Liberty Wins Right To Judicial Review Into Investigatory Powers Act

The fact that Human rights group Liberty has won the right for a judicial review into the Investigatory Powers Act 2016 could mean a legal challenge in the high court as soon as next year.

The Investigatory Powers Act

The Investigatory Powers Act 2016 (also known as the ‘Snooper’s Charter’) became law in the UK November 2016. It was designed to extend the reach of state surveillance and requires web and phone companies (by law) to store everyone’s web browsing histories for 12 months and to give the police, security services and official agencies unprecedented access to that data. The Charter also means that security services, government agencies and police can hack into computers and phones and collect communications data in bulk, and that judges can sign off police requests to view journalists’ call and web records.

Long Time Coming

Liberty was given the general go-ahead by the UK High Court to make a legal challenge against the Investigatory Powers Act in July 2017 and was enabled to do so with the help of £50,000 of crowdfunding raised via CrowdJustice.

Also, Liberty’s challenge is thought to have been helped by the European Court of Justice (in a separate case, represented by Liberty lawyers back in 2016) ruling that the same powers in the old the UK state surveillance law the ‘Data Retention and Investigatory Powers Act’ (DRIPA) were unlawful, and by a ruling by the court of appeal in January 2018 also finding the same thing.

The UK government was, therefore, given until July 2018 to amend or re-write powers to require phone and internet companies to retain data on the UK population.

Part 4 of the Act

The most recent High Court ruling on 29th November gives Liberty the right to a judicial review on part 4 of the Investigatory Powers Act.  This is the part which gives many government agencies powers to collect electronic communications and records of internet use, in bulk, without reason for suspicion.

Concerns About GCHQ’s Hacking

Human rights groups and even Parliament’s Intelligence and Security Committee have become particularly concerned about an apparent shift towards the use of hacking of computer systems, networks and mobile phones for information gathering by intelligence services such as GCHQ in projects such as the ‘Computer Network Scaling’ programme.

What Does This Mean For Your Business?

The UK’s ability to spot and foil potential plots is vital. Although the Investigatory Powers Act may include measures that could help with that, many people and businesses (communications companies, social media, web companies) are still uneasy with the extent of the legislation and what it forces companies to do, how necessary it is, and what effect it will have on businesses publicly known to be snooping on their customers on behalf of the state. The 200,000+ signatures on a petition calling for the repeal of the Investigatory Powers Act after it became law, and the £50,000 crowdfunding raised from the public in less than a week to challenge parts of the Act in the courts, both emphasise the fact that UK citizens value their privacy and take the issues of privacy and data security very seriously.

Liberty is essentially arguing for what it sees as a more proportionate surveillance regime that can better balance public safety with respect for privacy. The government initially believed that this level of surveillance was necessary to counter terrorist groups and threats posed to safety and democracy by other states, but successive legal challenges by Liberty have seen them give some ground. According to the Intelligence and Security Committee, GCHQ is running a project that aims to improve the way that it complies with the Act, and MI5 has also said that it trying to operate more compliantly.  As for any additional oversight of government orders to internet and phone companies, this is estimated to be running about a year behind schedule with IT problems being blamed for the delay.

Hard of Hearing? Skype Offers Live Captions And Subtitles

On 3rd December, Skype announced that it was celebrating United Nations International Day of Persons with Disabilities by launching its new call captioning with live captions and subtitles feature.

Inclusivity & Accessibility

Skype says that this latest feature, which uses AI-driven captions, is part of its on-going work to make Skype more inclusive and make Skype calls more accessible to all.

How Does It Work?

The new live captions and subtitles feature works on a call-by-call basis through the in-call screen or can be set to activate by default under Settings > Calling > Call Subtitles > then toggle ‘Show Subtitles’ for all voice and video calls.

The feature works on the latest version of Skype for one-on-one calls with friends or co-workers, or to any phone number, as well as in group calls with a work team or friend group.

Currently, the captions and subtitles auto-scroll in your call, but Skype says that it will soon enable additional viewing options, including the ability to scroll through them in their own side window.

Skype says that the captions and subtitles will be optimised to be fast, continuous, and contextually updated as people speak.

