Canon Business Process Services suffered a security incident, according to a data breach disclosure by General Electric, for which Canon processes current and former employees’ documents and beneficiary-related documents.
GE systems were not impacted by the cyberattack, according to the company’s disclosure, but personally identifiable information for current and former employees as well as their beneficiaries was exposed in the Canon breach. The breach, which was first reported by BleepingComputer, took place between Feb. 3 and Feb. 14 of this year, and GE was notified of the breach on the 28th. According to the disclosure, “an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems.”
Said documents included “direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, death certificates, medical child support orders, tax withholding forms, beneficiary designation forms and applications for benefits such as retirement, severance and death benefits with related forms and documents.” Personal information stolen “may have included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and other information contained in the relevant forms.”
GE’s disclosure also said Canon retained “a data security expert” to conduct a forensic investigation. At GE’s request, Canon is offering two years of free identity protection and credit monitoring services.
GE shared the following statement with SearchSecurity regarding the Canon breach.
“We are aware of a data security incident experienced by one of GE’s suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon’s systems may have been accessed by an unauthorized individual. Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees,” the statement read.
Canon did not return SearchSecurity’s request for comment. At press time, Canon has not released a public statement.
Zoom has struggled to keep some of its services online this week amid a spike in remote work because of the global coronavirus pandemic.
Users have had to wait significantly longer than usual to access recordings of Zoom meetings in the cloud. The company said its engineering team was working to resolve the issue, attributing the backlog to “excessive demand.”
Zoom’s dial-in numbers have also faltered several times this month. Elevated traffic has so far clogged audio lines in Japan, New York and Hong Kong, forcing users to connect to a meeting’s audio using the internet. A dial-in number in Australia was also inaccessible at times this week.
Meanwhile, some users were intermittently unable to make and receive calls through Zoom Phone, the vendor’s cloud telephony service, for extended periods of time this week.
Users have now dealt with 18 non-scheduled Zoom service disruptions in March. There were no such incidents in January and just one in February (an issue that affected only subscribers in Brazil).
In a statement, Zoom said it was working to find a “long-term, sustainable solution” to the issues affecting Zoom Phone. The company thanked customers for their “patience and understanding” during an “unprecedented and challenging time for everyone.”
Zoom is not the only collaboration vendor struggling to cope with a sudden surge in usage. Many users of Microsoft Teams were unable to send messages and perform other tasks on Monday. Some Teams users in Europe were affected by another chat outage on Tuesday.
Last week, experts said they didn’t expect any of the major collaboration vendors to suffer outages that forced their services completely offline for multiple days. So far, that prediction has held. Nevertheless, the influx of remote workers is having some impact.
Zoom has not said how many new users it has gained in recent weeks, but its mobile client is now the most popular free download on Apple’s App Store. Notably, countless schools and universities worldwide have begun to hold virtual classes on Zoom.
Statistics shared by other vendors provide clues to the surge in traffic Zoom is likely dealing with. Microsoft Teams gained 12 million daily active users between March 11 and March 18, a 37% increase. Slack added paid customers at nearly three times its typical rate between Feb. 1 and March 18.
Zoom’s support team is also likely fielding complaints related to factors outside of the vendor’s control, such as the quality of a user’s home Wi-Fi. Residential connections are often less reliable than corporate networks.
Telia Carrier, a network services provider based in Stockholm, is looking to work with large master agents and regional partners in the U.S., targeting enterprise opportunities such as SD-WAN.
The company this week launched a partner program with the goal of raising its profile in the U.S. The channel initiative aims to help partners cross-sell a range of offerings that include internet services, Ethernet, MPLS, a public cloud gateway and SD-WAN services. Telia Carrier earlier this month released a new SD-WAN offering based on Cisco’s Viptela technology.
Rob Pulkownik, head of channel sales at Telia Carrier, said the company recently built out its internal infrastructure to work with partners, creating mechanisms to track orders, pay commissions and avoid channel conflict.
“Now that we have that in place, my plan for this year is to scale up with … two more of the large masters and then regional [agents], on a more ad hoc basis,” he said.
Telia Carrier has master agent agreements in place with AppSmart (formerly WTG), Telarus and other companies.
