Microsoft is close to delivering a handful of key Office 365 security enhancements, including an attack simulation tool to test end users' behavior, updates to the Office 365 Secure Score and message encryption improvements, according to the official Office 365 Roadmap.
The Attack Simulator for Office 365 Threat Intelligence has the potential to be a very useful proactive defense tool for Microsoft partners and IT administrators. Unveiled at Microsoft Ignite in September and set for an imminent public preview, the simulator is a new feature of Office 365 Threat Intelligence.
That Threat Intelligence service, launched last April, provides real-time security insights on global attack trends culled from what Microsoft describes as billions of data points from its global datacenters, Office clients and other sources.
According to the roadmap, the attack simulator "enables admins to send simulated attacks (10-15 different attack categories including phish, brute force password cracking, etc.) to their end users to determine how they respond to attacks and determine if the right policies are in place to help mitigate real attacks."
Also close are some additional features for the Office 365 Secure Score, which was originally came out a year ago to allow organizations to get a base security score from Microsoft based on dozens of factors in Office 365 covering user behaviors and security settings. It's like a credit score for an organization's cloud collaboration security posture.
Now Microsoft is adding an "Industry Average Score," displaying average scores that a company can compare to their own score. Microsoft is also testing an "Active Seat Average Score and Reporting Updates" feature for the Office 365 Secure Score. That will allow customers to compare their score against the average score for organizations with a similar number of Office 365 active seats. The update will also help organizations compare their own score between two different dates and offer the option to search a list of actions.
Microsoft is also fine-tuning the Office 365 Message Encryption capabilities it released in September. The feature was designed to make sharing of encrypted and rights-protected messages more seamless. However, the original release applied additional message restrictions, such as Do Not Forward. With the new version, administrators in the Admin Portal, or users in their Outlook client, can choose "encrypt only," without any other message restrictions.
In another change set to arrive shortly, Microsoft will add malicious link protection for end users sending e-mails within the same organization. Office 365 Advanced Threat Protection Safe Links for internal e-mails will include time-of-click protection and other functionality of Safe Links, Microsoft said. Slightly later in the quarter, Microsoft plans to introduce Office 365 Cloud App Security -- App Permission Alerts. The feature will allow administrators to create policies to be alerted when a user grants permission to an application to access Office 365 information.
All of the security features are currently in the "in development" section of Microsoft's Office 365 Roadmap page. Although many are supposed to be released very soon, the rollout for the Office 365 user base is staged and can take weeks or months.
Posted by Scott Bekker on January 31, 2018 at 12:21 PM0 comments
Six months after claiming to have more cloud partners than Amazon Web Services, Google and Salesforce combined, Microsoft says partners continue to join on to its cloud effort at a good clip.
Microsoft worldwide channel chief Gavriella Schuster shared some Microsoft Partner Network metrics during a State of the Channel briefing this month.
"Currently, we have more than 68,000 cloud partners, which is a 33% increase year over year," Schuster said during the briefing. That figure is up slightly from the 64,000+ figure that Microsoft cited in July at its Microsoft Inspire conference. It implies the count would have been about 50,000 partners a year ago.
Those partners are selling Microsoft's cloud services, such as Azure, Dynamics 365 and Office 365 through all of Microsoft's sales motions. All of that partner activity helped Microsoft reach a $20 billion annual run rate goal for cloud revenues in its first fiscal quarter of 2018.
Schuster also called attention to even faster growth within the Cloud Solution Provider (CSP) business model for partners. CSP involves almost all of Microsoft's cloud products, but allows partners to bundle Microsoft's products with a partner's own, as well as third-party, services to present a single bill to the customer. In that type of customer engagement, the partner, rather than Microsoft, owns pricing, billing and first-line support.
According to Schuster, the number of partners transacting through CSP in the past 12 months has grown by 83%.
Asked for clarification in an email, a Microsoft spokesperson said the total number of partners transacting in CSP is now 45,000. That's up from 37,500 partners transacting through CSP as of July. An 83% increase suggests Microsoft had just under 25,000 partners transacting through CSP a year ago. That rate of increase, fast at the start of the year, and slower in the last six months, would be consistent with figures shared by Microsoft for U.S. CSP participation this fall of about a 33% increase.