Translations Into 20 Languages

Skype also says that in the coming weeks, it will be augmenting the live captions and subtitles feature further by releasing translations that support over 20 languages and dialects.

Microsoft – Introducing Captions and Subtitles For PowerPoint Presentations

Microsoft, which owns Skype, announced that as part of the same celebration of the United Nations International Day of Persons with Disabilities, it is introducing AI-powered captions and subtitles for presentations in real-time for PowerPoint.

Many Languages Too

Microsoft also announced at the launch, that the live captions and subtitles for PowerPoint will support 12 spoken languages and display on-screen captions or subtitles in one of 60+ languages.

Features

Live captions and subtitles in PowerPoint will use AI, automatically adaptive speech recognition based on the presented content for more accurate recognition of names and specialised terminology, and the ability for presenters to easily customise the size, position, and appearance of subtitles.

What Does This Mean For Your Business?

AI is the technology at the heart of these new features, and Microsoft is finding ways to utilise the technology to create many different value-adding and differentiating benefits to its services.

Accessibility is an important consideration and point of compliance for businesses, and these new AI-powered features can help businesses to communicate and present information in a more inclusive, accessible and engaging way.

Microsoft has emphasised that the new captions and subtitles feature joins many other accessibility features that it has introduced to Office 365, such as automatic suggestions for alt-text in Word and PowerPoint, expanded availability of automatic closed captions and searchable transcripts for videos in Microsoft Stream, plus enhancements to the Office 365 Accessibility Checker.

Data Protection Trust Levels Still Low After GDPR

A report by the Chartered Institute of Marketing (CIM) has shown that as 42% of consumers have received communications from businesses they had not given permission to contact them (since GDPR came into force), this could be a key reason why consumer trust in businesses is still at a low level.

Not Much Difference

The CIM report shows that only 24% of respondents believe that businesses treat people’s personal data in an honest and transparent way.  This is only slightly higher than the 18% who believed the same thing when GDPR took effect 6 months ago.

Young More Trusting

The report appears to indicate that although trust levels are generally low, younger people trust businesses more with their data.  For example, the report shows that 33% of 18-24 and 34% of 24-35 year olds trust businesses with their data, compared with only 17% of over 55s.

More Empowered But Lacking Knowledge About Rights

Consumers appear to feel more empowered by GDPR to act if they feel that organisations are not serving them with the right communications.  For example, the report showed that rather than just continuing to receive and ignoring communications from a company, 50% of those surveyed said that GDPR has motivated them to not consciously opt-in to begin with, or if opted in, make them more likely to subscribe.

This feeling of empowerment was also illustrated back in August in a report based on a study by business intelligence and data management firm SAS.  The SAS study showed that more than half of UK consumers (55%) looked likely to exercise their new GDPR rights within the first year of GDPR’s introduction.

Unfortunately, even though many people feel more empowered by GDPR, there still appears to be a lack of knowledge about exactly what rights GDPR has bestowed upon us. For example, the report shows that only 47% of respondents said they know their rights as a consumer in relation to data protection.  This figure has only increased by 5% (from 43%) since the run-up to GDPR.

What Does This Mean For Your Business?

The need to comply with the law and avoid stiff penalties, and the opportunity to put the data house in order meant that the vast majority of UK companies have taken their GDPR responsibilities seriously, and are likely to be well versed in the rights and responsibilities around it (and have an in-house ‘expert’). Unfortunately, there are always a few companies / organisations that ignore the law and continue contacting people.  The ICO has made clear examples e.g. back in October Manchester-based Oaklands Assist UK Ltd was fined £150,000 by the ICO for making approximately 64,000 nuisance direct marketing calls to people who had already opted out of automated marketing.  This is one example of a company being held accountable, but it is clear from the CIM’s research that many consumers still don’t trust businesses with their data, particularly when they hear about data breaches / data sharing on the news (e.g. Facebook), or continue to have their own experiences of unsolicited communications.

It may be, as identified by the CIM, that even though GDPR has empowered consumers to ask the right questions about their data use, marketers now need to answer these, and to prove to consumers how data collection can actually benefit them e.g. in helping to deliver relevant and personalised information.

The apparent lack of a major impact of GDPR on public trust could also indicate the need for an ongoing campaign to drive more awareness and understanding across all UK businesses.

