Categories
Amazon Amazon Web Services Andy Jassy AWS Cloud cloud market share Enterprise microsoft TC

Despite JEDI loss, AWS retains dominant market position

AWS took a hard blow last year when it lost the $10 billion, decade-long JEDI cloud contract to rival Microsoft. Yet even without that mega deal for building out the nation’s Joint Enterprise Defense Infrastructure, the company remains fully in control of the cloud infrastructure market — and it intends to fight that decision.

In fact, AWS still owns almost twice as much cloud infrastructure market share as Microsoft, its closest rival. While the two will battle over the next decade for big contracts like JEDI, for now, AWS doesn’t have much to worry about.

There was a lot more to AWS’s year than simply losing JEDI. Per usual, the news came out with a flurry of announcements and enhancements to its vast product set. Among the more interesting moves was a shift to the edge, the fact the company is getting more serious about the chip business and a big dose of machine learning product announcements.

The fact is that AWS has such market momentum now, it’s a legitimate question to ask if anyone, even Microsoft, can catch up. The market is continuing to expand though, and the next battle is for that remaining market share. AWS CEO Andy Jassy spent more time than in the past trashing Microsoft at 2019’s re:Invent customer conference in December, imploring customers to move to the cloud faster and showing that his company is preparing for a battle with its rivals in the years ahead.

Numbers, please

AWS closed 2019 on a $36 billion run rate, growing from $7.43 billion in in its first report in January to $9 billion in earnings for its most recent earnings report in October. Believe it or not, according to CNBC, that number failed to meet analysts expectations of $9.1 billion, but still accounted for 13% of Amazon’s revenue in the quarter.

Regardless, AWS is a juggernaut, which is fairly amazing when you consider that it started as a side project for Amazon .com in 2006. In fact, if AWS were a stand-alone company, it would be a substantial business. While growth slowed a bit last year, that’s inevitable when you get as large as AWS, says John Dinsdale, VP, chief analyst and general manager at Synergy Research, a firm that follows all aspects of the cloud market.

“This is just math and the law of large numbers. On average over the last four quarters, it has incremented its revenues by well over $500 million per quarter. So it has grown its quarterly revenues by well over $2 billion in a twelve-month period,” he said.

Dinsdale added, “To put that into context, this growth in quarterly revenue is bigger than Google’s total revenues in cloud infrastructure services. In a very large market that is growing at over 35% per year, AWS market share is holding steady.”

Dinsdale says the cloud infrastructure market didn’t quite break $100 billion last year, but even without full Q4 results, his firm’s models project a total of around $95 billion, up 37% over 2018. AWS has more than a third of that. Microsoft is way back at around 17% with Google in third with around 8 or 9%.

While this is from Q1, it illustrates the relative positions of companies in the cloud market. Chart: Synergy Research

JEDI disappointment

It would be hard to do any year-end review of AWS without discussing JEDI. From the moment the Department of Defense announced its decade-long, $10 billion cloud RFP, it has been one big controversy after another.

Categories
cloud storage microsoft onedrive Security Tech

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

The Microsoft logo displayed at Microsoft's booth at a trade show.

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan)

Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage that’s accessed through two-step verification, or a “strong authentication method,” although Microsoft didn’t define the latter term.

Microsoft notes that fingerprinting, face scans, PINs, and one-time codes by email, SMS, or an authenticator app are among the acceptable two-step verification methods. And you’ll automatically get de-authenticated after a period of inactivity—that’s the key to Microsoft’s special security argument here. Two-factor authentication using text or email is less secure than other options. Using the more heavy-duty face or fingerprint verification will require the appropriate hardware, such as a device with Windows Hello.

It also has options for transferring physical documents to the OneDrive mobile app. You can scan documents or take photos directly into the Personal Vault section without needing to store the file in a less secure part of your device first.

Read 4 remaining paragraphs | Comments

Categories
microsoft Security Tech updates Windows windows 10 Windows Update

Windows 10 May 2019 Update now rolling out to everyone… slowly

Stylized image of glass skyscrapers under construction.

Enlarge (credit: David Holt / Flickr)

To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate and a much less aggressive rollout to Windows Update.