Posted by Scott Bekker on January 29, 2018 at 1:00 PM0 comments
Kirill Tatarinov, a longtime Microsoft senior executive and the former CEO of Citrix, is now a part of Acumatica's board of directors.
Bellevue, Wash.-based Acumatica provides cloud ERP solutions. As part of its board, Tatarinov will be advising his former Microsoft colleague, Jon Roskill, who joined Acumatica as CEO in 2014 after capping a long Microsoft career with a stint as Microsoft's channel chief.
"Kirill is a very big proponent of advanced technology," Roskill said in a statement, "and his views align well with our intelligent ERP efforts on machine learning, natural user interfaces, and Blockchain. Having another technology advocate on the Board will continue to inspire our product development."
Tatarinov and Citrix parted ways in July after he held the job for about 18 months. Previously, he worked at Microsoft for 13 years, including a lengthy period running Microsoft Business Solutions/Dynamics, which includes the company's ERP and CRM products.
On the Acumatica board, the Moscow-born Tatarinov joins investor and technologist Serguei Beloussov, the executive chairman and co-founder of Acumatica. Beloussov, a native of St. Petersburg, Russia, is also the co-founder, CEO and chairman of the board of Acronis and executive chairman of the board and chief architect of Parallels.
Posted by Scott Bekker on January 25, 2018 at 4:44 PM0 comments
The co-selling program that Microsoft publicly unveiled last July is booming, according to Microsoft's worldwide channel chief.
Gavriella Schuster provided details of the program on Wednesday during a State of the Channel briefing with reporters and industry analysts.
Microsoft first discussed the co-selling program at its Inspire 2017 conference. At the time, Microsoft had been doing a pilot version of the program, in which Microsoft and partners jointly took the partner's solution to market as a packaged offering.
"That is about not selling Microsoft solutions but actually selling partner services," Schuster said Wednesday. "[We're] taking the end solution that a partner has built on the Microsoft technology that really meets the customer demand more specifically and bringing that partner in to sell with us to those business decision makers."
The pilot program during Microsoft's 2017 fiscal year, which ended last June 30, involved 500 co-sell partners. By June 2017 there were 1,400 partners, and in December 2017 the full-fledged program reached 9,000 participating partners.
"That is about not selling Microsoft solutions but actually selling partner services."
Gavriella Schuster, Corporate Vice President, One Commercial Partner, Microsoft
Helping drive participation both with partners and internally at Microsoft is a $250 million Microsoft investment in seller incentives. Some of that funding gives Microsoft sales reps payment on up to 10 percent of the annual contract value of the joint solution.
Schuster said the project sizes are on average nearly six times larger when a partner is involved, and she said opportunities are closing faster than with regular deals, as well.
Some partners co-selling with Microsoft through the program are OSIsoft, which has 12 joint wins with Microsoft, and DataStax, which is reporting a 140 percent increase in pipeline through the co-sell opportunities.
Schuster said the co-selling program is a way for Microsoft and partners to align better with the shift in IT decision-making from centralized IT departments to line-of-business leaders.
"In order for us to get them the kind of information and insight [that they need], the right solutions, we said we have to think about the way we sell our technology differently. So instead of the traditional supply chain approach that we've had with our partners where Microsoft produces a product, our partners then sell it, and then our partners will deliver the services and post-sales support to our customers for deployment, we said we have to reimagine that, and the reimagination is something we call co-sell," Schuster said.
There are rigorous criteria for getting involved in the co-selling program, involving proven competency and capability, as well as having the right types of employees in the appropriate geographies. Once those are established, Microsoft will work on building a joint business plan with the partner. "Then what we would do is package up their services and ours together into our catalog," Schuster said.
Posted by Scott Bekker on January 24, 2018 at 2:44 PM0 comments
IT Cloud Solutions on Tuesday officially became the seventh Indirect Provider for the Microsoft Cloud Solution Provider (CSP) program in Canada.
CSP is Microsoft's program allowing channel partners to resell Office 365, Azure, Dynamics 365 and other mostly cloud products to customers, with partners able to handle the billing, provisioning and support for the customer. While some generally larger Microsoft partners, called Direct Providers, deal directly with Microsoft on the product subscriptions, about 90 percent of Microsoft's CSPs fall into a category called Indirect Resellers. The Indirect Resellers work with large intermediaries, called Indirect Providers, rather than working directly with Microsoft.
IT Cloud, based in Trois-Rivieres, Quebec, describes itself as a born-in-the-cloud company established in 2005 to provide cloud backup services for managed service providers. The company says it has a network of more than 500 partners/resellers across Canada.
The company has also expanded into infrastructure and security, and has strategic relationships with StorageCraft and Bitdefender. The Microsoft arrangement will allow its partners to begin selling complete bundles of Microsoft cloud subscriptions, backup services and security products to their joint customers.
"The combination of business productivity solutions such as Microsoft Office 365, Microsoft Azure, Microsoft Enterprise Mobility + Security (EMS), Microsoft Intune and Microsoft Dynamics 365, plus our award-winning business continuity cloud solutions, make a compelling proposition for channel partners to take to market," David Latulippe, vice president, Sales & Business Development at IT Cloud, said in a statement.
As an Indirect Provider in Canada, IT Cloud joins Arrow ECS Canada, Ingram Micro, SaaSplaza Inc., SherWeb, Synnex and Tech Data.
Posted by Scott Bekker on January 23, 2018 at 3:47 PM0 comments
Continuing its surge in partner signups since going independent from Dell, SonicWall on Tuesday declared a new channel milestone with 21,000 registered partners worldwide.
"The numbers speak for themselves," SonicWall President and CEO Bill Conner said in a statement. "With the diligence of our committed channel community, SonicWall is building one of the most modern, engaging and rewarding partner programs in the industry."
Membership in the SonicWall SecureFirst Partner Program is up about 40 percent from June, when SonicWall reported 15,000 partners. The private network security company launched the SecureFirst Partner Program in November 2016, and since that time says it has added 7,700 net new partners to its program. Presumably the other 13,300 partners had worked with the company in the Dell days or before then.
SonicWall also on Tuesday released data suggesting that the SonicWall University training program it launched last April is boosting revenues for partners that participate. The company says average revenue increases for partners that haven't used the training program are 7 percent, but quarter-over-quarter revenues are up 21 percent for those with staff who have attained SonicWall University achievements.
Posted by Scott Bekker on January 23, 2018 at 11:55 AM0 comments
Kaseya's newest version of its remote monitoring and management (RMM) solution for managed service providers hit general availability on Tuesday.
Kaseya VSA 9.5 is primarily focused on user experience enhancements to the RMM platform, which serves as the flagship of the Kaseya IT Complete suite. Other elements of the IT Complete suite for MSPs include Traverse for network management, AuthAnvil for identity and access management, Cloud Backup for backup and disaster recovery, 365 Command for Office 365 management, Unigma for cloud management, BMS for professional services automation and MSP Insights for benchmarking. (VSA stands for Virtual System Administrator and BMS stands for Business Management Solution.)
Key enhancements in VSA 9.5 that Kaseya is highlighting include the Live Connect user interface for technicians, VSA's integration with BMS, backup automation integrations and partner momentum around the API.
Live Connect technicians in VSA 9.5 will be able to perform remote scripting with Microsoft PowerShell and will be able to remotely upload or download multiple files or entire directories from a single interface.
The BMS integrations include automated ticket de-duplication, which aims to link events to a root problem, automated ticket closing once a problem is resolved, and automated ticket re-opening if an issue reappears to prevent duplication of steps.
The backup improvements focus on integrating Kaseya's Cloud Backup product with Kaseya Policy Management to "fingerprint" different machines and automatically apply backup policies for machines and applications.
Meanwhile, Kaseya rolled out a new integration platform and API for VSA 9.5. Vendors working on integrations with VSA 9.5 include Warranty Master, Acronis, Carbonite, Customer Thermometer, Webroot and Bitdefender, according to Kaseya.
The last major update to VSA was the 9.4 release a year ago.
Posted by Scott Bekker on January 23, 2018 at 11:39 AM0 comments
There's a war of words brewing between two major SharePoint ISV partners.
AvePoint, a competitor of Metalogix in the SharePoint tools space, on Tuesday launched a Metalogix switch campaign with a blog post from Chief Revenue Officer Chris Larsen asserting that Metalogix was for sale.
"If you haven't already heard, Metalogix has put their company up for sale. If you are using any of their products, this potential change in ownership could have a significant impact on the continuity of your IT processes and policies for SharePoint and Office 365," Larsen wrote in the post.