The channel sales effort represents a shift for Telia Carrier, which has operated primarily a wholesale player, with customers including content providers, carriers, multisystem operators and ISPs. The enterprise sector was much less of a focus. Telia Carrier has staffed eight to 10 salespeople in the U.S. market, while competitors have more than 1,000 salespeople, Pulkownik noted.
Rob Pulkownik Head of channel sales, Telia Carrier
“We are not going to ramp up a sales team like that,” he said. “We are going to rely on doing a lot of this through the channel.”
Features of Telia Carrier’s partner program include a self-service portal, which lets agents keep tabs on inventory, usage, trouble tickets, invoices, customer payments and commissions, according to the company.
Telia Carrier aims to roll out an automated deal registration system in the second quarter of this year. At the moment, deal registration is a manual process.
An Amazon Web Services engineer uploaded sensitive data to a public GitHub repository that included customer credentials and private encryption keys.
Cybersecurity vendor UpGuard earlier this month found the exposed GitHub repository within 30 minutes of its creation. UpGuard analysts discovered the AWS leak, which was slightly less than 1 GB and contained log files and resource templates that included hostnames for “likely” AWS customers.
“Of greater concern, however, were the many credentials found in the repository,” UpGuard said in its report Thursday. “Several documents contained access keys for various cloud services. There were multiple AWS key pairs, including one named ‘rootkey.csv,’ suggesting it provided root access to the user’s AWS account.”
The AWS leak also contained a file for an unnamed insurance company that included keys for email and messaging providers, as well as other files containing authentication tokens and API keys for third-party providers. UpGuard’s report did not specify how many AWS customers were affected by the leak.
UpGuard said GitHub’s token scanning feature, which is opt-in, could have detected and automatically revoked some of the exposed credentials in the repository, but it’s unclear how quickly detection would have occurred. The vendor also said the token scanning tool would not have been able to revoke exposed passwords or private keys.
The documents in the AWS leak also bore the hallmarks of an AWS engineer, and some of the documents included the owner’s name. UpGuard said it found a LinkedIn profile for an AWS engineer that matched the owner’s exact full name, and the role matched the types of data found in the repository; as a result, the vendor said it was confident the owner was an AWS engineer.
While it’s unclear why the engineer uploaded such sensitive material to a public GitHub repository, UpGuard said there was “no evidence that the user acted maliciously or that any personal data for end users was affected, in part because it was detected by UpGuard and remediated by AWS so quickly.”
UpGuard said at approximately 11 a.m. on Jan. 13, its data leaks detection engine identified potentially sensitive information had been uploaded to the GitHub repository half an hour earlier. UpGuard analysts reviewed the documents and determined the sensitive nature of the data as well as the identity of the likely owner. An analyst contacted AWS’ security team at 1:18 p.m. about the leak, and by 4 p.m. public access to the repository had been removed. SearchSecurity contacted AWS for comment, but at press time the company had not responded.
Businesses using on-premises video gear from Cisco can now get access to cloud services, while keeping their video infrastructure in place.
A new service, called Cisco Webex Edge for Devices, lets businesses connect on-premises video devices to cloud services like Webex Control Hub and the Webex Assistant. Customers get access to some cloud features but continue to host video traffic on their networks.
Many businesses aren’t ready to move their communications to the cloud. Vendors have responded by developing ways to mix on-premises and cloud technologies. Cisco Webex Edge for Devices is the latest offering of that kind.
“It gives users that cloudlike experience without the businesses having to fully migrate everything to the cloud,” said Zeus Kerravala, principal analyst at ZK Research.
Cisco wants to get as many businesses as possible to go all-in on the cloud. Webex Edge for Devices, introduced this month, tees up customers to make that switch. Companies will have the option of migrating their media services to the cloud after connecting devices to the service.
Webex Edge for Devices is available for no additional charge to businesses with an enterprise-wide Collaboration Flex Plan, a monthly per-user subscription. Alternatively, companies can purchase cloud licenses for the devices they want to register with the service for roughly $30 per device, per month. The service won’t work with gear that’s so old Cisco no longer supports it.
Video hardware linked to the cloud through the service will show up in the Webex Control Hub, a console for managing cloud devices. For on-premises devices, the control hub will provide diagnostic reports, usage data, and insight into whether the systems are online or offline.
Many businesses are already using a mix of on-premises and cloud video endpoints. Webex Edge for Devices will let those customers manage those devices from a single console. In the future, Cisco plans to add support for on-premises phones.
