At the TDX 2025 developer conference in San Francisco, Salesforce executives presented its Agentforce agentic AI technology as a whole system approach, where large language models (LLMs) are less significant than a trinity of data, applications and agents. Relatedly, they consistently disparage DIY artificial intelligence (AI) programmes.Paula Goldman, the suppliers chief ethical and humane use officer, said: I think a lot of the public discourse about AI has been about [large language] models. But if you think about Agentforce, its a whole system. Theres a foundation model, and then theres a series of smaller models that go into our Atlas system, and there are workflows that are automated that people can draw on. Weve got used to talking about AI as models over the past few years, but I think we need to be talking about systems.David Schmaier, president and chief product officer at Salesforce, said the suppliers entire technology stack, including Slack and Tableau, comes into play with Agentforce. He also pointed to its Data Cloud platform as central to its AI offer.You couldnt have a computer without a microprocessor; you need storage and RAM and a display and an operating system around it. Thats what weve done. We have our data cloud, which harmonises hundreds of thousands of systems. It gives you the data, the metadata and the semantics. Thats why we can outperform an LLM by itself. LLMs have hallucinations, they have bias, toxicity. An LLM is necessary but insufficient. We add to the LLM. Our view is the data powers the AI and then the AI powers the customer experience of the future, he said. An LLM is necessary but insufficient. We add to the LLM. Our view is the data powers the AI and then the AI powers the customer experience of the future David Schmaier, SalesforceWe call it the holy trinity. We have the Data Cloud, then we have our Sales Cloud, