Category Archives: Enterprise IT news

Enterprise IT news

Microsoft seeks broader developer appeal with Azure DevOps

Microsoft has rebranded its primary DevOps platform as Azure DevOps to reach beyond Windows developers or Visual Studio developers and appeal to those who just want a solid DevOps platform.

Azure DevOps encompasses five services that span the breadth of the development lifecycle. The services aim to help developers plan, build, test, deploy and collaborate to ship software faster and with higher quality. These services include the following:

  • Azure Pipelines is a CI/CD service.
  • Azure Repos offers source code hosting with version control.
  • Azure Boards provides project management with support for Agile development using Kanban boards and bug tracking.
  • Azure Artifacts is a package management system to store artifacts.
  • Azure Test Plans lets developers define, organize, and run test cases and report any issues through Azure Boards.

Microsoft customers wanted the company to break up the Visual Studio Team Services (VSTS) platform so they could choose individual services, said Jamie Cool, Microsoft’s program manager for Azure DevOps. By doing so, the company also hopes to attract a wider audience that includes Mac and Linux developers, as well as open source developers in general, who avoid Visual Studio, Microsoft’s flagship development tool set.

Open source software continues to achieve broad acceptance within the software industry. However, many developers don’t want to switch to Git source control and stay with VSTS for everything else. Over the past few years, Microsoft has technically separated some of its developer tool functions.

But the company has struggled to convince developers about Microsoft’s cross-platform capabilities and that they can pick and choose areas from Microsoft versus elsewhere, said Rockford Lhotka, CTO of Magenic, an IT services company in St. Louis Park, Minn.

Rockford Lhotka, CTO, MagenicRockford Lhotka

“The idea of a single vendor or single platform developer is probably gone at this point,” he said. “A Microsoft developer may use ASP.NET, but must also use JavaScript, Angular and a host of non-Microsoft tools, as well. Similarly, a Java developer may well be building the back-end services to support a Xamarin mobile app.”

Most developers build for a lot of different platforms and use a lot of different development languages and tools. However, the features of Azure DevOps will work for everyone, Lhotka said.

Azure DevOps is Microsoft’s latest embrace of open source development, from participation in open source development to integrating tools and languages outside its own ecosystem, said Mike Saccotelli, director of modern apps at SPR, a digital technology consulting firm in Chicago.

In addition to the rebranded Azure DevOps platform, Microsoft also plans to provide free CI/CD technology for any open source project, including unlimited compute on Azure, with the ability to run up to 10 jobs concurrently, Cool said. Microsoft has also made Azure Pipelines the first of the Azure DevOps services to be available on the GitHub Marketplace.

Blockchain solutions — and disruption — pondered at EmTech 2018

CAMBRIDGE — The World Bank, one of the most powerful financial institutions on the planet, is experimenting with blockchain as a tool to track agricultural goods and raise capital.

Gideon Lichfield, the editor in chief of the MIT Technology Review, found some irony in that.

“This technology that was invented by somebody whose true identity we still don’t know — Satoshi Nakamoto — specifically to take power away from financial institutions and put currency in the hands of the people is now being used by the ultimate, central, financial institution,” Lichfield told an audience at EmTech 2018, a conference focused on big data, artificial intelligence and technology.

The crowd gathered at MIT’s Media Lab had just heard from two thinkers in the increasingly mainstream field of blockchain, a method of distributed ledgers that can dramatically alter how transactions are made and verified.

Ledgers themselves date back to cuneiform records etched into tablets 7,000 years ago at the dawn of civilization, said Michael Casey, an author and senior advisor to the Digital Currency Initiative at Media Lab. If blockchain solutions decentralize financial ledgers in the future, that change could disrupt the flow of money into the world’s financial hubs. Using the 21st century version of the ledger, governments and other institutions could invest the money they save on financing in other causes.

The lack of trust in the record-keeping function has a huge impact on the world.
Michael Caseysenior advisor to the Digital Currency Initiative, MIT Media Lab

“If they could raise money more cheaply, you’d have a lot more funds to put into education, to put into health,” Casey said. “Why should [the cost of financing] go into the hands of a large investment bank when it could be going back to the poor?”

Blockchain solutions could also help the so-called underbanked and unbanked gain access to financial services. Distributed ledgers accrue credibility by replicating transaction records across a network of computers. Casey said that credibility could benefit people in places like Nairobi, Kenya, who have difficulty leveraging value from their real estate because banks distrust their property records.

“The lack of trust in the record-keeping function has a huge impact on the world,” he said.

The World Bank's Prema Shrikrishna and MIT Media Lab's Michael Casey discuss blockchain's potential at EmTech 2018.
The World Bank’s Prema Shrikrishna and MIT Media Lab’s Michael Casey discuss blockchain’s potential to provide a new model of trust at EmTech 2018.

World Bank experiments with blockchain solutions

The altruistic applications of blockchain were a focus of Casey’s EmTech talk with Prema Shrikrishna, who works on blockchain projects at World Bank Group.