Businesses will also be able to sync on-premises video devices with cloud-based calendars from Microsoft and Google. That configuration will let the devices display a one-click join button for meetings scheduled on those calendars.
Another cloud feature unlocked by Webex Edge for Devices is the Webex Assistant. The service is an AI voice system that lets users join meetings, place calls and query devices with their voice.
In the future, Cisco plans to bring more cloud features to on-premises devices. Future services include People Insights, a tool that provides background information on meeting participants with information gleaned from the public internet.
Cisco first released a suite of services branded as Webex Edge in September 2018. The suite included Webex Edge Audio, Webex Edge Connect and Webex Video Mesh. The applications provide ways to use on-premises and cloud technologies in combination to improve the quality of audio and video calls.
Cisco’s release of Webex Edge for Devices underscores its strategy of supporting on-premises customers without forcing them to the cloud, said Irwin Lazar, analyst at Nemertes Research.
The public cloud services arena has turned a corner, introducing new challenges for customers, according to the latest edition of “Technology Radar,” a biannual report by global software consultancy ThoughtWorks. Competition has heated up, so top public cloud vendors are creating new cloud services at a fast clip. But in their rush to market, those vendors can roll out flawed services, which opens the door for resellers to help clients evaluate cloud options.
Public cloud has become a widely deployed technology, overcoming much of the resistance it had seen in the past. “Fears about items like security and sovereignty have been calmed,” noted Scott Shaw, director of technology for Asia Pacific region at ThoughtWorks. “Regulators have become more comfortable with the technology, so cloud interest has been turning into adoption.”
The cloud market shifts
With the sales of public cloud services rising, competition has intensified. Initially, Amazon Web Services dominated the market, but recently Microsoft Azure and Google Cloud Platform have been gaining traction among enterprise customers.
Scott ShawDirector of technology for Asia Pacific region, ThoughtWorks
One ripple effect is that the major public cloud providers have been trying to rapidly roll out differentiating new services. However, in their haste to keep pace, they can deliver services with rough edges and incomplete feature sets, according to ThoughtWorks.
Customers can get caught in this quicksand. “Corporations adopting public cloud have not had as much success as they had hoped for,” Shaw said.
Businesses try to deploy public cloud services based on the promised functionality but frequently hit roadblocks during implementations. “The emphasis on speed and product proliferation, through either acquisition or hastily created services, often results not merely in bugs but also in poor documentation, difficult automation and incomplete integration with vendors’ own parts,” the report noted.
Testing is required
ThoughtWorks recommended that organizations not assume all public cloud vendors’ services are of equal quality. They need to test out key capabilities and be open to alternatives, such as open source options and multi-cloud strategies.
Resellers can act as advisors to help customers make the right decisions as they consider new public cloud services, pointing out the strengths and flaws in individual cloud options, Shaw said.
To serve as advisors, however, resellers need in-depth, hands-on experience with the cloud services. “Channel partners cannot simply rely on a feature checklist,” Shaw explained. “To be successful, they need to have worked with the service and understand how it operates in practice and not just in theory.”
Amazon Web Services has a stranglehold on the public cloud market, but the company’s dominance in cloud security is facing new challenges.
The world’s largest cloud provider earned a reputation over the last 10 years as an influential leader in IaaS security, thanks to introducing products such as AWS Identity & Access Management and Key Management Service in the earlier part of the decade to more recent developments in event-driven security. AWS security features helped the cloud service provider establish its powerful market position; according to Gartner, AWS in 2018 earned an estimated $15.5 billion in revenue for nearly 48% of the worldwide public IaaS market.
But at the re:Invent 2019 conference last month, many of the new security tools and features announced were designed to fix existing issues, such as misconfigurations and data exposures, rather than push AWS security to new heights. “There wasn’t much at re:Invent that I’d call security,” said Colin Percival, founder of open source backup service Tarsnap and an AWS Community Hero, via email. “Most of what people are talking about as security improvements address what I’d call misconfiguration risk.”
Meanwhile, Microsoft has not only increased its cloud market share but also invested heavily in new Azure security features that some believe rival AWS’ offerings. Rich Mogull, president and analyst at Securosis, said there are two sides to AWS security — the inherent security of the platform’s architecture, and the additional tools and products AWS provides to customers.
