In this insight, we look at what Microsoft Azure is, plus what it offers businesses.

Azure 

Microsoft Azure (formerly Windows Azure) is Microsoft’s public cloud computing platform. Public cloud refers to cloud computing services offered over the public Internet and available to anyone, i.e. the services are shared with multiple customers rather than just controlled and used by one (i.e. private cloud). Azure is the second most popular cloud provider globally, lagging behind Amazon Web Services (AWS), yet ahead of Google Cloud Platform (GCP) and IBM. It is used by over 55 per cent of all Fortune 500 companies.

Hybrid 

Microsoft’s Azure is also a hybrid cloud – it used its on-premises datacentre (a private cloud) alongside a public cloud and allows data and applications to be shared between them. Microsoft says its “seamless” hybrid arrangement is on-premises, across multiple clouds, and at the ‘edge.’ Edge computing refers to a computing architecture and distributed computing framework where computing and data storage is done near the source of the data.

Services 

Microsoft Azure offers users Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and serverless cloud computing.

Within these options, Azure offers a range of services to users which they can choose from or run existing applications in the public cloud. Some of the services that Azure offers include:

– Compute – users can deploy and manage Virtual Machines (VM), containers and batch jobs, and support remote application access.

– Mobile – Developers can use these products help to build cloud applications for mobile devices.

– Web – Services supporting the development and deployment of web applications and features for search, content delivery, API management, notification, and reporting.

– Storage – Scalable cloud storage for structured and unstructured data, also big data projects, persistent storage, and archival storage.

– Analytics – Distributed analytics and storage services, and features for real-time analytics, big data analytics, machine learning (ML), business intelligence (BI), internet of things (IoT), and more.

Other Azure services include ‘Networking’ (virtual networking and gateways), ‘Media’ and content delivery network (CDN) such as on-demand streaming, ‘Integration’ for backup and site recovery, ‘Identity’ to help with encryption keys and other sensitive information, the IoT, and ‘DevOps’ software development processes. Also, Azure offers ‘Development’ for app developers, e.g. code sharing, ‘Security,’ AI, and ML services, ‘Containers’ (packages all dependencies of a software component and runs them in an isolated environment), ‘Databases,’ ‘Migration,’ ‘Management’ and governance, mixed reality, ‘Blockchain,’ and ‘Microsoft InTune.’ Third-party software is also available through Azure.

How? 

To use all the Azure services, customers sign up to a monthly, pay-as-you-go subscription for one of several different support plans ranging from basic to premier. There are also situations where there is different tiering pricing depending on requirements.

How Does It Compare To AWS? 

Opinions vary about the comparison. Although Azure’s history of outages has been noted, it is considered to have more functionality and be easier to use than AWS, and uses familiar technologies like Windows, Active Directory and Linux.

What Does This Mean For Your Business? 

Effective use of the cloud is now important for a wide range of businesses and offers a range of benefits. Microsoft’s Azure offers users a hybrid environment with a wide range of services. It also offers the benefit of familiar technologies and the confidence of the Microsoft brand, plus the fact that it’s the second most popular cloud provider that’s also trusted by most Fortune 500 companies. Usage of the cloud offers businesses greater scope, scalability, security, and flexibility and has become particularly valued with remote and hybrid working, so Azure can provide UK business with many of the tools they need to be more competitive. That said, it’s not the only option, with many businesses also choosing other big cloud providers like AWS, Google, and IBM.

Advanced, an IT supplier to the NHS, has been hit by a ransomware attack that could take a month to recover from.

What Happened? 

Birmingham-based ‘Advance’ provides digital services to the NHS such as patient check-in and NHS 111. The company’s Adastra software works with 85 per cent of NHS 111 services.

Advanced reported spotting a hack at 07:00 BST on 4 August, followed by a number of outages, before confirming in a statement on August 5 that the incident was linked to a cyber-attack.

Outages 

Advanced described the outages as the result of “a cybersecurity incident” caused by ransomware which caused “an issue on infrastructure hosting products used by our Health & Care customers. Those products identified as being affected are Adastra, Caresys, Carenotes, Cross Care and Staff Plan.”  These services are:

Adastra – clinical patient management software with records relating to 40 million patients.