Teaming up with the International Finance Corporation, the World Bank is currently designing a blockchain architecture to track oil palm from the farm to mills, where it becomes palm oil — an agricultural staple in everything from chocolate to candles. By tracking the origin of the raw material, most of which is produced in Indonesia, blockchain could reward farmers for sustainable practices, according to Shrikrishna.

Among other World Bank experiments with blockchain: 

Education. The World Bank is developing a system for rewarding students playing an educational game called Evoke, which is designed to teach skills for success in modern society, Shrikrishna said.

Vaccine management. In December, Oleg Kucheryavenko, a public health professional who works with the World Bank, wrote on the institution’s blog that blockchain could provide a “cost-effective solution” for vaccine distribution. Vaccines have a shelf-life, Kucheryavenko wrote, and the supply chain is “too complex to be taken for granted, with vaccines changing ownership from manufacturers to distributors, re-packagers and wholesalers before reaching its destination.”

Financing. In August, the World Bank sold blockchain-enabled bonds through the Commonwealth Bank of Australia, which raised about $80.5 million, according to Reuters.

Blockchain’s best use cases

Members of the audience at the talk had varying aspirations for blockchain’s use.

Rahul Panicker, chief innovation officer at Wadhwani Institute for Artificial Intelligence, which focuses on technological solutions to large-scale societal problems, believes blockchain can be harnessed for humanitarian causes.

“It was very encouraging to see an organization like the World Bank being willing to look at these frontier technologies, and especially a technology like blockchain that has the ability to reduce friction in the financial system,” said Panicker, after attending the talk. “The whole purpose of blockchain is actually to minimize the burden of trust. The cost of trust is especially high in the developing world, so the fact that organizations like the World Bank are willing to look at this can mean big things for the disempowered.”

Tom Hennessey, an attendee, posited that financial settlement was the most readily available application.

Tomas Jansen, of Belgium’s Federal Agency for the Reception of Asylum Seekers, said a lot of refugees arrive in Europe without identification papers because they belong to a marginalized group or lost their documents. Jansen wanted to hear ideas from the blockchain experts on how to address those problems.

Shrikrishna sidestepped the political ramifications, but she noted that World Bank has a program called Identification for Development that is working on integrating ID databases and creating an identity that would be “portable across borders.”

She said the World Bank is “technology agnostic” in seeking to solve problems around the globe, and stressed that the financial institution’s approach with blockchain has been both “very cautious” and “very experimental.”

Blockchain disruption

World Bank is hardly alone in its exploration of blockchain solutions to solve problems and change how business is done. Analysts expect blockchain to have a major impact on businesses, which are eyeing its potential to manage supply chains, verify documents, and trade securities. The firm Gartner estimates blockchain will add $3.1 trillion to the world economy by 2030. Some industry sectors have been quicker than others to start experimenting.

Describing blockchain as at an “inflection point,” a recent report by the consultancy Deloitte found that financial services executives are “leading the way in using blockchain to reexamine processes and functions that have remained static for decades,” and emerging players are using blockchain to challenge traditional business models.

Meanwhile, blockchain’s most developed use case — bitcoin — is driving most of the interest in the technology, while taking those invested in the cryptocurrency on a roller coaster ride.

So far development of a “stable coin” has been a “difficult nut to crack,” according to Casey, who used to cover currencies for The Wall Street Journal.

To stabilize the tender, a coin could be pegged to other metrics, or it could be backed by a reserve of funds to try to create more stability, Casey said. One way or another, he predicted, developers will find success.

“Something’s going to work. Something’s going to break as well,” Casey said.

Mature DevSecOps orgs refine developer security skills training

BOSTON — IT organizations that plan to tackle developer security skills as part of a DevSecOps shift have started to introduce tools and techniques that can help.

Many organizations have moved past early DevSecOps phases such as a ‘seat at the table‘ for security experts during application design meetings and locked-down CI/CD and container environments. At DevSecCon 2018 here this week, IT pros revealed they’ve begun in earnest to ‘shift security left’ and teach developers how to write more secure application code from the beginning.

“We’ve been successful with what I’d call SecOps, and now we’re working on DevSec,” said Marnie Wilking, global CISO at Orion Health, a healthcare software company based in Boston, during a Q&A after her DevSecCon presentation. “We’ve just hired an application security expert, and we’re working toward overall information assurance by design.”

Security champions and fast feedback shift developer mindset

Orion Health’s plan to bring an application security expert, or security champion, into its DevOps team reflects a model followed by IT security software companies, such as CA Veracode. The goal of security champions is to bridge the gap and liaise between IT security and developer teams, so that groups spend less time in negotiations.

“The security champions model is similar to having an SRE team for ops, where application security experts play a consultative role for both the security and the application development team,” said Chris Wysopal, CTO at CA Veracode in Burlington, Mass., in a presentation. “They can determine when new application backlog items need threat modeling or secure code review from the security team.”