Metalogix CEO Trevor Hellebuyck responded a day later with a blog post titled "Metalogix is Forever" that was not quite a denial of being for sale, but that also pushed back against AvePoint's assertions.
"We don't know what sparked their post, but we will recognize it for what it is: a thinly veiled attempt to capture customers who they couldn't otherwise attract with AvePoint solutions. We'll simply say that we are a successful private equity backed business that attracts a lot of attention. Sometimes we respond to that attention; many times we don't," Hellebuyck wrote.
Posted by Scott Bekker on January 18, 2018 at 12:22 PM0 comments
As Riverbed Technology seeks to seize on the new market opportunities of its expanding product line, the company on Wednesday unveiled a more flexible partner program to enable partners to move more nimbly into the new business areas as well.
Riverbed, which made its reputation on the SteelHead line of wide area network (WAN) optimization appliances, has been both acquiring and organically developing other products for software-defined solutions and managing application performance.
Key elements of the portfolio now also include SteelCentral, a performance management platform and control suite covering user experience, application and network, and SteelConnect, an SD-WAN, or software-defined WAN, solution. Riverbed bills SteelConnect as offering unified connectivity and policy-based orchestration for LAN, WLAN, WAN, datacenter and cloud, including optimization of Microsoft Azure and Amazon Web Services.
Riverbed's growth strategy includes selling SD-WAN and performance management products into existing accounts, as well as selling the whole product stack into new accounts that are outside its current strongholds of large enterprises and federal government agencies.
"It is a combination of more enterprise coverage as well as mid-enterprise/midmarket," said Bridget Bisnette, Riverbed's new vice president of Global Channels and Commercial Sales. While Riverbed won't be pursuing the small business market, Bisnette added, "I think customer size is becoming a little less relevant because so many solutions are software-based and on-demand."
To help Riverbed's several thousand partners branch out into new businesses, Riverbed is moving away from the competency-based partner program style that is so familiar to the channel.
"One of the things that I've learned over the years building partner programs is the level of investment, and heavy investment, that partners are doing in competencies and accreditations doesn't necessarily result in success," said Cindy Herndon, vice president of Global Channel Programs and Operations and who worked with Bisnette on designing the new Riverbed Rise program. "They'll only use portions of that knowledge that they gain. We're making this program very flexible so the partners can get what they need."
The crux of the new program is the dividends that partners earn by winning business or by building capabilities. Those dividends determine a partner's level in the program and can be used at the partner's discretion as rebates to improve the partner's bottom line, converted to funds for business development or lead generation or used to cover training.
Riverbed officially launched Rise on Jan. 1 and will fully transition to the program on Aug. 1.
Posted by Scott Bekker on January 17, 2018 at 1:12 PM0 comments
Given all that Microsoft has invested in creating the illusion that Cortana has a personality, it's not too weird to think she must be a little depressed.
It's certainly been a rough start to 2018 for Microsoft's virtual assistant.
- Even inside Microsoft, Cortana's been getting some rejections. On Jan. 5, Microsoft discontinued a public preview of an integration between Cortana and Dynamics 365 that the company had previously promoted. The preview had put Dynamics 365 in Cortana's notebook, and Cortana had prompted users with relevant information about sales activities, accounts, opportunities and meetings.
- Cortana was supposed to be besties with Alexa right now. Microsoft and Amazon had announced back in August that people would be able to use Cortana on Windows 10 PCs to access Alexa and to use Alexa on the Amazon Echo and other Alexa-enabled devices to access Cortana. The two would become like a team of assistants, allowing Alexa to handle managing Cortana specialties like booking meetings or accessing work calendars when a user was near an Echo, and allowing Cortana to control Alexa specialties like shopping on Amazon.com or controlling smart home devices from a Windows 10 PC. The integration was supposed to be done by the end of the year. But the companies missed the deadline and have not provided a new target date.
- Alexa is elbowing its way onto Windows territory. During CES last week, Acer announced that it would be bringing Alexa to some of its Aspire, Spin, Switch and Swift notebooks starting in the United States in the first quarter of 2018, with broader availability coming in the middle of the year. Other OEMs have discussed Alexa integrations, as well.