“In terms of the inherent security of the platform, I still think Amazon is very far ahead,” he said, citing AWS’ strengths such as availability zones, segregation, and granular identity and access management. “Microsoft has done a lot with Azure, but Amazon still has a multi-year lead. But when it comes to security products, it’s more of a mixed bag.”
Colin PercivalFounder, Tarsnap
Microsoft has been able to close the gap in recent years with the introduction of its own set of products and tools that compete with AWS security offerings, he said. “Azure Security Center and AWS Security Hub are pretty comparable, and both have strengths and weaknesses,” Mogull said. “Azure Sentinel is quite interesting and seems more complete than AWS Detective.”
New tools, old problems
Arguably the biggest AWS security development at re:Invent was a new tool designed to fix a persistent problem for the cloud provider: accidental S3 bucket exposures. The IAM Access Analyzer, which is part of AWS’ Identity and Access Management (IAM) console, alerts users when an S3 bucket is possibly misconfigured to allow public access via the internet and lets them block such access with one click.
AWS had previously made smaller moves, including changes to S3 security settings and interfaces, to curb the spate of high-profile and embarrassing S3 exposures in recent years. IAM Access Analyzer is arguably the strongest move yet to resolve the ongoing problem.
“They created the S3 exposure issue, but they also fixed it,” said Jerry Gamblin, principal security engineer at vulnerability management vendor Kenna Security, which is an AWS customer. “I think they’ve really stepped up in that regard.”
Still, some AWS experts feel the tool doesn’t fully resolve the problem. “Tools like IAM Access Analyzer will definitely help some people,” Percival said, “but there’s a big difference between warning people that they screwed up and allowing people to make systems more secure than they could previously.”
Scott Piper, an AWS security consultant and founder of Summit Route in Salt Lake City, said “It’s yet another tool in the toolbelt and it’s free, but it’s not enabled by default.”
There are other issues with IAM Access Analyzer. “With this additional information, you have to get that to the customer in some way,” Piper said. “And doing that can be awkward and difficult with this service and others in AWS like GuardDuty, because it doesn’t make cross-region communication very easy.”
For example, EC2 regions are isolated to ensure the highest possible fault tolerance and stability for customers. But Piper said the isolation presents challenges for customers using multiple regions because it’s difficult to aggregate GuardDuty alerts to a single source, which requires security teams to analyze “multiple panes of glass instead of one.”
AWS recently addressed another security issue that became a high-profile concern for enterprises following the Capital One breach last summer. The attacker in that exploited an SSRF vulnerability to access the AWS metadata service for company’s EC2 instances, which allowed them to obtain credentials contained in the service.
The Capital One breach led to criticism from security experts as well as lawmakers such as Sen. Ron Wyden (D-Ore.), who questioned why AWS hadn’t addressed SSRF vulnerabilities for its metadata service. The lack of security around the metadata service has concerned some AWS experts for years; in 2016, Percival penned a blog post titled “EC2’s most dangerous feature.”
“I think the biggest problem Amazon has had in recent years — judging by the customers affected — is the lack of security around their instance metadata service,” Percival told SearchSecurity.
In November, AWS made several updates to the metadata service to prevent unauthorized access, including the option to turn off access to the service altogether. Mogull said the metadata service update was crucial because it improved security around AWS account credentials.
But like other AWS security features, the metadata service changes are not enabled by default. Percival said enabling the update by default would’ve caused issues for enterprise applications and services that rely on the existing version of the service. “Amazon was absolutely right in making their changes opt-in since if they had done otherwise, they would have broken all of the existing code that uses the service,” he said. “I imagine that once more or less everyone’s code has been updated, they’ll switch this from opt-in to opt-out — but it will take years before we get to that point.”
Percival also said the update is “incomplete” because it addresses common misconfigurations but not software bugs. (Percival is working on an open source tool that he says will provide “a far more comprehensive fix to this problem,” which he hopes to release later this month.)
Still, Piper said the metadata service update is an important step for AWS security because it showed the cloud provider was willing to acknowledge there was a problem with the existing service. That willingness and responsiveness hasn’t always been there in the past, he said.
