ever really needs to leave a meeting without notes again – and you don’t even need to be at a meeting to gain insight into what happened.

In my opinion, the steady confluence of all these technologies means remote meetings will soon become more effective than in-person interactions, because the technology has evolved to augment in-meeting communication with tools to support the realization of the intent.

How much it costs

Not all the new features are available to every user. Otter offers four pricing tiers, the Basic free service, Pro ($8.33 per month), Business ($20 per month) and an Enterprise tier, which is negotiated with large clients. Of the new features, Basic users can access Meeting Gems.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Have you recently been on a video confefence call, hit the “mute” button and then offered up some nasty comments about a client or a colleague — or even the boss?

Or maybe while in a conference room with colleagues — muted — and pointed out that some proposed action would violate the terms of a secret acquisition in its final stages?

If you were comfortable that the mute button was actively protecting your secret, you shouldn’t have been.

Thanks to some impressive experimentation and research from a group of academics at the University of Wisconsin-Madison and Loyola University Chicago, utterances made while the app is in mute are still captured and saved into RAM.

On one level, this is something we all already knew. When a user is muted and says something, most videoconferencing apps will display a note alerting the user that they’re talking while muted. How could it say that if it weren’t listening while the mute button is on? 

Just as Apple’s Siri or Amazon’s Alexa are always listening for a command word, so, too, are those “muted” applications. 

The real question is whether those captured utterances are at meaningful risk for being accessed by an attacker or an insider. First, anything saved in volatile memory is lost — theoretically — the instant the machine restarts or shuts down. Therefore, we are looking at the exposure after the utterance is made and before that machine restarts. Depending on the user’s behavior, that timeframe might be a few hours, a couple of days — possibly multiple weeks. 

Generally, stealing data from volatile memory is difficult, but not impossible. As the report authors said in a group interview, if a bad guy gets into volatile memory, the user and the enterprise have a lot bigger concerns than some saved utterances during a mute. Still, it could happen.

The mute issue is solely based on the app and how it handles such data.

One of the lead authors of the report is Kassem Fawaz, an assistant professor in the Electrical and Computer Engineering Department at the University of Wisconsin-Madison who is also affiliated with Wisconsin’s Computer Sciences Department. 

“The main implications have to do with the inherent trust users are placing in these videoconferencing apps,” Fawaz said. “We did not find evidence of audio leaving the user’s devices. The only exception was telemetry data leaving from Cisco Webex, which has been fixed since our disclosure to Ciscom. However, even when the user presses the mute button, the app still has access to the audio stream and the user is trusting that the app is well-behaved. The other implication is that the mute functionality — similar to turning off the camera — should not be left to the app, but should be either OS-controlled or hardware-controlled.”

Fawaz’s point about the camera is that the team found that a camera “off” button truly halted any video from being captured in any way. Not so much with audio. Sometimes, the browser can make a difference.

“On Chrome, mute means mute,” Fawaz said. “We can’t say about Safari or Firefox.”

The university’s report was mostly about trust in the app makers. If the vendors are acting honorably and respecting privacy, cybersecurity, and security compliance issues, then the risk is minimal. If they are not acting that way, users and enterprises could be in trouble.

The report didn’t draw conclusions on how the app makers were behaving, but merely stressed that each one can go in its own direction.

That said, the rules of secrecy and even the rules of being a nice person should apply here. With the imminent-acquisition scenario, if you’re not allowed to discuss certain details, don’t say them in front of a microphone with outsiders regardless of what the mute toggle displays. As for being nice, how about not saying nasty comments about your colleagues or clients at all? 

The cardinal rule of email and security/compliance is, “Before you type an email/message, envision yourself testifying to it in open court. If that makes you uncomfortable, don’t type it.” It’s not a far leap to extend that rule to speaking something in front of a microphone. 

For example, I use an Apple Watch. Several times during a typical day, it will say loudly “I didn’t understand that” or “Here’s what I found on that topic.” Although it is highly annoying and frustrating, it’s an effective reminder that I need to take that watch off before saying anything that I don’t want the world to know.

You need to keep in mind the same thing when using a mobile device or a desktop device — especially while using a videoconferencing app.

Amid the on-going coronavirus pandemic, 2021 followed in the footsteps of its predecessor, continuing to be an unpredictable, and at times incredibly difficult, year. But one thing that stayed constant was the steady flow of mergers and acquisitions (M&A) across the tech sector.