That rollout starts today. While you previously needed to be in the Insider Program (or have a source such as an MSDN subscription) to download and install version 1903, it’s now open to everyone through Windows Update.

However, Windows users are unlikely to see the update automatically installed for many months. Initially, only those who explicitly visit Windows Update and click “Check for Updates” will be offered version 1903, and even then, they’ll have to explicitly choose to download and install the update. This is part of Microsoft’s attempt to make Windows Update less surprising: feature updates are offered separately from regular updates because feature updates take a long time to install and regular updates don’t (or at least, they shouldn’t). This installation experience requires the use of version 1803 or 1809, and it also requires the most recent monthly patch, which is also released today.

Read 3 remaining paragraphs | Comments

Categories
administration microsoft passwords Security Tech Windows

Password1, Password2, Password3 no more: Microsoft drops password expiration rec

Password1, Password2, Password3 no more: Microsoft drops password expiration rec

For many years, Microsoft has published a security baseline configuration: a set of system policies that are a reasonable default for a typical organization. This configuration may be sufficient for some companies, and it represents a good starting point for those corporations that need something stricter. While most of the settings have been unproblematic, one particular decision has long drawn the ire of end-users and helpdesks alike: a 60-day password expiration policy that forces a password change every two months. That reality is no longer: the latest draft for the baseline configuration for Windows 10 version 1903 and Windows Server version 1903 drops this tedious requirement.

The rationale for the previous policy is that it limits the impact a stolen password can have—a stolen password will automatically become invalid after, at most, 60 days. In reality, however, password expiration tends to make systems less safe, not more, because computer users don’t like picking or remembering new passwords. Instead, they’ll do something like pick a simple password and then increment a number on the end of the password, making it easy to “generate” a new password whenever they’re forced to.

In the early days of computing, this might have been a sensible trade-off, because cracking passwords was relatively slow. But these days, with rainbow tables, GPU acceleration, and the massive computational power of the cloud, that’s no longer the case—short passwords are a liability, so any policy that makes people favor short passwords is a bad policy. It’s better instead to choose a long password and, ideally, multifactor authentication, supplementing the password with a time-based code or something similar.

Read 3 remaining paragraphs | Comments

Categories
anti-malware anti-virus microsoft patch Security Tech Windows

McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all

A colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith)

Enlarge / A colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith) (credit: CDC)

The most recent Windows patch, released April 9, seems to have done something (still to be determined) that’s causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more antivirus scanners to its list of known issues. As of publication time, client-side antivirus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch.

Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It’s not immediately clear if systems are freezing altogether or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.

Booting into safe mode is unaffected, and the current advice is to use this method to disable the antivirus applications and allow the machines to boot normally. Sophos additionally reports that adding the antivirus software’s own directory to the list of excluded locations also serves as a fix, which is a little strange.

Read 3 remaining paragraphs | Comments

Categories
Cloud hack hotmail microsoft Outlook.com Security Tech

Hackers could read non-corporate Outlook.com, Hotmail for six months

Hackers could read non-corporate Outlook.com, Hotmail for six months

Enlarge (credit: Getty / Aurich Lawson)

Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts and was able to read, among other things, the subject lines of emails (but not their bodies or attachments, nor their account passwords), between January 1 and March 28 of this year. Microsoft confirmed this to TechCrunch on Saturday.

The hackers, however, dispute this characterization. They told Motherboard that they can indeed access email contents and have shown that publication screenshots to prove their point. They also claim that the hack lasted at least six months, doubling the period of vulnerability that Microsoft has claimed. After this pushback, Microsoft responded that around 6 percent of customers affected by the hack had suffered unauthorized access to their emails and that these customers received different breach notifications to make this clear. However, the company is still sticking to its claim that the hack only lasted three months.

Not in dispute is the broad character of the attack. Both hackers and Microsoft’s breach notifications say that access to customer accounts came through compromise of a support agent’s credentials. With these credentials, the hackers could use Microsoft’s internal customer support portal, which offers support agents some level of access to Outlook.com accounts. The hackers speculated to Motherboard that the compromised account belonged to a highly privileged user and that this may have been what granted them the ability to read mail bodies. The compromised account has subsequently been locked to prevent any further abuse.

Read 2 remaining paragraphs | Comments