SAP acquires Qualtrics for $8bn

By Graeme Burton | News | 12 November 2018

SAP digs deep to acquire Qualtrics' 'customer experience' software

SAP has acquired ‘experience management' specialist Qualtrics in a $8 billion deal, buying the company just before it had planned an initial public offering (IPO).

The deal was finalised and announced late on Sunday evening, even as the company was conducting an investor roadshow intended to drum-up interest in its forthcoming IPO.

According to Qualtrics CEO Ryan Smith, the IPO was already 13 times over-subscribed, largely on the back of revenue growth of 40 per cent per annum in recent years. 

Qualtrics' XM Platform enables organisations to collect feedback and other data from across customers, employees, product and brand in order to build a picture of overall ‘customer experience'.

Speaking on the first day of the SAP User group UK & Ireland annual conference, Adaire Fox-Martin, member of SAP's executive board in charge of Global Customer Operations, said that the aim of the acquisition was to flesh-out what SAP users can do for customers.

"Qualtrics provides experience data from the customer experience, how they perceive and feel about your products, good, services. SAP will provide the operational data from CRM, ERP and HCM [human capital management]," said Fox-Martin.

She continued: "The result, we believe, will be a very unique end-to-end experience and operational management system from the point of the very first interaction you have with the customer through to delivery and in after-sales service."

However, critics of the deal have been quick to point out that SAP is paying a high price for the company, which is expected to have revenues of just $400 million this year, with a net profit margin of only 0.8 per cent. The company had been expected to acquire a valuation at IPO of between $5 billion and $6 billion.

Furthermore, SAP CEO Bill McDermott had pledged earlier in the year to restrict SAP to much smaller deals following the $2.3 billion acquisition of Callidus Software.

SAP's stock price fell by almost five per cent on news of the deal, indicating investor scepticism over the price that the company is paying.

"McDermott plans to turbocharge its trajectory by using SAP's 15,000-person sales network to sell Qualtrics' software for collecting and analyzing market research and customer loyalty data," noted Bloomberg.

However, it will need to ramp up sales by a large amount in order to be able to justify the price it is paying for Qualtrics.

EU Council approves reform to break down barriers for free movement of data

By Tom Allen | News | 12 November 2018
The European Council defines the EU's overall political direction and priorities, setting the Union’s policy agenda

The regulation should make it easier to switch cloud providers or recover data from them

The European Council, a body formed of the heads of state or government for the 28 member states, has approved a reform to the way that movement of data is treated in the European Union. The reform aims to remove barriers to the free movement of non-personal data in the EU.

According to the Council, the new rules are designed to boost the data economy and the development of emerging technologies, like the autonomous border control system that the Hungarian police are currently testing.

The text of the document identifies two main barriers to the development of the EU's data economy: data localisation requirements put in place by Member States' authorities, and vendor lock-in practices in the private sector.

The reform bans member states from imposing data localisation restrictions on a geographical location for storing or processing non-personal data (unless justified on the grounds of public security). The Council notes that ‘Member states' authorities will continue to have access to data even when it is located in another country'.

The regulation should also make it easier for users of data processing services to switch providers, or migrate their data back to their own IT systems, through the development of codes of conduct.

Margarete Schramböck, Council president and Austrian Federal Minister for Digital and Economic Affairs, said, "Strengthening the data sector will improve Europe's competitiveness. The free flow of data is key for growth and creating jobs, and will provide more flexibility for our companies. From now on they will be able to choose the cloud provider that suits them best."

The European Parliament approved the reform on the 4th October, and the Council on the 9th October, following a provisional agreement with the European Parliament on the 19th June. Both institutions will sign the regulation during the Parliament's plenary session in mid-November; it will then be published in the EU Official Journal. It will be directly applicable in all member states six months after its publication.

The UK is due to leave the European Union at the end of March next year, but will still need to abide by its rules during the transition period until the 31st December 2019.