According to research by Global Data, global tech M&A deals had already neared $3 trillion by Q3, largely supported by the tech, media, and telecom sectors. Although nothing rivalled Xilinx’s $35 billion acquisition of Advanced Micro Devices in 2020, last year did see Intuit buy Mailchimp for $12 billion and Square splash out a princely sum — $29 billion — for Afterpay.

GlobalData

As for whether 2022 will maintain last year’s pace, early signs seem to suggest there will be no slowing of big deals across the industry, with cybersecurity and collaboration software already proving to be hot areas.

Here are the biggest enterprise technology acquisitions of 2022 so far, in reverse chronological order:

April 25: Elon Musk buys Twitter for $44B

Nine years after going public, and eleven days after billionaire Elon Musk first made an offer to buy Twitter, the social media network announced it would become a privately owned company once again.

The purchase price totals an eye-watering $44 billion and is includes of $21 billion of Musk’s own money, alongside debt funding from Morgan Stanley and other financial institutions. The purchase price represents a 38% premium to Twitter’s closing stock price on April 1.

Despite initially declining Musk’s offer and enacting anti-takeover measures, the board ultimately decided to accept Musk’s offer once it saw confirmed funding for the acquisition.

In a company statement, Bret Taylor, Twitter’s independent board chair, said: “The Twitter Board conducted a thoughtful and comprehensive process to assess Elon’s proposal with a deliberate focus on value, certainty, and financing. The proposed transaction will deliver a substantial cash premium, and we believe it is the best path forward for Twitter’s stockholders.”

April 11: Kaseya buys Datto for $6.2B and takes the company private

Security software company Kaseya has agreed to buy Datto for $6.2 billion and will take the company private again, after it listed on the New York Stock Exchange in 2020. Datto was founded in 2007 and provides data backup and security software, primarily to managed service providers.

“This is exciting news for Kaseya’s global customers, who can expect to see more functional, innovative and integrated solutions as a result of the purchase,” said Fred Voccola, Kaseya’s CEO.

April 5: AMD acquires Pensando for $1.9B

Chipmaker AMD has announced the acquisition of Pensando for approximately $1.9 billion.

Pensado specializes in data processing unites (DPUs), which include intelligent, programmable software to support the software-defined cloud, compute, networking, storage, and security services that could be rolled out quickly to edge, colocation, or service-provider networks.

“There are a wide range of use cases—such as 5G and IoT—that need to support lots of low-latency traffic,” Soni Jiandani, Pensando cofounder and chief business office told Network World last November. “We’ve taken a ground-up approach to giving enterprise customers a fully programmable system with the ability to support multiple infrastructure services without dedicated CPUs.”

March 29: Celonis acquires Process Analytics Factory

Process mining specialist Celonis is acquiring fellow German software firm, Process Analytics Factory, for a reported $100 million.

Up until now, Celonis has been focused on helping enterprises optimize processes around their ERP systems — and more recently has branched out to help them optimize their use of workflow automation platforms, too. Now it is acquiring Process Analytics Factory to improve its process mining offering and help enterprises automate with Microsoft’s Power Platform.

In October 2020 Celonis launched its Execution Management System (EMS) to visualize and design more efficient processes, and in April 2021 it formed a partnership with Microsoft to deliver process analytics through Power BI and to integrate its process improvement tools with Microsoft power Platform. Then, in October 2021, it partnered with ServiceNow to deliver process mining capabilities to the Now platform. It also has technology partnerships with Appian, Coupa, IBM, Oracle, Salesforce, Snowflake, Splunk, and a handful of other software vendors.

March 28: HP to acquire Poly for $3.3B

HP has announced it is acquiring Poly, a company that specializes in video and audio equipment, for a purchase price of $1.7 billion, with a total transaction value of $3.3 billion, including debt. The deal is expected to close by the end of 2022.

The acquisition is set to accelerate HP’s foray into the world of hybrid work, coming eight months after the company purchased remote desktop software provider Teradici.

Founded in 1990 and originally named Polycom, the company was acquired by headset maker Plantronics in 2019, after which the two newly merged companies rebranded themselves as Poly. Since then, the company has focused on providing enterprise-grade collaboration products, such as meeting room speakers and cameras, webcams, headsets, and software.