However, no mature DevSecOps process allows time for consultation before every change to application code. Developers must hone their security skills to reduce vulnerable code without input from security experts to maintain app delivery velocity.

The good news is that developer security skills often emerge organically in CI/CD environments, provided IT ops and security pros build vulnerability checks into DevOps pipelines in the early phases of DevSecOps.

Marnie Wilking at DevSecCon
Marnie Wilking, global CISO at Orion Health, presents at DevSecCon.

“If you’re seeing builds fail day after day [because of security flaws], and it stops you from doing what you want to get done, you’re going to stop [writing insecure code],” said Julie Chickillo, VP of information security, risk and compliance at Beeline, a company headquartered in Jacksonville, Fla., which sell workforce management and vendor management software.

Beeline built security checks into its CI/CD pipeline that use SonarQube, which blocks application builds if it finds major, critical or limiting application security vulnerabilities in the code, and immediately sends that feedback to developers. Beeline also uses interactive code scanning tools from Contrast Security as part of its DevOps application delivery process.

“It’s all about giving developers constant feedback, and putting information in their hands that helps them make better decisions,” Chickillo said.

Developer security training tools emerge

Application code scans and continuous integration tests only go so far to make applications secure by design. DevSecOps organizations will also use updated tools to further developer security skills training.

Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools.
Mark FelegyhaziCEO, Avatao.com Innovative Learning Ltd

“Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools,” said Mark Felegyhazi, CEO of Avatao.com Innovative Learning Ltd, a startup in Hungary that sells developer security skills training software. Avatao competitors in this emerging field include Secure Code Warrior, which offers gamelike interfaces that train developers in secure application design. Avatao also offers a hands-on gamification approach, but its tools also cover threat modeling, which Secure Code Warrior doesn’t address, Felegyhazi said.

Firms also will look to internal and external training resources to build developer security skills. Beeline has sent developers to off-site security training, and plans to set up a sandbox environment for developers to practice penetration testing on their own code, so they better understand the mindset of attackers and how to head them off, Chickillo said.

Higher education must take a similar hands-on approach to bridge the developer security skills gap for graduates as they enter the workforce, said Gabor Pek, CTO at Avatao, in a DevSecCon presentation about security in computer science curricula.

“Universities don’t have security champion programs,” Pek said. “Most of their instruction is designed for a large number of students in a one-size-fits-all format, with few practical, hands-on exercises.”

In addition to his work with Avatao, Pek helped create a bootcamp for student leaders of capture-the-flag teams that competed at the DEFCON conference in 2015. Capture-the-flag exercises offer a good template for the kinds of hands-on learning universities should embrace, he said, since they are accessible to beginners but also challenge experts.

Verizon 5G rollout could change broadband competition

Verizon has chosen to temporarily forego standards and launch a proprietary 5G internet service to homes in four U.S. cities. The rush to market could start generating a return from the billions of dollars spent on developing the fifth-generation wireless technology.

Verizon introduced its 5G Home service this week and said it would be available Oct. 1 in select neighborhoods in Houston, Indianapolis, Los Angeles and Sacramento, Calif. The service provider promised a baseline speed of about 300 Mbps, which is significantly higher than Verizon’s current fiber optic service, Fios.

Customers covered in the Verizon 5G rollout could experience speeds close to 1 Gbps if they are in a favorable location relative to Verizon’s 5G small cell site that broadcasts the wireless signal to the home.

Verizon plans to charge wireless subscribers $50 a month for the 5G service and nonwireless subscribers $70 a month. Verizon won’t charge for the first three months of service or for the 5G router and its installation in the home.

The promotional deal makes the 5G offering similar in pricing to the internet service Verizon currently provides through its Fios product, which delivers speeds of only about 100 Mbps or less, said Tom Nolle, principal analyst at technology consulting firm CIMI Corp., based in Township, N.J., in a research note.

“I think Verizon will be moving to normalize their pricing across FiOS and 5G, which could give Verizon users the best internet bargain out there today,” Nolle wrote.

Verizon 5G rollout using nonstandard gear

The home and cell site gear used in the Verizon 5G rollout are temporary. The company plans to replace the proprietary 5G equipment with devices built around universal standards set by the 3rd Generation Partnership Project (3GPP). Verizon will replace the equipment as suppliers deliver standard gear.

Verizon is willing to forego standards initially to be quick to market with 5G internet services and to start generating revenue as soon as possible, said Rajesh Ghai, an analyst at IDC.

“This is a brand-new service for Verizon — incremental revenue,” he said. “They’re not going to eat into anything they’re already selling. They don’t have to get their existing customer base to adopt it.”

Because 5G is a fixed-wireless technology, Verizon can compete against cable companies and rival AT&T without having to bring a cable connection to homes or apartment buildings.

“If you have broadband deliverable to homes over the air, then it becomes a lot faster for a customer to provision the service,” Ghai said. “You get the box from Verizon, and it’s ready to go.”

Indeed, Verizon has made ordering the service easy by launching a website for would-be subscribers.