First ever Women in IT Forum celebrates the changing nature of IT

By Computing Staff | News | 12 November 2018
First ever Women in IT Forum celebrates the changing nature of IT

The Women in IT Forum covers diversity, education, thought leadership and sexism

The IT industry attracts its fair share of criticism for lacking diversity, with many positions filled by men. With that in mind, and following the resounding success of our first Women in IT Awards last year, Computing and its partner CWJobs are proud to present the inaugural Women in IT Forum.

This half-day event will bring together women from across the IT industry, from C-level executives to function managers, developers and testers. It is a chance for you to hear from your peers and discuss the important topics facing you today - both as an IT professional and as a woman.

There will be sessions dedicated to diversity; girls studying STEM subjects in education; sexism in the workplace; and the future of women in tech, as well as thought leadership sessions and inspirational keynotes from some of the most eminent women in the field.

Speakers include Fiona Macaulay, Global Director of IT Delivery at Mars; Wincie Wong, Head of Innovation for Supply Chain Services at the Royal Bank of Scotland; and Bonnie Andrews, Head of Product at CWJobs. Our own Carly Page, editor of Computing's sister site The Inquirer, will chair the event.

We will hold the first ever Women in IT Forum at The Brewery, London on the 4th December. Register now!

Computing's Women in IT Excellence Awards returns, once again, on Tuesday 27th November. It will celebrate the mould-breaking, ceiling-smashing female talent rising up the ranks and shaking up the industry. Check out the dedicated Women in IT Excellence Awards 2018 website for the shortlist, and to reserve your table.

The data blame game: what to do when executives are playing fast and loose with core IP

By Richard Agnew | Opinion | 12 November 2018
Employees are the weakest link, says Richard Agnew

93 per cent of CEOs store their work on a laptop or other personal device outside of official company storage, finds survey

Risky employee behaviour—particularly in the C-suite—is undermining security strategies at many organisations and driving them to find new ways to secure critical enterprise data.

Data security company Code42 recently polled more than 1,030 security and IT managers and another 600 CEOs and business leaders about their attitudes on data loss and recovery. The results revealed some startling internal disconnects that are jeopardising the ability of organisations to protect sensitive data.

Seventy-four per cent of business leaders, for instance, consider data and ideas to be their most precious assets. Yet, 93 per cent of chief executives store their work on a laptop or other personal device outside of official company storage, often fully aware of the risks involved. Fifty-nine per cent of CEOs also download unapproved software because they use it in their personal lives, or because it makes their work lives easier.

A couple of factors are fuelling this risky behaviour. One of them is a somewhat misplaced sense of data ownership. Half of the CEOs surveyed felt that the work and ideas they generated on the job personally belonged to them. Those who expressed this sentiment said they felt very protective of their work because of the effort they had put into creating it. The feeling of personal entitlement over data is so strong that 72 per cent of CEOs and 49 per cent of business leaders take IP with them when switching employers.

A lack of direct accountability for user actions is another factor. When asked to identify the group responsible for data security at their organisations, a plurality of IT leaders, business executives and CEOs pointed to information technology and security groups. Only 8 per cent of IT and security leaders felt that employees—the people actually creating and accessing a lot of the enterprise data that needs to be protected—were responsible for data security.

That disconnect is troubling especially considering the high number of data breaches caused by accidental and risky employee behaviour these days. A staggering 93 per cent of the breaches that Verizon investigated in 2017 involved users clicking on dangerous attachments and links, or falling for other phishing and social engineering scams.

Security and IT leaders are aware of what is going on—78 per cent of CISOs consider their biggest security risk to be employees who disregard company policies and practices. Yet security groups often appear unable to alleviate the situation because they have only limited visibility into the activity.

At a high percentage of organisations, valuable enterprise data assets exist only on endpoints such as desktops, laptops and mobile devices over which IT has little control. A troublingly high 20 per cent of the security and IT leaders in the Code42 survey said their companies did not have full visibility over corporate data as it moves through the organisation and outside traditional security perimeters.