Caresys – care home management software used by over 1,000 care organisations.

Carenotes – electronic patient record software used by over 40,000 clinicians.

Crosscare – a clinical management system for hospices and private practice used by 70 adult and children’s hospices across the UK.

Staffplan – care management software used by over 1,000 care organisations.

Financially Motivated 

Advanced has reported in its FAQs about the incident that, based on the intelligence it had received, the “threat actor” who carried out the ransomware was “purely financially motivated” rather than being a state sponsored attacker, for example.

Services Offline 

The ransomware attack, which Advanced says was contained to “a small number of servers”, meant that affected services had to be taken offline. Customers were, therefore, unable to access their systems and had to rely upon contingency measures. An NHS England spokesperson has reported that “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.”   

Working With Other Agencies 

Advanced has said that it is working with forensic partners including Mandiant and the Microsoft DART teams to conduct an investigation, and is in contact with the NHS, NCSC, other governmental entities, and has contacted the ICO.

3 to 4 Weeks 

Advanced reports that for NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, services would be back online in a few days, but for its other NHS customers and Care organisations it will be “necessary to maintain existing contingency plans for at least three to four more weeks”. 

Fears For Data Security 

It is not clear from reports whether any ransom has been paid, with Advanced simply saying “our investigation is underway.” Bearing in mind the vast numbers of patient records and the sensitivity of that data there are now serious fears about whether data has been stolen and what the consequences could be.

Health Organisations A Target 

Health services around the world are often targets for cyber-attacks, and a Kroll study has reported that the number of health organisations (globally) targeted by cyber-attacks rose by 90 per cent in the three months to 30 June compared with the first quarter of 2022. Examples of health services being targeted include:

– In 2017, North Korean attackers hit the NHS with ransomware, severely disrupting more than 80 hospital trusts and 8 percent of GP practices, costing the NHS an estimated £92m through services lost during the attack and IT costs in the aftermath.

– In October 2020, Philadelphia company eResearchTechnology (which made software used to try and develop COVID-19 vaccines and treatments) was hit by a ransomware attack. Employees were locked out of systems and the attack had a knock-on effect that was felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19.

– Emsisoft’s Brett Callow has reported that, in 2020 and 2021 in the US, there were at least 168 ransomware attacks affecting 1,763 clinics, hospitals and health care organisations.

What Does This Mean For Your Business? 

It may be the case that health services are often targeted because there are many different suppliers plus services are vital, so there may be a better chance of extracting a ransom, also there is a lot of potentially valuable data to steal and health services are often playing catch-up with cybersecurity.

Ransomware attacks tend to be initiated using phishing emails, so it is important that all staff are aware of the dangers of clicking on suspicious links. This story also highlights the importance of making sure that data is regularly and securely backed up (to a secure cloud-based service) and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned.

Other precautions that businesses can take to guard against these ransomware attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software, e.g. Microsoft 365 protection and Windows Security.

New privacy features being rolled out this month mean that WhatsApp users can now leave group chats silently.

Three New Privacy Features 

WhatsApp has announced the introduction of three new privacy features: Leave Groups Silently, Choose Who Can See When You’re Online, and Screenshot Blocking For View Once Messages.

1. Leave Groups Silently – For users of group chats. Now, instead of notifying the full group when leaving (which can be a little awkward), it’s only a case of the group admins needing to be notified.
2. Choose Who Can See When You’re Online – Although WhatsApp says “: Seeing when friends or family are online helps us feel connected to one another” it acknowledges that there are times when users would prefer to keep their online presence private. This new feature gives users the ability to select who can and can’t see when they’re online.
3. Screenshot Blocking For View Once Messages – WhatsApp says this feature is essentially an added layer of protection to what already “an incredibly popular” privacy feature. WhatsApp says it is currently testing this feature.

Privacy 

WhatsApp is keen to remind users that these features are in a long line of steps designed to protect their privacy, which have recently included disappearing messages that self-destruct, end-to-end encrypted backups when users want to save their chat history, 2-step verification, and the ability to block and report unwanted chats.