Verizon 5G rollout includes TV over IP

Verizon’s handling of TV over IP (TVoIP) through the 5G service is also significant. Subscribers get Google’s YouTube TV at no charge for the first three months and then have the option of continuing the service for $40 a month.

The offer shows Verizon is experimenting with TVoIP without having to buy a content provider. “If they like what happens, they could shift FiOS to TVoIP too, and drop a lot of cost along the way,” Nolle said. Also, Verizon could collect user data and website activity on the 5G service and use the information in other applications, such as ad selection.

What’s in it for the enterprise at 2018 Apple event? Apple Watch, AR

Early September has become synonymous with the unveiling of new Apple devices.

Past Apple events have oozed with intrigue and sparkled with innovation. This year’s event, while impressive in parts, seemed to land with a shrug — more on that later.

On the docket at the 2018 Apple event: three new iPhone models, a new medical-grade Apple Watch and improvements to Apple’s ARKit 2 to allow for more immersive augmented reality experiences, among other things.

The biggest news at the 2018 Apple event for enterprise’s revolved around the Watch Series 4, not the new iPhones, said Tuong Nguyen, principal research analyst at Gartner. New built-in electrocardiogram, or ECG, and heart rhythm features are compelling, but what’s even more interesting to him is the device has Food and Drug Administration approval — something Nguyen said he sees as a true differentiator and selling point.

“Approval potentially clears the way for a number of things, including more users [being] amenable to adopting the Watch because of the implied effectiveness that comes with the approval; it potentially opens the door for insurance providers to evaluate the device for coverage purposes; and it could spur competition to get approval, as well,” he said.

That’s all good news for the smartwatch industry, which has struggled in the past. But what’s it mean for the enterprise?

So far, adoption of smartwatches and other health wearables hasn’t been huge, Nguyen said. But this renewed interest may force enterprises to take a closer look at how to manage such devices and the data on it. 

“This may involve changes in staffing, skill sets and infrastructure,” he said. “If insurance providers get involved, it might also be another way to incentivize employees to ‘get moving,’ as Apple puts it, which will make the impact on IT more urgent, as well.”

Annette Zimmermann, research vice president at Gartner, said she also sees the new Watch’s emergency call function — which detects a fall and automatically calls emergency services after one minute of immobility — as a great feature for enterprises with remote workers.

“I’ve talked to a lot of IT leaders over the past 12 months that want to track lone workers and look for technology with what they call a ‘man down incident’ response. The Apple Watch Series 4 can help with this use case,” Zimmermann said.

Where’s the spark?

Industry analysts, by and large, dismissed the 2018 Apple event as big on aggrandizement and short on surprises. The touted improvements were judged more additive than earthshaking.

Smartphones — including Apple’s — have gotten so good that it’s difficult for most people to tell the difference or care.
Tuong Nguyenprincipal research analyst at Gartner

“For me, it looked like [Apple unveiled] incremental, bigger and more expensive devices,” said Forrester Research analyst Jeffrey Hammond, who added that nothing shown at the event stood out to him as particularly impactful.

Gartner’s Nguyen said he was also underwhelmed by this year’s Apple event, which some have even begun calling “one of the most disappointing iPhone launches in recent memory.”

“I don’t think there was much to share in terms of what is that much better on the S models,” he said. “Smartphones — including Apple’s — have gotten so good that it’s difficult for most people to tell the difference or care; so, often times, buying new phones comes down to prestige. As in, I have to tell you it’s the latest [iteration of a device], because you may not notice otherwise.”

Part of the issue is our rising expectations, said R Ray Wang, principal analyst at Constellation Research. We often expect grand, innovative strides forward, but mobile technology has advanced so much that perhaps all we should really expect from here on out are incremental improvements. Even if more newsworthy technology advancements do exist out there in the ether, cost is often a limiting factor in what can go into a wide-release device.

“For example, while the technology for a clear-glass iPhone is there, it’s way too expensive,” Wang said.  “Having a camera on the Apple Watch would be awesome, but that’s still not cost-effective.”

Time will tell how much longer this near-term, incremental strategy help Apple differentiate itself from its competitors.

Don’t forget about AR

The part of this 2018 Apple event that stood out the most to Alan Lepofsky, principal analyst at Constellation Research, was Apple’s continued focus and innovation around augmented reality. While images of headsets for virtual reality are perhaps more common due to their proliferation in science fiction, Lepofsky said AR offers far more practical impact, with a fraction of the barriers to entry.

“With iPhones and ARKit, it is simple for people to enhance what they see on screen with augmented data and insights,” Lepofsky said. “While most of the applications available today are for use in our personal lives, I expect to see an explosion of business-related applications coming soon.”

Hammond agreed there were some interesting AR demos that have potential, but he said AR on a phone or tablet is always going to hit a certain level of immersiveness and struggle to move beyond it. “So, I fear we may be in this cycle of incremental releases until we get truly decent hands-free devices as our next big leap,” Hammond said.