“AWS has historically had the philosophy of providing tools to customers, and it’s kind of up to customers to use them and if they shoot themselves in the foot, then it’s the customers’ fault,” Piper said. “I think AWS is starting to improve and change that philosophy to help customers more.”
AWS security’s road ahead
While the metadata service update and IAM Access Analyzer addressed lingering security issues, experts highlighted other new developments that could strengthen AWS’ position in cloud security.
AWS Nitro Enclaves, for example, is a new EC2 capability introduced at re:Invent 2019 that allows customers to create isolated instances for sensitive data. The Nitro Enclaves, which will be available in preview this year, are virtual machines attached to EC2 instances but have CPU and memory isolation from the instances and can be accessed only through secure local connections.
“Nitro Enclaves will have a big impact for customers because of its isolation and compartmentalization capabilities” which will give enterprises’ sensitive data an additional layer of protection against potential breaches, Mogull said.
Percival agreed that Nitro Enclaves could possibly “raise the ceiling,” for AWS Security, though he cautioned against using them. “Enclaves are famously difficult for people to use correctly, so it’s hard to predict whether they will make a big difference or end up being another of the many ‘Amazon also has this feature, which nobody ever uses’ footnotes.”
Experts also said AWS’ move to strengthen its ARM-based processor business could have major security implications. The cloud provider announced at re:Invent 2019 that it will be launching EC2 instances that run on its new, customized ARM chips, dubbed Graviton2.
Gamblin said the Graviton2 processors are a security play in part because of recent microprocessor vulnerabilities and side channel attacks like Meltdown and Spectre. While some ARM chips were affected by both Meltdown and Spectre, subsequent side channel attacks and Spectre variants have largely affected x86 processors.
“Amazon doesn’t want to rely on other chips that may be vulnerable to side channel attacks and may have to be taken offline and rebooted or suffer performance issues because of mitigations,” Gamblin said.
Percival said he was excited by the possibility of the cloud provider participating in ARM’s work on the “Digital Security by Design” initiative, a private-sector partnership with the UK that is focused in part on fundamentally restructuring — and improving — processor security. The results of that project will be years down the road, Percival said, but it would show a commitment from AWS to once again raising the bar for security.
“If it works out — and it’s a decade-long project, which is inherently experimental in nature — it could be the biggest step forward for computer security in a generation.”
IT services acquisitions got off to a fast start in 2020 with at least three transactions surfacing in the first week of the new year.
The early activity suggests the brisk pace of deals among services providers in 2019 may persist a bit longer. Consider the following:
IT services acquisitions: Deal drivers
The recent IT services acquisition emphasize the value buyers place on vertical market expertise, technology skill sets, software development and geographic reach.
Perficient’s purchase of MedTouch, based in Somerville, Mass., has boosted Perficient’s healthcare business revenue by nearly 10%, according to vice president Ed Hoffman. The acquisition adds 50 employees to the company’s roster.
Perficient’s healthcare business, the company’s largest vertical market, delivers business optimization and customer experience services to payer, provider and pharmaceutical organizations. MedTouch adds digital marketing “solutions and services focused on patient acquisition, customer experience, patient engagement and loyalty, and physician marketing,” Hoffman said.
MedTouch also contributes to Perficient’s customer experience (CX) work. Perficient’s Sitecore practice designs, builds and delivers websites based on the Sitecore Experience Platform. MedTouch brings experience with Sitecore, Acquia and other CX platforms, Hoffman noted.
Quisitive, meanwhile, has expanded its Microsoft technology resources and its geographic reach through its acquisition of Los Altos, Calif.-based Menlo Technologies. Menlo provides capabilities in Azure, Microsoft Office 365 and Microsoft Dynamics, along with software development services.
The Menlo Technologies deal furthers the company’s goal of becoming a Microsoft solutions provider spanning North America. Quisitive launched that strategy in 2018 and has since expanded to eight North American offices from its original base of operations in Dallas and Denver.
Quisitive CEO Mike Reinhart said the Menlo Technologies acquisition and its 2019 purchase of Corporate Renaissance Group “give us the fuel necessary to drive organic growth” as it builds its Microsoft business.
“These two acquisitions were critical in the sense that it added deep expertise in Microsoft Dynamics 365 capabilities, first-party SaaS IP, offshore development capability and full U.S. geographic coverage,” Reinhart said.