£385,000 Data Protection Fine For Uber

Ride-hailing (and now bike and scooter-hiring) service Uber has been handed a £385,000 fine by the ICO for data protection failings during a cyber-attack back in 2016.

What Happened?

The original incident took place in October and November 2016 when hackers accessed a private GitHub coding site that was being used by Uber software engineers. Using the login details obtained via the GitHub, the attackers were able to go to the Amazon Web Services account that handled the company’s computing tasks and access an archive of rider and driver information. The result was the compromising (and theft) of data relating to 600,000 US drivers and 57 million user accounts.

The ICO’s investigation focuses on avoidable data security flaws, during the same hack, that led to the theft (using ‘credential stuffing’) of personal data, including full names, email addresses and phone numbers, of 2.7 million UK customers from the cloud-based storage system operated by Uber’s US parent company.

The ICO’s fine to Uber also relates to the record of nearly 82,000 UK-based drivers, including details of journeys made and how much they were paid.

Attackers Paid To Keep Breach Quiet

Another key failing of Uber was that not only did the company not inform affected drivers about the incident for more than a year, but Uber chose to pay the attackers $100,000 through its bug bounty programme (a deal offered by websites and software developers to offer recognition and payment to those who report software bugs), to delete the stolen data and keep quiet about the breach.

Before GDPR

Even though GDPR, which came into force on 25th May this year says that the ICO has the power to impose a fine on a data controller of up to £17m or 4% of global turnover, the Uber breach took place before GDPR.  This means that the ICO issued the £385,000 fine under the Data Protection Act 1998, which was in force before GDPR.

Other Payments and Fines

Uber also had to pay a $148m settlement agreement in a case in the US brought by 50 US states and the District of Columbia over the company’s attempt to cover up the data breach in 2016.

Also, for the same incident, Uber is facing a £533,000 fine from the data protection authority for the Netherlands, the Autoriteit Persoonsgegevens.

What Does This Mean For Your Business?

As noted by the ICO director of investigations, Steve Eckersley, as well as the data security failure, Uber’s behaviour in this case showed a total disregard for the customers and drivers whose personal information was stolen, as no steps were taken to inform anyone affected by the breach, or to offer help and support.

Sadly, Uber joins a line of well-known businesses that have made the news for all the wrong reasons where data handling is concerned e.g. Yahoo’s data breach of 500 million users’ accounts in 2014 followed by the discovery that it was the subject of the biggest data breach in history to that point back in 2013. Similar to the Uber episode is the Equifax hack where 143 million customer details were stolen (44 million possibly from UK customers), while the company waited 40 days before informing the public and three senior executives sold their shares worth almost £1.4m before the breach was publicly announced.

This story should remind businesses how important it is to invest in keeping security systems up to date and to maintain cyber resilience on all levels. This could involve keeping up to date with patching (9 out of 10 hacked businesses were compromised via un-patched vulnerabilities) and should extend to training employees in cyber-security practices, and adopting multi-layered defences that go beyond the traditional anti-virus and firewall perimeter.

Companies need to conduct security audits to make sure that no old, isolated data is stored on any old systems or platforms, thereby offering no easy access to cyber-criminals. Companies may now need to use tools that allow security devices to collect and share data and co-ordinate a unified response across the entire distributed network.

Even though the recent CIM study showed that less than one-quarter of consumers trust businesses with their data security, at least the ICO is currently sending some powerful messages to (mainly large) businesses about the consequences of not fulfilling their data protection responsibilities.  For example, as well as the big fine for Uber, back in October, the ICO fined a Manchester-based company £150,000 for making approximately 64,000 nuisance direct marketing calls to people who had opted out via the TPS, and earlier this month, a former employee of a vehicle accident repair centre who stole customer data passed it to a company that made nuisance phone calls was jailed for 6 months following an ICO investigation.

New Hashtags Feature For Google Maps

Google has begun the global rollout of its new ‘hashtags’ feature in Google Maps, which allows users to add hashtags to the end of the reviews they write, thereby helping others to find local attractions and businesses.