Researchers bring back cold boot attacks on modern computers

It’s 2008 all over again as researchers have found a way to leverage cold boot attacks against modern computers to steal sensitive data from lost or stolen devices.

Olle Segerdahl and Pasi Saarinen, security consultants for F-Secure, developed the new cold boot attack method and claim it “will work against nearly all modern computers,” including both Windows and MacOS devices.

In classic cold boot attacks, threat actors could recover data stored in RAM after a computer was improperly shut down, but modern operating systems have mitigations against this by way of overwriting RAM. Segerdahl and Saarinen found a way to disable this feature.

“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested,” Segerdahl said in a written press statement. “And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute.”

Segerdahl and Saarinen developed a tool that could re-write the mitigation settings in memory, which would disable memory overwriting and allow them to boot from an external device that could read the target system’s memory. The researchers said cold boot attacks like this could be used to steal sensitive data like credentials or even encryption keys held in memory.

“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out,” Segerdahl said in a statement. “It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use.”

The researchers said cold boot attacks like this could provide a consistent way for threat actors to steal data because it works across platform. And although the researchers have shared their findings with Microsoft, Intel and Apple, mitigations are still a work in progress.

Apple claims that Macs with the T2 chip are immune to cold boot attacks — though this only includes the iMac Pro and 2018 MacBook Pro models — and suggested users with other Mac devices set a firmware password. Microsoft updated Bitlocker guidance to help users protect sensitive information.

GPU-buffed servers advance Cisco’s AI agenda

Cisco Systems is the latest hardware vendor to offer gear tuned for AI and machine learning-based workloads.

Competition to support AI and machine workloads continues to heat up. Earlier this year archrivals Dell Technologies Inc., Hewlett Packard Enterprise and IBM rolled out servers designed to optimize performance of AI and machine learning workloads. Many smaller vendors are chasing this market as well.

“This is going to be a highly competitive field going forward with everyone having their own solution,” said Jean Bozman, vice president and principal analyst at Hurwitz & Associates. “IT organizations will have to figure out, with the help of third-party organizations, how to best take advantage of these new technologies.”

Cisco AI plan taps Nvidia GPUs

The Cisco UCS C480 ML M5 rack server, the company’s first tuned to run AI workloads, contains Nvidia Tesla V100 Tensor Core GPUs and NVLink to boost performance, and works with neural networks and large data sets to train computers to carry out complex tasks, according to the company. It works with Cisco Intersight, introduced last year, which allows IT professionals to automate policies and operations across their infrastructure from the cloud.

This Cisco AI server will ship sometime during this year’s fourth quarter. Cisco Services will offer technical support for a range of AI and machine learning capabilities.

Cisco intends to target several different industries with the new system. Financial services companies can use it to detect fraud and algorithmic trading, while healthcare companies can enlist it to deliver insights and diagnostics, improve medical image classification and speed drug discovery and research.

Server hardware makers place bets on AI

The market for AI and machine learning, particularly the former, represents a rich opportunity for systems vendors over the next year or two. Only 4% of CIOs said they have implemented AI projects, according to a Gartner study earlier this year. However, some 46% have blueprints in place to implement such projects, and many of them have kicked off pilot programs.

[AI and machine learning-based servers are] going to be a highly competitive field going forward with everyone having their own solution.
Jean Bozmanvice president and principal analyst, Hurwitz & Associates

AI and machine learning offers IT shops more efficient ways to address complex issues, but will significantly affect their underlying infrastructure and processes. Larger IT shops must heavily invest in training and the education of existing employees in how to use the technologies, the Gartner report stated. They also must upgrade existing infrastructure before they deploy production-ready AI and machine learning workloads. Enterprises will need to retool infrastructure to find ways to more efficiently handle data.

“All vendors will have the same story about data being your most valuable asset and how they can handle it efficiently,” Bozman said. “But to get at [the data] you first have to break down the data silos, label the data to get at it efficiently, and add data protection.”

Only after this prep work can IT shops take full advantage of AI-powered hardware-software tools.

“No matter how easy some of these vendors say it is to implement their integrated solutions, IT [shops] have more than a little homework to do to make it all work,” one industry analyst said. “Then you are ready to get the best results from any AI-based data analytics.”

AI, data analytics, recruiting tech among HR priorities, leaders say

LAS VEGAS — HR leaders at top national companies want tech that delivers insights and improves talent management. The top HR priorities included boosting candidate and employee experience through stellar technology. That was the message to vendors and attendees at the 2018 HR Technology Conference & Expo from a panel on what it takes to create top-notch HR. Improved recruiting platforms, AI, data analytics and user-driven learning platforms were all listed as important.

The HR chiefs from Accenture, BlackRock, Delta Air Lines, Johnson & Johnson and The Walt Disney Co., who appeared on a panel, discussed their technology priorities and interests. They weren’t picking and choosing vendors, and they made a point of avoiding mentioning any of the vendors at the conference.