The need for change

The survey results highlight the need for better data visibility and recovery capabilities at many companies. Forty-five per cent of IT and security leaders believe they would be able to more quickly detect and mitigate data threats if they had the ability to monitor data movement across the enterprise and on endpoint devices. Almost the same number—43 per cent—felt they would be better able to identify and prioritise data threats with the right visibility.

Prevention-only security strategies, including legacy data loss prevention solutions, are also clearly no longer enough. Six-in-ten CISOs say their organisations were breached in the last 18 months and 64 per cent expect one to happen in the next 12 months.

Worries over the consequences of data breaches are as high as the expectations for having one. Twenty-two per cent of IT and security leaders believe that losing all corporate data currently on endpoint devices would be business destroying.

Such concerns are, not surprisingly, driving considerable enterprise interest in post-breach response and recovery capabilities. Eight-in-ten CEOs believe their organisations will need to improve their data breach recovery capabilities in the next 12 months; 42 per cent believe that the ability to restore business continuity quickly after a breach is critical.

The broad takeaway from Code42's survey is that companies need to start rethinking current approaches to data security. One place to begin is examining the efficacy of traditional data loss prevention (DLP) software. Today's collaborative, IP-rich companies that are creating the newest products and services are at too much risk with inadequate prevention only security strategies. They need new approaches that focus on protection and help them recover from the consequences of inevitable risky employee behaviour.

Richard Agnew is vice president EMEA at Code42

IT security failings are, increasingly, costing CIOs and CEOs their jobs. With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security. For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.

Crash test: How Auto Trader is improving resilience as it moves to Google Cloud

By Tom Allen | Interview | 12 November 2018
Auto Trader runs more than 19 million tests a year for to evaluate its availability, support and redundancy

Before, during and after the cloud migration, testing has been essential to Auto Trader's infrastructure

System monitoring is an important part of IT in many modern businesses - and when your service is available 24 hours a day, 365 days a year, it becomes critical.

Car sales site Auto Trader has been online since 1996; its website attracts more than 10 million unique visitors and 800 million pageviews a month; any downtime means lower exposure and could cost sales.

"We're a test-driven infrastructure," said operations engineering lead Dave Whyte, who has worked at Auto Trader for almost 14 years. "Anytime anyone writes code we put out a test, write a test - we're evaluating that line of code."

Auto Trader has been working with QA company Eggplant since 2002, when the firm saw the risks associated with slowdowns and outages in its digital environment.

Although the partnership began with only 10 page and three user journey tests, it has grown over the last 16 years: Auto Trader now runs 53,000 tests every day. Last year it used Eggplant's services to conduct 19.5 million tests, and has almost 200 monitors in place to track webpages, APIs, email services and more.

APIs have presented a new challenge. Parts of the Auto Trader website rely on API connections to a third party, and - in the past - a problem at that partner could affect the provision of services. Tracking the source could be an issue, as the third party wouldn't always admit to things going wrong.

"They'd be saying it was a problem with our systems, and we'd find it really hard to prove," said Whyte. "Now a lot of our third parties are actually tested directly via the Eggplant monitoring, so it can't be, ‘Oh, it's Auto Trader', because of the testing we've got set up.

"We're testing those directly every five or 10 minutes or so, so you can easily see, if there's a problem from an independent third party source, that it's in their server and it's not touching ours...then there's pretty much definitely an issue there that they're going to investigate.

"It's key to us that we have the right levels of monitoring, so that we pick up on issues 24/7; then my team will get an alert and troubleshoot whatever that issue is."

Troubleshooting and redundancy are important - Auto Trader has an entire data centre that simply mirrors its primary site - and the firm performs regular disaster recovery tests across all aspects of its systems.

Whyte described Auto Trader's new approach to service availability, which involves migrating away from data centres to the cloud and Kubernetes. "We're going to essentially build all the apps from the ground up with redundancy," he said.