Ahead’s acquisition of Platform Consulting Group, based in Denver, marks the company’s fourth transaction. In October 2019, Ahead merged with Data Blue and acquired Sovereign Systems. The company also purchased Link Solutions Group last year.
Platform Consulting Group focuses on cloud-native application development and modern development frameworks, targeting enterprise clients. That customers are working to rationalize and refactor applications or build new applications with cloud-native patterns influenced Ahead’s purchase of Platform.
“This was part of the core thesis for our acquisition,” said Eric Kaplan, CTO at Ahead. “In addition, the lines are blurring between infrastructure and applications and our clients are looking for help from partners who can provide an end-to-end solution.”
More deals on tap?
Industry executives suggested the current run of IT services acquisitions looks set to continue in 2020.
Ed HoffmanVice president, Perficient
“We expect continued consolidation in the space in 2020 and remain in active dialogue with many firms,” Perficient’s Hoffman said.
He said Perficient is “highly selective when it comes to M&A,” emphasizing industry expertise, partner ecosystems, corporate cultures and values, and “exceptionally talented workforces.”
Reinhart also pointed to more consolidation. “Microsoft is exploding with growth in their cloud offerings and the partner ecosystem continues to be fragmented,” he said. Fragmentation, he added, opens an opportunity for Quisitive to look at regional and point-solution partners. Microsoft has said it has more than 64,000 cloud partners.
Quisitive, Reinhart said, “will be very surgical” in its acquisition approach, making sure targeted companies offer differentiated market strength or add to Quisitive’s geographic expansion and Microsoft specialization.
“I believe M&A activity will be strong, but highly correlated to overall markets,” Kaplan noted.
In Kaplan’s view, valuations in particular markets are inflated. “Segments of the market where skills are at a premium and where repeatable solutions exist will obviously command a premium,” he added.
Giants Amazon and Microsoft offer cloud products and services that compete in areas usually reserved for the strengths that traditional hyper-converged infrastructure platforms bring to the enterprise IT table. These include hybrid cloud offerings AWS Outposts, which Amazon made generally available late last year, and Azure Stack from Microsoft.
An integrated hardware and software offering, Azure Stack is designed to deliver Microsoft Azure public cloud services to enable enterprises to construct hybrid clouds in a local data center. It delivers IaaS and PaaS for organizations developing web apps. By sharing its code, APIs and management portal with Microsoft Azure, Azure Stack provides a common platform to address hybrid cloud issues, such as maintaining consistency between cloud and on-premises environments. Stack is for those who want the benefits of a cloud-like platform but must keep certain data private due to regulations or some other constraint.
AWS Outposts is Amazon’s on-premises version of its IaaS offering. Amazon targets AWS Outposts at those who want to run workloads on Amazon Web Services, but instead of in the cloud, do so inside their own data centers to better meet regulatory requirements and, for example, to reduce latency.
AWS Outposts is Amazon’s acknowledgment that most enterprise class organizations prefer hybrid cloud to a public cloud-only model. Amazon generally has acted solely as a hyperscale public cloud provider, leaving its customers’ data center hardware needs for other vendors to handle. With AWS Outposts, however, Amazon is — for the first time — making its own appliances available for on-premises use.
AWS Outposts customers can run AWS on premises. They can also extend their AWS virtual private clouds into their on-premises environments, so a single virtual private cloud can contain both cloud and data center resources. That way, workloads with low-latency or geographical requirements can remain on premises while other workloads run in the Amazon cloud. Because Outposts is essentially an on-premises extension of the Amazon cloud, it also aims to ease the migration of workloads between the data center and the cloud.
What is Microsoft Azure Stack?
Although initially marketed as simply a way to host Azure services on premises, Azure Stack has evolved into a portfolio of products. The three products that make up the Azure Stack portfolio include Azure Stack Edge, Azure Stack Hub and Azure Stack HCI.
Azure Stack Edge is a cloud-managed appliance that enables you to run managed virtual machine (VM) and container workloads on premises. While this can also be done with Windows Server, the benefit to using Azure Stack Edge is workloads can be managed with a common tool set, whether they’re running on premises or in the cloud.
Azure Stack Hub is used for running cloud applications on premises. It’s mostly for situations in which data sovereignty is required or where connectivity isn’t available.
As its name implies, Azure Stack HCI is a version of Azure Stack that runs on HCI hardware.