But this group of global HR leaders had a clear idea of what they thought was important to conference attendees and vendors. It was a strategic, but pointed, overview of how they are using technology and what their firms want from it.

Stellar HR requires a candidate-focused recruiting system

Johnson & Johnson interviews a million people a year to hire 28,000 individuals. “So, how do you make sure that they [the candidates] have visibility [into] how they’re tracking through the process, like you would track a Domino’s pizza or a UPS or a FedEx package?” asked Peter Fasolo, executive vice president and chief human resources officer (CHRO) at Johnson & Johnson, based in New Brunswick, N.J.

At BlackRock, talent is an ongoing executive board-level discussion, said Matt Breitfelder, managing director and chief talent officer. The New York-based company is using technology to help improve the diversity of its hiring.

The firm wants diversity on its teams, so its employees are “challenging each other to think more clearly about what they’re seeing in markets,” Breitfelder said.

BlackRock is using tools in its hiring process to make sure it is “not just replicating an industry that has tended to have one way of thinking,” Breitfelder said. “We know it’s about teams, not about individual stars.”

Data analytics makes us more human

We democratized all of our learning.
Ellyn Shookchief leadership and human resource officer at Accenture

“Data analytics makes us more human, because our own data analytics shows there’s a lot of liberal arts majors who make great investors, which is very counterintuitive,” Breitfelder said. 

Delta Air Lines has begun using machine learning and AI technologies to help discover “good predictors of success” in its hiring, said Joanne Smith, the company’s executive vice president and CHRO. “That’s going to help us get smarter and smarter and smarter about hiring,” she said.

Learning and a focus on employee experience

Learning technology was also mentioned as a priority, and Accenture explained why that is. In response to the competition in the labor market, the firm decided to go big on training employees on entirely new skills.

“We democratized all of our learning,” said Ellyn Shook, chief leadership and human resource officer at Accenture, based in Dublin. Learning “is now in real time, on demand and available to our people anytime, anywhere, any device,” she said.

Some 300,000 of Accenture’s 450,000 employees have taken advantage of it in the last two years, which includes some “leading-edge technical areas that there would be no way we could have hired at that scale,” Shook said.

A common theme for the conference panel was the need for consumer-like HR technologies.

“Help me do what I’m doing. Help my employees be better at what we’re doing. But have a consumer mindset to it,” said Jayne Parker, senior executive vice president and CHRO of Disney.

Zoomdata unveils data visualization and analytics channel program

Zoomdata, a data visualization and analytics vendor, has launched a global partner program as it looks to expand its roster of systems integrators.

Unveiled this week, the Zoomdata Application Partner program offers access to support representatives and integrated support systems, training, and sales and marketing resources. Zoomdata’s SI partners can also tap deal registration and tracking through a partner portal, the vendor said.

Zoomdata said in the last year it experienced “3X growth” in channel sales of its data visualization and analytics technology. Much of those sales were derived from SI partners in European and Asia-Pacific markets. About 30% of Zoomdata’s business is international, said Russ Cosentino, co-founder and vice president of channel sales at Zoomdata, based in Reston, Va.

Cosentino said Zoomdata aims to have a global base of about 100 SI partners within the next year. About 30 partners, including global systems integrators Deloitte, Atos, Hitachi INS and Infosys, currently provide the vendor’s data visualization and analytics tools. Zoomdata also has alliances with regional SIs focused on specific geographic and vertical markets such as pharmaceuticals and life sciences, telecom, and financial services.

“For us, a good partner is a partner that brings to the table skilled resources [from] across the big data ecosystem,” Cosentino said.

Quisitive inks blockchain pact with SaaS provider

Quisitive Technology Solutions Inc., a Microsoft national solution provider, is under contract with Jumptuit, a SaaS company, to build a blockchain solution that tracks subscriptions and entitlements.

Jumptuit, based in New York, offers a search assistant service that uses AI to find users’ documents, photos, audio and video files. The SaaS offering supports Microsoft Office 365, Microsoft OneDrive and other cloud services.

Scotty Perkins, senior vice president of product innovation at Quisitive, said Microsoft referred Jumptuit to Quisitive after the SaaS provider approached Microsoft about a blockchain solution. Quisitive met with Jumptuit, held a requirements workshop and is now in the process of completing a proof of concept, he said. 

Quisitive’s propriety blockchain solution, which uses Microsoft Azure, will let Jumptuit track active subscriptions, who they belong to and when they are up for renewal. On the entitlement side, the blockchain offering will determine the level of information access users have based on the terms of their subscriptions.

Quisitive, a portfolio company of Fusion Agiletech Partners Inc., focuses on Microsoft technology and has made private blockchain deployment one of its areas of emphasis. Quisitive has offices in Dallas, Denver and Toronto.

Zebra Technologies targets healthcare partners

Zebra Technologies Corp. is offering preferred product pricing to participants in its recently launched healthcare specialization program.