“The rise of the hybrid office creates a once-in-a-generation opportunity to redefine the way work gets done,” said Enrique Lores, president and CEO of HP. “Combining HP and Poly creates a leading portfolio of hybrid work solutions across large and growing markets. Poly’s strong technology, complementary go-to-market, and talented team will help to drive long-term profitable growth as we continue building a stronger HP.”

March 23: Apple acquires UK fintech startup Credit Kudos

Apple is acquiring the UK-based fintech startup Credit Kudos for an undisclosed amount. Credit Kudos last raised £5 million ($6.5 million) in funding in April 2020.

Neither Credit Kudos or Apple could be reached to confirm the deal, which was first reported by the crypto-focused publication The Block, citing three sources close to the deal.

Credit Kudos is a challenger credit bureau that uses machine learning and real-time data to build up a fuller picture of a person’s credit score, rather than traditional agencies, which typically rely on older information such as bank and utility statements to build a profile.

The firm has also benefitted from the recent wave of open banking regulations across the globe, which aim to open up consumer financial data via a set of secure application programming interfaces (APIs). Credit Kudos provides this data to clients for services such as affordability and risk assessments.

It is unclear what Apple plans to do with Credit Kudos, but the company has invested significantly in its fintech capabilities over recent years — in particular, its mobile Apple Pay wallet and its Apple Card credit card, which is currently only available in the US and was built in partnership with Goldman Sachs.

March 8: Google buys cybersecurity company Mandiant

Google will acquire cyberdefense and response firm Mandiant for $5.4 billion, in a move to offer an end-to-end security operations suite and advisory services from its cloud platform.

“Cybersecurity is a mission, and we believe it’s one of the most important of our generation,” Mandiant CEO Kevin Mandia said in a statement announcing the acquisition. “Google Cloud shares our mission-driven culture to bring security to every organization. Together, we will deliver our expertise and intelligence at scale via the Mandiant Advantage SaaS platform, as part of the Google Cloud security portfolio.”

March 3: Snowflake buys Streamlit for $800M

Data cloud company Snowflake has acquired Streamlit for $800 million, enabling developers and data scientists to build apps using tools with simplified data access and governance.

Streamlit’s open-source framework allows developers and data scientists to build and share data apps quickly and iteratively, without the need to be an expert in front-end development. According to Streamlit, the platform has had more than 8 million downloads and more than 1.5 million applications have been built using it.

“At Snowflake, we believe in bringing together open standards and open source with industry-leading data governance and security,” Snowflake Co-Founder and President of Products Benoit Dageville said in a statement announcing the acquisition. “When Snowflake and Streamlit come together, we will be able to provide developers and data scientists with a single, powerful hub to discover and collaborate with data they can trust to build next generation data apps and shape the future of data science.”

Feb. 28: Rakuten Symphony acquires Kubernetes platform Robin.io

The recently launched telco-focused arm of Japan’s Rakuten Group, Rakuten Symphony, has acquired Robin.io, a startup offering a Kubernetes platform optimized for storage and complex network applications.

The two companies did not disclose the price of the acquisition. Since first launching, Robin.io has moved beyond its original focus on storage to offer a more full-featured Kubernetes platform, providing large telcos with ways of  automating 5G services applications on Kubernetes and orchestrating private 5G and LTE deployments.

“Robin.io’s technology innovations over the last several years will now get a much bigger canvas to lead the vision for cloud-native transformation for the industry. Our vision to deliver simple to use, easy to deploy hyperscale automation is very well aligned,” said Robin.io CEO Partha Seetala.

Feb. 24: Cloudflare acquires security startup Area 1 Security

Cloudflare announced plans to acquire Area 1 Security for around $126 million, using both cash and stock to fund the acquisition.

Cloudflare has its own suite of zero-trust security products designed to prevent data loss, malware and phishing attacks, even when employees aren’t using their office network or a VPN. This deal will see the company add email security to this portfolio.

Area 1 Security has developed a product that stops phishing attacks sent via email before they reach an inbox. The company claims to have blocked more than 40 million phishing attempts in 2021 alone.

Cloudflare cCo-founder and CEO Matthew Prince said in a statement: “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”

Feb. 15: Intel to acquire Tower Semiconductor

Intel announced plans to acquire Tower Semiconductor for $5.4 billion, giving it access to more specialized production as it looks to take advantage of growing demand for semiconductors. The deal has been approved by both company boards, but is expected to take as long as 12 months to move through the normal regulatory channels.