How It Works

When using Google Maps e.g. to find places to eat or local attractions, if a Google Maps user then chooses to write a review afterwards, they are given the opportunity to add up to five hashtags to the end of the review (to keep the text easy to read).  The hashtags need to be specific to be useful e.g. #love or #food, but things like #familyfriendly, #wheelchairaccessible, #sunsetviews, or #vegetarian.

The idea is that these hashtags will make it easier for other users to discover places that have been recommended by others for specific reasons, thereby increasing the value of Google Maps to users.

More Competitive

From Google’s point of view, this (and other new features) could help Google Maps to compete against other platforms in the world of social recommendations as well as other popular local search offerings such as Yelp.

Just Local Guides For Now

So far in the rollout of Hashtags, it’s only available on Android for members of Maps’ Local Guides program.  This is the program where members receive rewards for sharing their opinions and photos for the places they visit and review.

Added to ‘Follow’ & ‘My Business’ Updates

The new hashtag feature comes right after the new ‘Follow’ feature that was introduced to Maps last month.  ‘Follow’ allows users to click a follow button for locations which enables them to receive updates about any events and offers e.g. from favourite stores and restaurants, and information about new places that are due to open soon.

The update to ‘My Business’ in Google was to enable businesses to update their Maps profile with new content, use the app to view and respond to reviews and messages, and to enable businesses to add all the content that will work with ‘Follow’.

What Does This Mean For Your Business?

Local search and platforms offering users value-adding information and recommendations about the places they plan to visit are now competitive areas, and Google wants to stay ahead of the game.  Adding social elements such as hashtags, ‘Follow’, and direct messaging all contribute to the vital engagement factor for Google and can be monetised.

Other updates to Google Maps that could add even more value to Google’s platform from a consumer’s point of view are a useful commuter tab that shows a user information about their commute e.g. real-time public transit information and status alerts about anything that could cause delays, and allowing users to control their music from inside Google Maps. Google is clearly well placed and is fighting hard to make its platform more attractive than competing offerings.  It will be a matter of opinion, however, how user-friendly all these bundled features turn out to be.

Mobile Networks Faster Than Wi-Fi

A report by OpenSignal has highlighted how the fact that smartphone users in 33 countries get faster average download speeds using a mobile network than Wi-Fi means that mobile operators and smartphone makers need to ensure that consumers’ smartphones aren’t simply pushed onto a Wi-Fi network, only to receive a worse experience than the mobile network.

Assumption Wrong

The report, by Ian Fogg of OpenSignal, highlights the fact that the long-held industry assumption that Wi-Fi is better than mobile networks in almost every way appears to be wrong in today’s environment.

For example, the report showed that in 33 countries, or 41% of the 80 countries analysed by OpenSignal, mobile delivers a faster download experience than Wi-Fi.

Also, the report shows that it appears to be hard to categorise the range of countries where mobile offers a faster download experience for smartphone users.  For example, according to the report, these range from richer markets and industrialised economies e.g. Australia, the Czech Republic, and France to countries across every continent, and a range of demographics (income, and state of development) e.g. UAE, Turkey, Kenya, Myanmar and Mexico.  The report did find, however, that there is a correlation between higher per capita GDP and more time spent on Wi-Fi, mainly because of the presence of a suitable Wi-Fi network rather than by a consumer’s decisions to connect to Wi-Fi.

Big Changes in 10 Years

The OpenSignal report acknowledges that while the assumption that Wi-Fi is better, faster, and cheaper than a mobile network may have been true 10 years ago, some big changes in the connectivity environment mean that is no longer the case.

For example, 4G networks have launched and boosted the quality of smartphone users’ experience, almost everyone now owns a smartphone, and mobile video and consumption has exploded as smartphones have become a mainstream way to watch TV (Netflix is even trialling mobile-only tariff plans).

Some A ‘Dead Heat’ With Wi-Fi

It was also noted in the report that in four countries – Hungary, Bangladesh, Belgium and Norway – there is no real difference between the Wi-Fi and mobile download speeds experienced by smartphone users.

What’s The Problem?

The problem, therefore, is that the failure to take into account the current connectivity environment, and operators working on what may now be a mistaken assumption is that smartphone users have actually been given a worse experience as they are dumped onto Wi-Fi wherever possible.