The Lincolnshire, Ill., company targets a number of verticals, but has created a series of purpose-built products for the healthcare industry. Those include mobile computers, barcode scanners, printers, patient wristbands and barcode label supplies.

Bill Cate, vice president of global channel strategy, programs and operations at Zebra Technologies, said healthcare has emerged as the company’s strongest growth opportunity, with the North American market experiencing particularly rapid expansion.

Zebra Technologies’ healthcare specialization, part of the company’s PartnerConnect Partner Program, has four segments:

  • Healthcare solutions specialists — Companies in this category dedicate their entire business model to healthcare. Cate pointed to Cerner and McKesson as examples.
  • Group purchasing organization (GPO) provider specialists — GPOs aggregate purchasing to negotiate vendor discounts for healthcare organizations. This specialization segment is designed for partners that have built healthcare sales groups. Cate cited CDW and Insight Enterprises as examples.
  • Advanced specialists — This segment is for hardware and services integrators that have devoted a large percentage of their businesses to healthcare.
  • Specialists — Partners in this segment include systems integrators that maintain a focus on healthcare, but dedicate a smaller percentage of their business to that vertical compared with advanced specialists.

Benefits for partners obtaining Zebra Technologies’ healthcare specialization include preferred pricing on the company’s purpose-built healthcare products. Other features include performance rebates, deal registration and specialized channel account managers.

Battery tech promises longer flights for drone service providers

Impossible Aerospace has unveiled a drone capable of flying two hours on a single charge, a development the company said dramatically increases the battery-powered flight time available to drone services providers.

The company manufactures the quad-rotor US-1 drones in Sunnyvale, Calif., and plans to begin deliveries in the fourth quarter of 2018. Impossible Aerospace also announced a $9.4 million round of funding, in which Bessemer Venture Partners is taking the lead. The company has raised more than $11 million in funding overall.

Spencer Gore, founder and CEO at Impossible Aerospace, said the two-hour unladen flight time can make an important difference for drone service providers accustomed to fight times in the 20-minute range — or less. Drone missions may be worth hundreds of dollars per hour for drone service providers, but the amount of time such companies spend changing or charging batteries proves an economic drain.

The US-1 drone’s flight time can “help drone service providers counting on more endurance in order to do their work,” Gore said.

Impossible Aerospace is positioning its initial drone as a surveillance product, geared toward law enforcement, public safety and private security organizations. Gore said the longer flight time stems from the company’s engineering approach, which starts with the battery as opposed to the airframe. The company’s design principle is to make sure “everything in the aircraft serves at least two roles,” one of which should be storing, using or transporting electricity, Gore said.

Other news

  • Bomgar’s pending acquisition of BeyondTrust in the privileged access management space could expand sales opportunities for channel partners working with those companies. The combined company will create an integrated channel program. “Based on the sizable scale and mass of BeyondTrust’s channel presence, we will continue to build upon what has already been successful,” said Matt Dircks, CEO at Bomgar. “We expect that the integration process will enable legacy partners to cross-sell both BeyondTrust and Bomgar products by 2019.” The deal is expected to close in October 2018.
  • Adtran, a networking solutions provider, unveiled an enterprise Wi-Fi solution for service providers. The company said the offering features machine learning technology and a cloud-managed IT model.
  • Identity and access management vendor OneLogin has bolstered its partner program. The OneLogin Accelerate program will now feature expanded training programs, new sales tools and incentives, and a partner portal featuring deal management and marketing campaigns, the company said. OneLogin noted that for a limited time it will offer extra margins for enterprise deals.
  • InterVision, a solution provider headquartered in Santa Clara, Calif., and St. Louis, expanded its cloud services capabilities with the acquisition of Infiniti Consulting Group. Infiniti, based in Folsom, Calif., will provide InterVision with expertise in AWS and Azure, hybrid cloud, on-premises cloud services, and software design and development, according to InterVision.
  • Green House Data, a company that provides managed services, cloud hosting and Microsoft advisory services, announced an international expansion. The company said it has open positions in Costa Rica and Sri Lanka, noting that it now provides IT services and consulting from six countries.
  • Kofax has entered an alliance with PricewaterhouseCoopers to provide intelligent automation solutions. Kofax offers robotic process automation and digital transformation products.
  • HyperGrid, a hybrid cloud management vendor, announced the closing of a $25 million Series C funding round. The move follows a year of 300% revenue growth across the company’s enterprise and MSP customer base.
  • Software analytics company New Relic revealed a developer program. The program helps customers and partners take advantage of application and infrastructure data, enhance their New Relic data capabilities, and automate New Relic into their workflows, New Relic said.
  • Nonprofit IT trade association CompTIA introduced a member community focused on emerging technologies. The CompTIA Emerging Technology Community will explore opportunities involving a number of developing technologies, such as IoT, 5G wireless, 3D printing and quantum computing, CompTIA said.
  • NetEnrich, a managed cloud services provider, appointed David Dragonetti to vice president of global sales.
  • Convey Services said it added Mango Voice and ComTec Cloud to its roster of vertical market solutions available through its Channel Accelerator program. Mango Voice, a hosted voice provider, specializes in the hospitality and dental industries. ComTec, meanwhile, provides a unified communications voice platform in the healthcare and education markets.