Intel announced last year that it was planning to enter the foundry market to produce chips designed by their customers. Tower has been investing in multiple locations in recent years to boost capacity for 200- and 300-millimeter chips. It serves “fabless” companies, who design chips but outsource manufacturing, and integrated device manufacturers.

Intel CEO Pat Gelsinger sees the move as a good fit for the company’s vision. “Tower’s specialty technology portfolio, geographic reach, deep customer relationships and services-first operations will help scale Intel’s foundry services and advance our goal of becoming a major provider of foundry capacity globally,” he said in a statement.

Feb. 15: Akamai acquires Linode for $900M

Akamai has entered into an agreement to acquire Linode, an infrastructure-as-a-service (IaaS) platform provider, for approximately $900 million. Akamai reportedly expects Linode to add about $100 million in revenue for FY22.

Founded in 2003, Linode has positioned itself as an IaaS alternative to public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Unlike many of its competitors, Linode says it had not raised outside funding, boasting it “has successfully run a profitable business since [its] inception.”

“The opportunity to combine Linode’s developer-friendly cloud computing capabilities with Akamai’s market-leading edge platform and security services is transformational for Akamai,” Akamai CEO and co-founder Tom Leighton said  in a statement. “Akamai has been a pioneer in the edge computing business for over 20 years, and today we are excited to begin a new chapter in our evolution by creating a unique cloud platform to build, run and secure applications from the cloud to the edge.”

Jan 31: Citrix to be acquired by private equity firms for $16.5B

Cloud computing and virtualization company Citrix is being acquired by private equity firms Vista Equity Partners and Evergreen Coast Capital for $16.5 billion. It’s been reported that Vista plans to combine Citrix with Tibco, which it acquired in 2014 for $4.3 billion.

The all-cash deal will see the publicly traded Citrix go private and will include the assumption of Citrix’s debt, the companies said.

Apple will discontinue the Fleetsmith Mobile Device Management (MDM) service in October and is warning businesses using the service to find another MDM provider.

Apple and Fleetsmith, a short history

Apple acquired Fleetsmith in June 2020. At the time, it was understood the company wanted to improve what it offered to small business users. “The weakest spot for Apple in business has always been for the small businesses who just want to get started,” Jamf CEO Dean Hager told me soon after Apple Business Essentials was revealed.

When I spoke with Fleetsmith co-founder Zack Blum in 2018, he said:

“Apple’s biggest accomplishment and contribution to enterprise technology has been bringing mobile to the enterprise. Apple has raised the bar in delivering well-designed product experiences, as well as hardware and OS security.”

Replacing Fleetsmith

Many small and mid-sized business (SMB) users might be served by Apple Business Essentials, which leverages some of the technologies Apple took from Fleetsmith. However, for more complex deployments, there’s a rich industry of sophisticated MDM systems.

Thankfully, following more than a decade of steady growth in Apple deployments in the enterprise, Fleetsmith customers seeking an alternative MDM vendor are increasingly spoiled for choice.

Founded in 2002 and used at SAP, IBM and perhaps even at Apple, Jamf was early to identify the emerging Apple in business opportunity and remains the clear market leader with a range of services, including powerful Zero Trust solutions.

But Jamf isn’t the only game in town. Reflecting Apple’s growth in the sector, the stable of Apple-focused MDM providers is expanding quite rapidly.

That’s great, as many businesses have quite unique needs, so the plethora of choices means even the most unique business has an opportunity to identify a vendor suitable for the business they run. Companies including Jumpcloud, Addigy, Hexnode, Kandji, Citrix, MobileIron and many others are all competing with Jamf to support the enterprise.

What is driving Apple in the enterprise?

This growing network of players has emerged in response to the consumerization of IT, which continues to transform business technology. A new 451 Research study I’ve seen claims that about 25% of SMBs plan to invest in their digital transformation strategy moving forward, following substantial hardware investments across the last two years.

MDM is a critical element to any such strategy.

Of course, when it comes to the proliferation of Apple kit in enterprise IT, you can justifiably argue this first began to accelerate following introduction of the iPhone in 2007, which soon spawned the BYOD (Bring Your Own Device) trend. As the Apple smartphone became more widely used in the enterprise, iPad and Mac deployment soon followed.