The company is mostly utilising the Google Cloud, "because that's where we feel Kubernetes is more mature." It isn't ignoring other providers, though, and is moving services from the data centres to "wherever we think it'll be best placed," including AWS. It aims to be finished with the migration within the next 18 months.

While the work is underway, Auto Trader is routing traffic from its twin data centres through a large PGP connection, with links to the Google Cloud for even more redundancy. Eggplant provides web support monitoring, and Whyte and his team have found a way to improve the performance of their tests using the cloud.

"In the past we'd probably get some alerts telling us about a mis-shoot from the Eggplant testing; it might be a component in one of our tests not quite working, but it's still quite hard to go down and troubleshoot: what was the issue, what layer was the issue, what's the application for that one test?

"With Kubernetes we can build it so that in any test that comes from Eggplant, we can see every single application that hits end-to-end, and we can see throughput and a whole lot more data that we didn't have access to before.

"This is all literally through the building from the ground up. So...we're building open source tracing and visibility on throughput and having much more - and more secure - control about what can come into the endpoints, and tighten things down a lot more and add more visibility about aspects we probably didn't have before."

The Auto Trader/Eggplant partnership is set to continue as it moves its infrastructure from the physical world to the virtual.

New Microsoft Windows 10 bug downgrades users' Pro licences

By Computing News | News | 9 November 2018

New glitch comes just weeks after latest Windows update had to be be temporarily withdrawn

Just weeks after Microsoft was forced to temporarily withdraw its latest Windows 10 update, the operating system has been hit with a new bug. 

Users are now complaining that they are being forced to downgrade machines running Windows 10 Pro to the lesser (and cheaper) Windows 10 Home edition.

The problem stems from Microsoft's anti-piracy system which now resides in a mixture of a hardware-based solution tied to individual machines, and tying the serial numbers to a Microsoft account.

However, at the moment no-one seems to know why the bug is occurring. 

Affected customers will see resolution over the next 24 hours as the solution is applied automatically

Reddit users seem to suggest that the issue is mostly affecting ex-Insiders and people who upgraded from Windows 8 Pro, but that's a trend rather than a rule; most users are unaffected.

Tom's Hardware reports that one user has claimed that they weren't even downgraded, but instead switched to Windows 10 Enterprise for virtual deskops, suggesting that with the right conditions, the bug can make things even weirder.

An official statement from Microsoft indicates that the company is aware of the problem and working on a fix. "A limited number of customers experienced an activation issue that our engineers have now addressed," a spokesperson said.

"Affected customers will see resolution over the next 24 hours as the solution is applied automatically. In the meantime, they can continue to use Windows 10 Pro as usual."

For ordinary users, the difference between the Home and Pro editions of Windows 10 will be negligable, but for people that need the extra features, it could be disastrous - or, at the very least, a headache for sysadmins across the world. 

Not only did the original release of the latest update to Windows 10 have to be withdrawn after it was found to be chewing up users' files, but more bugs have been appearing every few days or so.

What can artificial intelligence and machine learning do for you and your organisation?

If you don't know yet, or want to make sure that you're not missing out, Computing's first AI & Machine Learning Live event is for you. To find out more, check out the Computing AI & Machine Learning Live website. Attendance is FREE to qualifying IT leaders and senior IT pros, but places are going fast

Cyber crooks exploit cardless ATMs using phishing and social engineering

By Dev Kundaliya | News | 9 November 2018
Fraud warning over cardless transactions

Cardless ATMs exploited by a combination of phishing and adding new numbers to customers' mobile accounts

Scammers have found a new way to exploit cardless ATMs by hijacking people's mobile phone accounts.

According to KrebsOnSecurity, the fraudsters are using SMS-based phishing attacks to acquire users' credentials, conducting Kevin Mitnick-style social engineering to have new mobile numbers added to phone accounts, and then using that new number to withdraw cash at cardless ATMs.

It comes as the popularity of payment technology, such as Apple Pay, has got people used to tapping their smartphones to pay for goods, rather than tapping-in a four digit security code, while cardless ATMs have been rolled out by a number of banks in the US.