Not All The Same

The report did find, however, that not all operators always switch users to Wi-Fi.  For example, Huawei switches connections from a slow Wi-Fi link to a faster cellular connection.

Why Are Cellular Phone Networks Faster?

Reasons why cellular networks are faster with 4G in some countries (e.g. in Brazil, Finland) is that it’s easier to lay the (fibre) cables there, smartphone design priorities don’t always focus on Wi-Fi in those countries, and many smartphones there don’t work on 5 GHz Wi-Fi.

What Does This Mean For Your Business?

The report indicates that there needs to be a re-think about when and how to use Wi-Fi to complement the mobile experience, and it may be necessary for operators to challenge the old assumption that Wi-Fi is best.  To provide the best experience to their users in today’s environment, the report notes that operators need to become smarter with Wi-Fi offload strategies.

Also, Operators will need to deliver good in-building mobile network coverage from now on, because consumers will increasingly override their smartphone’s automatic Wi-Fi choice in favour of selecting cellular in order to get the fastest download speed.

It is also likely that smartphone makers are will be changing the designs of smartphones to allow the use of both Wi-Fi and mobile network technologies simultaneously to deliver the fastest data experience.

For those users of mobile services, the realisation by mobile manufacturers and operators that they must change their products and services to rely less on Wi-Fi is likely to bring a better experience going forward.

Bitcoin and Other Crypto-Currencies Hit New Lows

After losing 74% of its value so far this year, Bitcoin’s value, and that of other crypto-currencies have continued to fall this month as a sell-off takes place in what some see as the natural course for the market, and as another opportunity to buy crypto-currencies at a low price.

What’s Been Happening?

According to currency commentators, the massive 12% fall in the Bitcoin crypto-currency on Monday, follows a nose-dive that’s been part of downward trajectory for the crypto-currency which recently hit a 14-month low. Many in-the-know believe that the possible reasons for the longer-term fall and the sharp 12% drop in value are likely to be caused by:

  • The extra regulation in the US.
  • A long wait for the January 2019 launch of bitcoin futures by Bakkt, Intercontinental Exchange’s crypto platform. With Bitcoin Futures, investors and sellers make a contract to buy and sell at the agreed-upon price, irrespective of the actual market price at the time the contract is made. This may reduce risk and balance out price fluctuations on investments in portfolios.
  • Investors steering clear of bitcoin because of the price swings, concerns over a lack of regulation, and concerns over the uncharted waters of a new and undeveloped market infrastructure.
  • Investigations by the Securities and Exchange Commission of initial coin offerings and crypto exchanges.
  • Fear caused by hacks and thefts at crypto exchanges.
  • The overconsumption of bitcoin in the first place, which has now led to a market cycle back in the opposite direction as things naturally even out.

Trouble For Other Crypto-Currencies

Bitcoin is certainly not the only crypto-currency that’s been under pressure in recent times. Ethereum’s ‘eher’ has just fallen 7% in value to $106.69, and the value of Ripple’s XRP has fallen 5.6% to only 34 U.S. cents.

Also, in the light of the U.S. SEC ordering civil penalties against Airfox and Paragon Coin over their alleged selling of digital tokens as securities in initial coin offerings, both companies have found themselves having to agree to the return of funds to harmed investors, as well as registering tokens as securities, filing periodic reports with the Commission, and paying penalties.

It has also been reported that crypto-currency Tether is being investigated by the U.S. Department of Justice over possible manipulation of bitcoin prices at the end of 2017.

God Time To Buy While Prices Are Low?

Some investors, however, see the steep fall in values of crypto-currencies as an opportunity to get into viable crypto-currency projects at discounted prices.

What Does This Mean For Your Business?

The rapid rise of bitcoin value and the many problems that it experienced with regulations and restrictions in some countries (e.g. China), hacks, its volatility, a negative image from its use by international criminals and from its use in scams, a lack of knowledge about how to use it, and the fact that the high price of just one bitcoin made it (even more) niche, meant that it became a commodity and a fast-buck opportunity rather than an actual, useful currency.

Now that the huge wave of bitcoin over-consumption and over-inflated value of bitcoin has burst, many market analysts can still see a future for crypto-currencies as a part of a wider ecosystem, and that the fall in the value of bitcoin is simply a natural cycle of things finding their real level again after the boom.