AWS Outposts vs. Azure Stack vs. HCI
To appreciate how AWS Outposts competes with traditional HCI, consider common HCI use cases. HCI is often used as a virtualization platform. While AWS Outposts will presumably be able to host Elastic Compute Cloud virtual machine instances, the bigger news is that Amazon is preparing to release a VMware-specific version of Outposts in 2020. The VMware Cloud on AWS Outposts will allow a managed VMware software-defined data center to run on the Outposts infrastructure.
Organizations are also increasingly using HCI as a disaster recovery platform. While Amazon isn’t marketing Outposts as a DR tool, the fact that Outposts acts as a gateway between on-premises services and services running in the Amazon cloud means the platform will likely be well positioned as a DR enabler.
Many organizations have adopted hyper-converged systems as a platform for running VMs and containers. Azure Stack Edge may end up displacing some of those HCIs if an organization is already hosting VMs and containers in the Azure cloud. As for Azure Stack Hub, it seems unlikely that it will directly compete with HCI, except possibly in some specific branch office scenarios.
The member of the Azure Stack portfolio that’s most likely to compete with traditional hyper-convergence is Azure Stack HCI. It’s designed to run scalable VMs and provide those VMs with connectivity to Azure cloud services. These systems are being marketed for use in branch offices and with high-performance workloads.
Unlike first-generation HCI systems, Azure Stack HCI will provide scalability for both compute and storage. This could make it a viable replacement for traditional HCI platforms.
In summary, when it comes to AWS Outposts vs. Azure Stack or standard hyper-convergence, all three platforms have their merits, without any one being clearly superior to the others. If an organization is trying to choose between the three, then my advice would be to choose the platform that does the best job of meshing with the existing infrastructure and the organization’s operational requirements. If the organization already has a significant AWS or Azure footprint, then Outposts or Azure Stack would probably be a better fit, respectively. Otherwise, traditional HCI is probably going to entail less of a learning curve and may also end up being less expensive.
The U.S Army is moving its civilian HR services from on-premises data centers to Microsoft’s cloud. The migration to Azure has the makings of a big change. Along with shifting Army HR services to the cloud, it plans to move off some of its legacy applications.
It’s a move that the Army said will give it more flexibility and reduce its costs.
The Army Civilian Human Resources Agency (CHRA) is responsible for supporting approximately 300,000 Army civilian employees and 33,000 Department of Defense employees. It provides a full-range of HR services.
The migration to Azure was noted in a contract announcement by Accelera Solutions Inc., a systems integrator based in Fairfax, Va. The $40.4 million Army contract is for three years. The firm is a Microsoft federal cloud partner.
The federal government, including the Department of Defense, is broadly consolidating data centers and shifting some systems to the cloud.
Shift to cloud will improve HR capabilities
The Army said it is moving its civilian HR services to the cloud for three reasons. The Army “has determined that the cloud is the most effective way to host CHRA operated programs,” said Matthew Leonard, an Army spokesperson, in an email. It also needs “a more agile operating environment,” he said.
The third benefit of migrating to Azure “will allow for improved overall capabilities at lower cost,” Leonard said. “We will not need to expend resources to maintain data centers and expensive hardware,” he said.
Some of the Army’s savings will come by turning off resources outside of business hours, such as those used for development.
The Army didn’t provide an estimate of cost savings. But the Defense Department, in budget documents, has estimated cumulative data center consolidation savings of $751 million from 2017 to 2024.
Matthew LeonardSpokesperson, Army
Some existing Army HR applications will undergo a migration to Azure, but new cloud-based HR applications will be also be adopted as part of this shift.
“Our goal is to significantly reduce the number of applications through the use of modern, out-of-the-box platforms,” Leonard said. Overtime, the Army plans to move other applications to the cloud.
Accelera declined to comment on the award, but in its announcement said its work includes migrating the Army’s HR applications from on-premises data center to the Azure cloud. It will also operate the cloud environment.
“The CHRA cloud initiative does seem to be driven more by the data center consolidation initiative that’s been around since the Obama administration, and much less by the current flap over JEDI,” said Ray Bjorklund, president of government IT market research firm BirchGrove Consulting LLC in Maryland. Migration to the cloud has been a “recurring method” of IT consolidation, he said.