In January 2017, nearly $3,000 was stolen from the account of a California woman through a cardless ATM transaction.

In May 2018, a number of account holders of Cincinnati-based financial institution Fifth Third Bank complained that they had received messages on their mobile phones, warning them that their accounts had been locked by their bank.

The message appeared to have originated from Fifth Third Bank, and instructed customers to click on a link that redirected them to a webpage that mimicked the legitimate Fifth Third Bank website.

The webpage instructed customers to enter their confidential account information, including user names, passwords and even PIN numbers in order to "unlock their account".

Scammers were able to gain access to the private information of about 125 customers using this phishing technique.

The criminals later used the stolen details to make cardless cash withdrawals from ATMs of the Fifth Third Bank. More than $68,000 was stolen in less than two weeks from 17 ATMS in Michigan, Illinois and Ohio using Fifth Third's cardless ATM function.

The activities continued into October 2018, with the criminals still using the SMS phishing and cardless ATMs to make fraudulent withdrawals, earning an additional $40,000.

All these fraud cases are now being investigated by the FBI. The agency has arrested four people for making fraudulent withdrawals from ATMs.

On 10 October, two people were identified by the bank as illegally withdrawing money from ATMs in Cincinnati. One more person was identified, a week later, withdrawing money from an ATM in the Cleveland, Ohio area. All these individuals were arrested by the police.

On 19 October, a fourth scammer was also identified by the bank. He was arrested from a Cincinnati suburb. According to investigators, he was standing at the same ATM where he was previously seen conducting fraudulent activity.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.

Broadcom axes CA Technologies staff in large-scale layoffs following $19bn acquisition

By Graeme Burton | News | 9 November 2018

Monday: Broadcom CEO "welcomes" CA staff into "the Broadcom family". Friday: Mass layoffs reported

Following on from one of the oddest ever big-money acquisitions in the technology sector - chip-maker Broadcom's $18.9bn purchase of legacy software vendor CA Technologies - reports have emerged of large-scale lay-offs.

It is believed that as many as 2,000 of CA Technologies 5,000 US staff could be made redundant - around 40 per cent of the total. That's according to employee postings on website.

In a statement to The Register, Broadcom suggested that the layoffs were required to "align skills and resources". It admitted that it was making staff reductions in "select areas of the company".

In the UK, according to comments on The Register, almost two-thirds will be made redundant, with 242 staff out of 373 current employees being made redundant.

Broadcom only closed the acquisition of CA Technologies on Monday this week. Then, Broadcom CEO Hock Tan welcomed "the outstanding team of employees at CA to the Broadcom family".

According to Newsday [GDPR redacted website], Broadcom is laying off just under 2,000 of the company's 4,837 staff. "On Wednesday, Broadcom sent emails to all U.S. employees of its CA unit, designating 40.9 percent for layoffs and severance packages and the remaining 2,861 for retention," it reported.

The affected staff in the US have been told that they are being made redundant today, but effective from 8 February 2019.

Staff at the DevOps software vendor Veracode, which CA Technologies only acquired in March 2017 for $614 million, have escaped the layoffs after the company was split off and sold-on to private equity firm Thoma Bravo for $950 million earlier this week.

For CA as a company, it's no doubt a case of ‘what goes around, comes around'. Founded by Charles Wang in the mid-1970s, Wang perfected a business strategy of acquiring mainframe software vendors with a captive customer base, and slashing costs and hiking prices.

The strategy helped make CA a top-ten global software company, but few friends. The company's growth came to a juddering halt in the late 1990s and early 2000s, with the company accused of mis-stating more than $500 million in revenue. Wang's replacement as CEO, Sanjay Kumar, was eventually sentenced to 12 years in prison for fraud for his role in the accounting scandal.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.