- CES buzz in general was heavy on Alexa, with some Google Assistant thrown in. It was the second big Alexa year in a row for CES. Cortana, on the other hand, did not make any kind of splash at the show. Apple Siri was also a non-factor. Microsoft did try to generate some Cortana CES buzz by highlighting some reference designs from Allwinner, Synaptics, TONLY and Qualcomm.
- Outsiders haven't been bothering to teach Cortana many new skills. As All About Microsoft's Mary Jo Foley pointed out in mid-December, Cortana is seriously lagging behind Alexa in the skills department. Microsoft released the Cortana Skills Kit in May 2017, and take-up has been slow. Alexa had 25,784 skills to start 2018, according to Voicebot.ai. Cortana had just 230 as of mid-December. The enthusiasm level is reminiscent of Microsoft's efforts to get modern apps for Windows 8 and apps for Windows Phone -- a slow, late start.
That Cortana is far behind while there's a lot of excitement about voice assistants is not surprising.
For one thing, she's on the wrong platform. Cortana launched as a public face of Windows Phone, and a good one too. With a backstory and fan base from the "Halo" video game franchise, the name was an inspired choice with a built-in personality to draw upon. But Windows Phone went nowhere, so that's not a user base. (Maybe if the Surface Phone materializes, it will be worth revisiting.)
Smartphones are a logical place for voice input -- typing and texting on phones is challenging and annoying, making the annoyances of dealing with a voice interface a reasonable tradeoff. And talking and listening to a phone is theoretically safer than attempting to look at one while driving. There are more than a billion Android smartphones out there, making Google Assistant an automatic player in the voice assistant game. (The inability of Siri to break out as a voice platform is probably more of a strategic concern for Apple than Cortana's position is for Microsoft.)
When it comes to voice-enabled speakers like the Amazon Echo, voice isn't just a competitive interface choice -- it's the only option in most cases. While Amazon is starting from a small base of maybe 20 to 30 million Echo devices sold to date, the company has all the momentum and a lot of industry partner enthusiasm.
Cortana's user base for now is PCs, and when it comes to voice input, it's not a great place to be. The keyboard and mouse/trackpad are an awesome combination -- voice has to get very, very good before it can ever displace those very mature inputs for a user seated in front of a laptop or PC. It's for the same reason that Alexa integration with PCs may be less promising than the PC OEMs make it out to be.
Microsoft's virtual assistant ambitions are bigger than the PC base; in fact, they're bigger than Cortana.
The PC user base is only part of Microsoft's market, and it's a shrinking part. As the company redefines itself as a cloud company, one of its real strengths is its deep history with the enterprise development community and its experience at enabling that community.
Microsoft's official statement about discontinuing the Cortana-Dynamics 365 public preview provides a clear example of the strategy in action:
We are working to deliver a robust and scalable digital assistant experience across all of our Dynamics 365 offerings. This includes natural language integration for customers and partners across multiple channels including Cortana. To that end, we are discontinuing the current Cortana integration preview feature that was made available for Dynamics 365 and we are focusing on building a new long term intelligent solution experience, which will include Cortana digital assistant integration.
Getting developers to use Azure services for voice recognition, chatbots, translation, machine learning and artificial intelligence are all strategic plays for Microsoft. Expect the company to keep working to develop first-rate user experiences that evolve the gimmicky aspects of Cortana's personality into a better and better virtual assistant interface for unlocking deeper business value from more and more of Microsoft's advanced cloud services.
Bad start to 2018 or not, Microsoft needs to keep a hand in virtual assistant technologies. As long as that's the case, Cortana will probably continue her role as the public face of that broader and deeper effort.
Posted by Scott Bekker on January 16, 2018 at 2:56 PM0 comments
The rate of cloud-based Microsoft SharePoint deployments ballooned by triple digits in 2017, based on a recent industry poll.
SharePoint tools suppliers Sharegate, Hyperfish and Nintex this week released their "The SharePoint and Office 365 Industry Survey," which included responses from about 450 SharePoint administrators and IT professionals. The three companies also surveyed a random sample of their combined client pools in 2016, providing lots of data points for comparison.
SharePoint Online deployments increased by an impressive 167 percent from 2016 to 2017. While only 21 percent of respondents in 2016 had SharePoint Online deployed, that number soared to 56 percent in 2017. Even though that means that more than half of companies had SharePoint Online deployed, a lot of them were also still running on-premise SharePoint deployments in parallel.