Many would say that the best thing to come out of bitcoin, so far, is the underlying ‘blockchain’ technology.  Blockchain has found multiple useful commercial applications and, as tech companies are now in a race to provide the best ‘blockchain-as-a-service’ offering, businesses will be able to find opportunities to put the technology to good use in innovative ways, creating value and competitive advantages that could start shaking up many markets.

Free VPN Tools May Be Linked To China

A new investigation by Metric Labs of the top free VPN (Virtual Private Network) apps in Apple’s App Store and Google Play has revealed that more than half are run by companies with Chinese ownership.

What’s A VPN?

A ‘Virtual Private Network’ (VPN) is generally used to keep internet activity private, evade censorship / maintain net neutrality and use public Wi-Fi securely e.g. avoid threats such as man-in-the-middle attacks.  A VPN achieves this by diverting a user’s traffic via a remote server in order to replace their IP address while offering the user a secure, encrypted connection (like a secure tunnel) between the user’s device and the VPN service.

Popular Free Apps

VPNs (Forbes, 2017) are the most searched-for apps in the world, partly because people have become much more concerned with privacy and they have become more afraid of government surveillance of their digital activities.  For example, the UK government’s Investigatory Powers Bill), which was passed into 29th November 2016 as the Investigatory Powers Act (“Snooper’s charter”) means that a large list of UK agencies, including various police forces and government departments, can ask for any UK citizen’s stored browsing history (details of every website and instant messaging apps that you have visited or used in the past 12 months).

China Links To Free VPNs – Security & Privacy Concerns

Bearing in mind that the main reason for getting a VPN is to preserve your privacy and security, the problem with the results of the Metric Labs survey is that they show that over half of the top free VPN apps that people can find e.g. in the App Store and Play Store for UK and US, have Chinese ownership or are based in China.

The problem with being linked to (or based in) China, according to the report about the Metric Labs (top10vpn) survey, is that China tightly controls access to the Internet from within the country, has clamped down on VPN services, and many of the free VPN services with links to China offer little or no privacy protection and no user support.

How Bad Are They?

The investigation revealed that 17 of the 30 top free VPN apps available from simple online searches have links to China and 86% of those apps have security issues.  It was also discovered that 64% of apps have no dedicated website, and 86% of apps have unacceptable privacy policies with many being presented in an amateur fashion e.g. posted on a Free WordPress sites with ads.  Some of the privacy policies either give no information about the sharing of information with third parties, have no privacy policy at all, use a stock privacy policy not related to VPNs, or simply state that information will be shared with China.

What Does This Mean For Your Business?

When you bear in mind that the reason for downloading a VPN app is to preserve privacy, the results of this investigation indicate that simply trusting one of the free VPN apps available online, and without pausing to look at its privacy information or look too much into it could be a mistake.  If your privacy is valuable to you (and you’ve not already been provided with a trusted VPN), it may be worth seeking out a trusted paid-for service. There are many lists available online from Tech magazines that offer useful comparisons and information to help you choose a VPN that will give you the right levels of performance and security.

Business Concerns Over ‘Secondary Data’

A study by data protection and management company ‘Cohesity’ has shown that most companies store up to 10 copies of their ‘secondary data’ in different locations and must use multiple products to manage it.

The Problem With Secondary Data

Secondary data (not production data) e.g. all the data that a company collects from other sources such as reports, stats, information from trade / industry publications etc tends to be stored by businesses over time in the hope that it has / will have value to the business, could help the business to avoid problems, and could reveal more business opportunities with analysis. One main problem with the storing of secondary data, which has long been known about, is that it is often fragmented and / or trapped e.g. it is stored across many clouds, remote offices / edge locations, and / or is trapped inside a siloed infrastructure. This can result in problems such as the cost, complication and confusion of duplicated copies stored in different places and using resources to maintain and store data that may not be serving the current needs of the digital business, or adding value because of how it is stored.