Snapchat 

On the same day as WhatsApp’s new privacy features were announced, competitor Snapchat announced its new ‘Family Centre’ child safety tool which allows parents to see their children’s friend list and who is communicating with them. Snapchat’s new tool to provide “insights” into teen users’ lives (rather than oversight of them) requires the teen’s account to agree to link up with an account belonging to someone over 25.

Back in May, WhatsApp introduced emojis and the ability to share files within WhatsApp up to 2GB as part of a push by Facebook/Meta to stay at the top of the free encrypted messaging app market and compete with rivals like Snapchat. For example, in January, Snapchat announced a major update (for iOS) which included improved calling, ‘Chat Replies,’ Bitmoji Reactions (to allow for more expression), and Poll Stickers to enable emoji-powered polls in Snaps and Stories to survey friends. Meta also wants to consolidate and leverage the power of its other popular apps by integrating and making Messenger, WhatsApp, and Instagram interoperable.

Online Safety Bill and WhatsApp 

With WhatsApp being one of the end-to-end encrypted apps that’s been the target of UK government pressure for ‘back doors’ for monitoring messages to be introduced, along with the Online Safety Bill threatening to weaken encryption, WhatsApp’s made it clear that it won’t be pressured. For example, in recent a BBC interview, WhatsApp’s CEO, Will Cathcart, said that the platform’s security wouldn’t be weakened on government orders, and these new privacy features are one of the many that WhatsApp has been letting users know that the privacy of the app is non-negotiable in a way that benefits users.

What Does This Mean For Your Business? 

With WhatsApp being Meta-owned, plus being under pressure by the government to weaken encryption, as well as having to compete with Snapchat, it’s no surprise that its new features are privacy-based and a way of emphasising to users that it’s not going to compromise on privacy and security. For example, WhatsApp used the same announcement to say, “we’re also kicking off a campaign to educate people about the new features and our continued commitment to protecting your private conversations on WhatsApp.”  That said, features such as being able to ‘silently’ leave a group are going to make using WhatsApp a more comfortable user experience, which is increasingly important to WhatsApp as it tries to continue wooing business users.

Communications regulator Ofcom has opened an investigation to make sure that telecoms providers are complying with rules to ensure that there is always uninterrupted access to 999 calls.

Investigation Into Compliance With General Condition A3.2(b) 

The new investigation will essentially decide whether providers are operating in a way that meets with General Condition A3.2(b), which relates to the General Conditions of Entitlement. These are the regulatory conditions that all providers of electronic communications networks and services must comply with if they want to provide services in the UK. General Condition A3.2(b) says that Regulated Providers “must take all necessary measures to ensure uninterrupted access to Emergency Organisations” (e.g. the relevant public police, fire, ambulance and coastguard services for a locality) as part of any voice Communications Services offered.

History 

As far back as 2007, Ofcom set out its regulations for providers of VoIP services to make sure that people can call ordinary fixed or mobile phones with the objective of contacting the emergency services and that a high level of emergency services access is maintained.

Storms Exposed VoIP Weakness 

Fast forward to storms Arwen and Eunice in the UK in February, where it became apparent that power outages meant that routers went offline, and calls weren’t possible with a broadband-only connection. This is the main weakness of VoIP compared to old-style analogue copper phone lines.

Rollout Paused As A Result 

At the time of the storms, the rollout of BT’s Digital Voice and the move to switch every home phone in the UK to an internet-based connection instead of a traditional copper-wire landline was under way, with the target of switching off the old PTSN by the end of December 2025. The result involved BT announcing in March that it was pausing the digital rollout of Digital Voice switch-overs for customers who didn’t want to move to the new technology straight away and BT setting out new plans for more resilient back-up options.

Consultation and Updated Rules 

In May 2018, Ofcom consulted on guidance on GCA3.2(b), which set out how providers could meet the obligation to ensure uninterrupted access to emergency organisations during a power outage for customers using VoIP technology. This led to the development of a set of principles that providers would need to abide by, which included:

– Being able to offer at least one solution to enable access to emergency organisations for a minimum of one hour in the event of a power outage in the premises. The solution should be suitable for customers’ needs and should be offered free of charge to those who are at risk as they are dependent on their landline.

– Also, providers were then required to take steps to identify at-risk customers and engage in effective communications to ensure that they understood the risk and the protection solution.