Market Share is a news roundup published every Friday.

British Airways data breach may be the work of Magecart

The British Airways data breach may have been the handiwork of the threat actor group known as Magecart.

Security researchers at the threat intelligence company RiskIQ Inc., reported that they suspect Magecart was behind the late August British Airways data breach, based on their analysis of the evidence. The Magecart group focuses on online credit card skimming attacks and is believed to be behind the Ticketmaster data breach discovered in June 2018.

British Airways reported it had suffered a breach on Sept. 6 that affected around 380,000 customers. The company said personal and payment information were used in payment transactions made on the website and the mobile app between Aug. 21 and Sept. 5.

In a blog post published a week later, RiskIQ researcher Yonathan Klijnsma said that because the British Airways data breach announcement stated that the breach had affected the website and mobile app but made no mention of breaches of databases or servers, he noticed similarities between this incident and the Ticketmaster breach.

The Ticketmaster breach was caused by a web-based credit card skimming scheme that targeted e-commerce sites worldwide. The RiskIQ team said that the Ticketmaster breach was the work of the hacking group Magecart, and was likely not an isolated incident, but part of a broader campaign run by the group.

The similarities between the Ticketmaster breach and the reports of the British Airways data breach led Klijnsma and the RiskIQ team to look at Magecart’s activity.

“Because these reports only cover customer data stolen directly from payment forms, we immediately suspected one group: Magecart,” Klijnsma wrote. “The same type of attack happened recently when Ticketmaster UK reported a breach, after which RiskIQ found the entire trail of the incident.”

Klijnsma said they were able to expand the timeline of the Ticketmaster activity and discover more websites affected by online credit card skimming.

“Our first step in linking Magecart to the attack on British Airways was simply going through our Magecart detection hits,” Klijnsma explained. “Seeing instances of Magecart is so common for us that we get at least hourly alerts for websites getting compromised with their skimmer-code.”

He noted that in the instance of the British Airways data breach, the research team had no notifications of Magecart’s activity because the hacking group customized their skimmer. However, they examined British Airways’ web and mobile apps specifically and noticed the similarities — and the differences.

The fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets.
Yonathan Klijnsmathreat researcher, RiskIQ

“This attack is a simple but highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer which grabbed forms indiscriminately,” Klijnsma wrote. “This particular skimmer is very much attuned to how British Airway’s (sic) payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”

Klijnsma also said it was likely Magecart had access to the British Airways website and mobile app before the attack reportedly started.

“While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets,” he wrote.

Magecart, RiskIQ noted, has been active since 2015 and has been growing progressively more threatening as it customizes its skimming schemes for particular brands and companies.

In other news

  • President Donald Trump signed an executive order this week that imposes sanctions on anyone who attempts to interfere with U.S. elections. After Russian interference in the 2016 U.S. presidential election, there are fears that there will be further interference in the upcoming 2018 midterm election. In response to those fears, Trump signed an executive order that sanctions would be placed on foreign companies, organizations or individuals who have interfered with U.S. elections. The order says that government agencies must report any suspicious, malicious activity to the director of national intelligence, who will then investigate the report and determine its validity. If the director of national intelligence finds that the suspect group or individual has interfered, there will be a 45-day review and assessment period during which the Department of Justice and Homeland Security will decide whether sanctions are warranted. If they are, the foreign group or individual could have their U.S. assets frozen or be banned from the country.
  • A vulnerability in Apple’s Safari web browser enables attackers to launch phishing attacks. Security researcher Rafay Baloch discovered the vulnerability and was also able to replicate it in the Microsoft Edge browser. Baloch published the proof of concept for both browser vulnerabilities early this week, and while Microsoft had addressed the issue in its August Patch Tuesday release — citing an issue with properly parsing HTTP content as the cause — Apple has yet to issue any patches for it. The vulnerability in Safari iOS 11.3.1 could thus still be used to spoof address bars and trick users into thinking they are visiting a legitimate site that is actually malicious.
  • The hacker known as “Guccifer” will be extradited to the U.S. to serve a 52-month prison sentence. A Romanian court ruled that the hacker, who is known for exposing the misuse of Hillary Clinton’s private email server before the 2016 U.S. presidential election and whose real name is Marcel Lehel Lazar, will be extradited to America to serve his 52-month sentence after finishing his seven-year sentence in Romania — his home country. Lazar pleaded guilty in May 2016 to charges of unauthorized access to a protected computer and aggravated identity theft. Lazar is believed to have hacked into the accounts of around 100 people between 2012 and 2014, including former Secretary of State Colin Powell, CBS Sports’ Jim Nantz and Sidney Blumenthal, a former political aide to Bill Clinton and adviser to Hillary Clinton.