This desire for a consumer-simple experience in enterprise IT has also nurtured the emergence of employee-choice schemes, as discussed here, here, and here.

One recent survey (commissioned by Jamf) claimed Apple users had a better experience with their chosen platform, reporting improvements in productivity (87%), self-sufficiency (87%), and creativity (86%).

Ways of seeing

The way business leaders see Apple kit has changed dramatically in the last decade or so. The days when tech leaders could mock the company’s offerings really came to an end when Microsoft’s then-CEO, Steve Ballmer faced a room full of Mac-using journalists at a press event.

Today, while business leaders continue to see Apple hardware as a more expensive initial investment, it has become crystal clear that the cost of ownership over the usable lifecycle more than makes up for that.

In other words, this side of the market has grown and will continue to grow, and with almost every Fortune 500 firm now supporting Apple devices, it’s unlikely to decline any time soon.

Farewell Fleetsmith, hello new world of enterprise IT

Apple knows this, of course, and while the shuttering of Fleetsmith suggests the company will continue to nurture the third-party MDM services market, it still means existing Fleetsmith customers must now prioritize finding an alternative MDM provider.

As explained in this Apple tech support note, Fleetsmith will cease on Oct. 21, after which devices will no longer receive configuration profiles. The service no longer accepts new customers.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

The California State Assembly is considering new rules that would offer workers greater protection from the use of digital monitoring tools by employers.

The “Workplace Technology Accountability Act” (AB 1651), introduced by Assemblymember Ash Kalra, would create a way to protect workers against the use of technologies that can negatively affect privacy and wellbeing.

The bill would “establish much needed, yet reasonable, limitations on how employers use data-driven technology at work,” Kalra told the Assembly Labor and Employment Committee on Wednesday. “The time is now to address the increasing use of unregulated data-driven technologies in the workplace and give workers — and the state — the necessary tools to mitigate any insidious impacts caused by them.”

The use of digital surveillance software grew during the pandemic as employers sought to track employees’ productivity and activity when working from home, installing software that uses techniques such as keystroke logging and webcam monitoring.

Digital monitoring and management is being used across a variety sectors, with warehouse staff, truck drivers and ride-hailing drivers subject to movement and location tracking for example, with decisions around promotions, hiring and even firing made by algorithms in some cases.

The bill, which was approved by the committee on a 5-2 vote and now moves to the Appropriations Committee for more debate, makes three core proposals:

• To ensure employees are notified prior to the collection of data and use of monitoring tools and deployment of algorithms, with the right to review and correct collected data.
• To limit the use of monitoring technologies to job-related use cases and valid business practices.
• To require employers to conduct impact assessments, with worker input, on the use of algorithms and data collection to identify potential harms and discriminatory impacts.

Kalra said the bill would not result in a widespread ban of technologies, only “dangerous” tools such as facial and emotion recognition. His concerns echo those of a UK union group, The Trades Union Congress, which surveyed workers about the prospect of monitoring and raised reg flags about the tactic.

“Worker surveillance tech has taken off during this pandemic – and now risks spiralling out of control,” Frances O’Grady, TUC general secretary, said in a statement last month.

Among those opposing the measure is the California Chamber of Commerce.

“Based on our initial review…, quite frankly the bill is unworkable,” said Ashley Hoffman, policy advocate at the California Chamber of Commerce. The business group argues it would place unnecessary demands on employers to store and review collected data and ensure technologies are compliant, while potentially hitting small business employers with penalties up to $20,000 for violations.

Regulating workplace management and monitoring technologies is an growing priority for lawmakers in the US and in Europe. Although though the General Data Protection Regulation put in place some rules against the misuse of worker data by employers, the European Commission recently drafted proposals that would offer greater protection to gig workers that are supervised by algorithms.

The bill’s prospects for passage by the full Assembly were not immediately clear. If passed and signed into law, it would apply to all businesses that use monitoring tools and could have ripple effects beyond just California. The state is home to many big tech firms and often adopts worker protection measures that could similar legislation in other states.

We often think vendors are perfect. They have backups. They have redundancy. They have experts who know exactly how to deploy solutions without fail. And then we see they aren’t any better than we are.

Let’s look at a few recent examples.