The Research

Not surprisingly, the research by Cohesity, a company that offers platforms where all secondary data can be stored, appears to back up the fact that companies have a problem with secondary data fragmentation.  For example, the results of the survey, which drew upon responses from 250 UK IT decision-makers as part of a wider study involving 650 IT decision-makers in the US, France, Germany, Australia and Japan, found that most UK organisations store up to 10 copies of the same secondary data, use four or five different products to manage it, and keep it in up to four locations. These locations may include two or three different public cloud storage providers.

The research showed that the average number of copies of the same datasets of secondary data held by UK respondents is five, and that around 30% of IT teams’ time is spent managing secondary data.

Why?

The research findings indicated that 92.5% of UK respondents store multiple copies of production data in separate locations because their disaster recovery (DR) policies say they must, but when it comes to the reasons for storing so much secondary data, the findings are less clear.

The research findings do, however, show that there has been a big increase in secondary storage data volumes e.g. in 2016 to 2017 the UK average is was 38.5% rise.  This trend is also predicted to continue.

Redundant Copies In The Cloud

The research findings show that 41% of UK organisations replicate redundant copies of data held in one public cloud to another public cloud.

What Does This Mean For Your Business?

Many UK businesses appear to be storing increasing amounts of secondary data in a fragmented way with no clear plan on the horizon about what to do with it all.  Instead of being able to organise the data and use it to generate value and competitive advantages, many businesses are wasting money and resources in keeping often duplicated data stored in limbo across disparate locations.

Businesses may be able to save themselves money and turn the secondary data burden into a value-generating asset by switching to a secure, paid-for consolidated platform solution.  This could help solve the current fragmentation problems, free-up resources, could help businesses to start using the data productively, and help businesses to find an effective way of managing what looks likely to be an increasing amount of secondary data going forward.

MFA Lockout For Microsoft & Azure Users Causes Business Disruption

The latest multi-factor authentication (MFA) issue left users of Azure and Microsoft Office 365 unable to login to their accounts on Monday 21st, causing widespread disruption to businesses in Europe, Asia, and some parts of the US.

What Happened?

According to reports by Azure, the root cause was a European-based database, reaching operation threshold with requests from MFA servers.  This led to latency and timeouts, and an attempt to re-route traffic through North America caused the extra traffic to block servers.

Finally Rectified

After lasting from 4.39 am to the evening in the UK, the problem was finally rectified.  According to Microsoft reports, services could be resumed after engineers removed the link between the backend service and the Azure Identity MFA service, thereby allowing the impacted servers to catch up with the existing authentication requests.

Happened Before

This was certainly not the first time that disruptive outages had occurred with Azure and Microsoft’s service.  For example, a global outage in September this year affected Azure and Office 365 users worldwide after one of Microsoft’s San Antonio-based servers was knocked offline by severe weather.  Also, in October, UK Office 365 users endured a 3-day-long outage and had the frustration of having more login prompts appearing after their user credentials had already been entered.
Price Rise Makes Outages More Annoying
In addition to the obvious costly business disruption, the spree of outages occurring around the time of announcements of new commercial prices i.e. an increase of 10% over previous on-premise pricing (4% increase for employees who are part of a volume discount agreement), the service failures caused even greater annoyance.

MFA

Multi-factor authentication, which works by requiring any two or more verification methods for a login / transaction, such as a randomly generated passcode, a phone call, a smart card (virtual or physical), or a biometric device, is designed to be beneficial to a user and their business because it should provide an extra layer of security for user sign-ins and transactions.  Unfortunately, in the case of this most recent outage, MFA cost users rather than helping them.

What Does This Mean For Your Business?

For some companies, the recent outages at Microsoft and Azure are likely to bring into focus the dangers of placing huge operational dependency on one environment i.e. Microsoft, and of trusting a single cloud supplier to keep connected and productive during unplanned (and planned) email outages, especially when you have no independent cyber resilience and continuity plan.  In recent months, many businesses will have been counting the productivity costs of sticking to a software-as-a-service monoculture with a company whose service has let them down on several occasions.  Unfortunately, the dominance of big tech companies with their familiar Operating Systems and environments, and the fact that most businesses are committed to them with few possible, practical alternatives to choose from, mean that most businesses may simply have to unhappily endure the outages and weigh them up against the benefits and reliability of the environment generally.

For Microsoft, these outages can be damaging to its reputation and can shake the trust of its prized business users.