Yet another data point in the survey shows more and more users trusting their entire SharePoint workload to the cloud. In 2016, one-fifth of users had SharePoint deployed exclusively online. A year later, that number was nearly a third (31 percent). At the same time, hybrid environments (a mix of SharePoint Online and on-premises SharePoint deployments) dropped by 7 percentage points to 34 percent and on-premises-only environments dropped by 2 percentage points to 35 percent in 2017.
The shift to the cloud in SharePoint is mirrored on the Active Directory (AD) side in the vendor survey. In 2016, a very slight majority of AD deployments involved on-premises AD (51 percent). But in 2017, that number fell to 42 percent, while a mix of on-premises and Azure AD jumped 3 percentage points to 34 percent and pure Azure AD deployments rose 4 percentage points to 16 percent.
The survey also reveals the relative share of the last six on-premises versions of SharePoint, dating all the way back to SharePoint 2001, although that version and SharePoint 2003 are present in low enough numbers to make any conclusions about the trends on those editions statistically questionable.
Among the newer versions, the only one gaining significant share is the most recent, SharePoint 2016, which saw a 67 percent increase in deployments from 2016 to 2017. While impressive, it's gaining share at a much lower rate than SharePoint Online/Office 365 and from a smaller base. SharePoint 2016 ended 2017 with a presence in 25 percent of respondents' shops.
Holding steady and maintaining the largest share of any edition, including SharePoint Online, is SharePoint 2013. Deployed at 66 percent of respondents' sites, SharePoint 2013 won't maintain its lead through 2018 if SharePoint Online continues its momentum.
For 2017, SharePoint Online seemed to be taking most of its share from SharePoint 2007, which dropped 2 percentage points to 18 percent, and especially from SharePoint 2010, which dropped 8 percentage points to 40 percent.
As Office 365 deployments continue to gallop ahead, there is little reason to suspect that SharePoint Online's share of overall SharePoint workloads won't continue to increase. The question is how fast.
As befits a survey fielded by tools vendors, a statement accompanying the data points out that obstacles remain for those still moving to SharePoint Online.
"The move to the cloud is not always as easy as it sounds. Microsoft has released a content migration tool to help customers leave SharePoint 2010 and 2013, but it just isn't enough. Here at Sharegate, we still see a large number of customers leveraging our tools to migrate while keeping their existing site structure and objects," said Benjamin Niaulin, Microsoft Regional Director & Product Advisor at Sharegate.
Among the challenges are ongoing concerns about security, cost constraints, time constraints and difficulties in migrating SharePoint customizations from on-premises to online.
This survey says progress to the cloud in 2017 was rapid. The question for 2018 will be whether that pace can continue. Were we looking at low-hanging fruit, easy wins and pilot projects that could stall slightly this year? Or was it an early majority shift that could bring nearly half of the SharePoint customer base exclusively into the cloud by year's end?
Posted by Scott Bekker on January 10, 2018 at 2:44 PM0 comments
The next Patch Tuesday or some date around then is looking like a doozy.
Reports have been bubbling up this week that vendors and open source teams are hustling under embargo to fix a major security flaw affecting Intel processors over the last decade. The rumored software fix could seriously slow down both personal systems and public clouds.
Here's the top of The Register's report from Tuesday night:
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- such as PCID -- to reduce the performance hit. Your mileage may vary.
The next Patch Tuesday is Jan. 9. Microsoft also sent out warnings to some users that their Azure Virtual Machines would undergo an unusual reboot for security and maintenance on Jan. 10, and Amazon Web Services (AWS) e-mailed users of a maintenance reboot on Jan. 5-6, The Register noted. Officially, all the vendors are declining comment.
Patch Tuesdays are always mark-the-date events for IT, but this flaw is looking more like an all-hands-on-deck situation -- both for the security issues and then for the potential of subsequent and permanent performance problems.
UPDATE: Intel released its first statement on the issue Wednesday afternoon, confirming a serious security problem and a fix timeframe for next week, but pushing back partially on the performance hit and on reports that the problem only affected Intel chips. Here's the statement:
Intel Responds to Security Research Findings
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
Posted by Scott Bekker on January 03, 2018 at 11:54 AM0 comments