As far back as 2011, Ofcom had proposals relating to the provision of a battery back-up for customers to use to enable calls to emergency services in the event of power outages, with this being something that Ofcom has expected providers to supply since 2018.

The New Investigation 

The reason for Ofcom’s new investigation is to find out whether telecoms providers are complying with rules designed to ensure that people can contact the emergency services at all times. Ofcom is particularly interested in whether VoIP providers are, in fact, offering battery back-ups and whether they are identifying vulnerable customers who need more help. The regulator said that it had decided to launch the new investigation based on the results of consumer research and writing to regulated providers on an informal basis.

First Stage 

Ofcom says that in this first stage of its compliance monitoring programme, it will be gathering information from a range of alternative network providers and VoIP providers to understand what they are doing to ensure that they comply with their obligations. Ofcom says that it will also be engaging with industry to ensure that providers understand their obligations and how they apply to businesses providing Fibre to the Premises services.

What Does This Mean For Your Business? 

For all its benefits to businesses, VoIP needs a power supply to stay online and, as Ofcom has long emphasised with principles and guidelines, users should be able to at least be able to contact the emergency services when needed using VoIP. This is something that was highlighted by VoIP’s failure to provide emergency access for some customers during February’s storms. It is now a particularly pressing concern, given that the big switchover to digital was due to be completed by the end of 2025 (currently paused), climate change is causing more disruptive severe weather events, and Ofcom’s research has indicated that some providers may not be complying fully with the rules. Providers are now likely to be feeling under pressure which hopefully may galvanize those who may have been lagging to take the matter and their operator’s responsibilities more seriously, and to ensure compliance. There are times when businesses and home users need to contact the emergency services, so the investigation and pressure from Ofcom are in the interest of everyone.

Apple’s Vice President of the environment, Lisa Jackson, has announced that all iPhones will be powered by renewable energy by 2030.

Acquiring Renewable Energy From Wind Farm 

The announcement was made in Australia while celebrating the company’s 40th anniversary there. It is understood that, in line with this announcement, Apple will be acquiring renewable energy from a new Australian wind farm in Queensland, which could supply 80,000 homes with electricity.

Lisa Jackson said of this latest green target, “At Apple, we recognise the urgent need to address the climate crisis, and we’re accelerating our global work to ensure our products have a net-zero climate footprint across their entire lifecycle.” 

Entire Business Carbon Neutral By 2030 

The hope is that in addition to already achieving carbon neutrality two years ago for its corporate activities e.g., Retail Stores, Offices, and Travel, Apple now plans to make its entire business, including supply chain and customer products carbon neutral by 2030. This means that  iPads, Macs, and iPhones will need to run entirely on renewable energy by that date.

How? 

The reason why Apple can say this when you’re plugging your iPhone charger or Mac into your normal electric socket at home as usual is because it has it has examined usage patterns across its 1.8 billion devices and knows that this accounts for 22 per cent of the company’s overall carbon footprint. Therefore, if Apple can offset that percentage with renewable energy from projects like the massive Australian windfarm, it will be able to say that it has reached carbon neutral status for its users’ devices and is powering all iPhones with renewable energy.

Global Facilities Powered By Clean Energy Since 2018 

Apple has long been committed to reducing its carbon footprint. For example, as far back as April 2018, Apple announced that, as part of its commitment to combat climate change and create a healthier environment, its global facilities were powered with 100 percent clean energy. At the time, this included its retail stores, offices, data centres and co-located facilities in 43 countries, including the UK.

What Does This Mean For Your Organisation? 

Apple is one of the many big tech companies engaged in looking seriously at reducing the carbon footprint of their entire chain and making sure that this is widely communicated to customers. Critics could point to how most of an iPhone’s lifetime carbon emissions are made in the production phase and to news stories such as a lawsuit against a recycler that appeared to have instead diverted old phones to China (in 2020). Also, the company’s drive to sell new devices inevitably has green consequences and, as organisations like Greenpeace have said, offsetting projects don’t deliver what’s actually needed which is “a reduction in the carbon emissions entering the atmosphere.” That said Apple has been focusing for many years on how it can become a much greener company. It is which is good news for all users of their products and for wider society that a massive global business is setting itself some quite challenging environmental targets.