DDoS attacker who targeted Steam, Sony and Electronic Arts pleads guilty

By Graeme Burton | News | 8 November 2018
League of Legends was one of the games targeted by DerpTrolling DDoS attacker Austin Thompson

DerpTrolling 'brains' Austin Thompson faces up to ten years in prison over DDoS campaign

A 23-year-old from Utah has pleaded guilty to launching distributed denial of service (DDoS) attacks on a number of popular gaming services in 2013 and 2014.

Charged with causing Damage to a Protected Computing, Austin Thompson targeted Valve Software's Steam, the most popular PC gaming portal, as well as Electronic Arts' Origin service and the Sony Playstation network.

In December 2013, Thompson was able to marshall sufficient traffic to overload the servers supporting the games League of Legends, DoTA 2 and Blizzard's gaming platform.

It is believed that Thompson launched the attacks as part of a campaign against Twitch gaming streamer James Varga, aka ‘Phantoml0rd'.

"Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted screenshots or other photos showing that victims' servers had been taken down after the attack. The attacks took down game servers and related computers around the world, often for hours at a time," the US Attorney's Office for the Southern District of California claimed.

The plea agreement claims that Thompson's actions caused at least $95,000 in damages.

Thompson will be sentenced on 1 March 2019. He faces a maximum penalty of ten years in prison, a $250,000 fine and three years of supervised release.

Thompson is believed to have been the ‘brains' behind the hacking group called DerpTrolling, active since 2011, writing the software it used to launch the DDoS attacks. But he doesn't appear to have done a very good job of covering his tracks, with his name being leaked in 2014, after which it appears that he was quickly apprehended by law enforcement.

Gaming networks were subjected to a number of DDoS attacks at the time, not all of them due to Thompson and the DerpTrolling hacking group.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.

Samsung unveils Galaxy X smartphone prototype with folding display

By Computing News | News | 8 November 2018
Samsung reveals the much-rumoured Samsung Galaxy X (or 'F') foldable smartphone at its 2018 Developer Conference

Galaxy X Infinity Flex display can be folded in half, claims Samsung

Samsung has shown off its new folding display technology at its 2018 Developer Conference. Called Infinity Flex, the prototype is a 7.3-inch (18.5cm) flexible display that can be folded in half.

It is expected to debut in a device that Samsung is expected to call the Galaxy X or Galaxy F. 

In full screen mode the device can be used a tablet, while when folded in half, it is intended to be used as a smartphone. Samsung claims that the screen will not suffer degradation over time with repeated folding and unfolding.

However, while Samsung claims that the Galaxy X will be entering production within ‘months', the handset shown on stage at the company's developer conference wasn't the final product. Justin Denison, Samsung senior vice president of mobile marketing, said that the final design will be revealed at Samsung's next Unpacked event, likely at CES 2019.

As such, no developers or media were allowed to get up close to the device and test it out, either, suggesting Samsung has still got a bit of work to do until it's ready.

The company did not reveal technical specifications, either, but later revealed to press that the full-size screen would offer a resolution of 1,536 by 2,152, while the smaller, smartphone-sized screen would offer a resolution of 840 by 1,960.

At the event, Samsung also revealed that the Samsung Galaxy X, as the device would be called, will be able to run three apps simultaneously due what Samsung is calling its ‘Multi Active Window' technology.

"Users now have the best of both worlds: a compact smartphone that unfolds to reveal a larger immersive display for multitasking and viewing content," claimed the company.

"The app experience seamlessly transitions from the smaller display to the larger display as the device unfolds. In addition, users can browse, watch, connect and multitask without losing a beat, simultaneously using three active apps on the larger display."

Also at the event, reps from Google added that the company will build-in support for ‘foldables' into the Android operating system.

The Computing Technology Product Awards 2018 are coming!

Recognising the very best in technology talent, the Awards will recognise innovation and technology excellence across the range of mobility, software, infrastructure, security, cloud computing - and people.

To find out more, to enter and to reserve your table at the Awards on 30 November, check out our dedicated Computing Technology Product Awards website