In the small to mid-sized business (SMB) space, StorageCraft has long been a trusted backup software vendor. One of the first to make image backups easy to do, it was used and recommended by many managed service providers. After StorageCraft was acquired by Arcserve in March 2021, there were no immediate major changes in how the company ran.

Then, last month, a lot of backups in the cloud were permanently lost. As was reported by Blocks and Files, “During a recent planned maintenance window, a redundant array of servers containing critical metadata was decommissioned prematurely. As a result, some metadata was compromised, and critical links between the storage environment and our DRaaS cloud (Cloud Services) were disconnected. Engineers could not re-establish the required links between the metadata and the storage system, rendering the data unusable. This means partners cannot replicate or failover machines in our datacenter.”

As of April 16, the status report said: “All affected machines are now enabled with a buildup of recovery points occurring. All throttling has been turned off and uploads are working as normal. The time to replicate data will depend on each customer’s upload bandwidth and data volume.”

That doesn’t help if there was an older backup you wanted to keep in your cloud repository.

Next up, Atlassian, which indicated on April 4 that approximately 400 Atlassian Cloud customers experienced a full outage across their Atlassian products. As the company noted on its site:

“One of our standalone apps for Jira Service Management and Jira Software, called “Insight – Asset Management,” was fully integrated into our products as native functionality. Because of this, we needed to deactivate the standalone legacy app on customer sites that had it installed. Our engineering teams planned to use an existing script to deactivate instances of this standalone application. However, two critical problems ensued:

“Communication gap. First, there was a communication gap between the team that requested the deactivation and the team that ran the deactivation. Instead of providing the IDs of the intended app being marked for deactivation, the team provided the IDs of the entire cloud site where the apps were to be deactivated.

“Faulty script. Second, the script we used provided both the ‘mark for deletion’ capability used in normal day-to-day operations (where recoverability is desirable), and the ‘permanently delete’ capability that is required to permanently remove data when required for compliance reasons. The script was executed with the wrong execution mode and the wrong list of IDs. The result was that sites for approximately 400 customers were improperly deleted.”

While these incidents may not have directly affected you, it’s wise to use them as lessons to learn from.

First and foremost, always review (in either your contract with a vendor or the terms of licensing) what their responsibilities are and what remedies you may have should a problem occur. In both cases, StorageCraft and Atlassian will be abiding by the terms they agreed to. If you are a larger client, you can control the contract terms and the remedy at hand. If you’re a smaller client, the end user license agreement and the terms included in it control what the vendor will do. If you rely on a vendor and its services, plan on something going wrong at some point. The key is to review how vendors handle their mistakes rather than their successes.

Will they reimburse you for the value of your loss? Will they perform extraordinary actions to restore you to whole or near whole? Often, how quickly they fess up to what’s happened can be more important than how they handle your data.

In both cases, human error was to blame. I can still remember the time I was working on a DOS computer and accidentally typed in del *.* at the root of the C drive rather than under the subdirectory that I intended. Clearly, it’s a lesson that stays with me to this day. Whenever I am doing anything related to deletion, I always pause and ask whether I have a backup in case I make a mistake. I pause and check where I am performing the action. I ask myself if I am deleting the right item.

No matter whether you are a single user or handle a network of computers (either on-premises or in the cloud), always have a full backup. Consider having multiple ways you can recover data after a problem. From full backups to simple copies of directories, be flexible in having ways to recover data.

Next, if you are an MSP, urge your staff to double-check your scripts. Often, we re-use scripts and don’t audit them to ensure they still do what we intend. Reading about the details of the Atlassian failureis painful. Clearly, the teams didn’t communicate well and ended up accidentally deleting information they weren’t planning to delete. Communication when you are planning a major change to your infrastructure is key to success.

That goes for communications from vendors, too. I’m a Microsoft 365 user and I often rely on two different platforms to keep track of issues. The Microsoft 365 Twitter account allows me to get alerts when there are issues. (You can download the Twitter app and set it up to receive a push notification when there’s a status change.) Alternately, you can set up notifications from the message center to ensure you’re kept up to date. For any vendors you use regularly, check on whether they have any communication channels that will keep you up to date.

Remember that technology is driven by human decisions and humans make mistakes. Don’t assume mistakes won’t occur. Plan on what you’ll do when vendors make mistakes. After all, they’re only human.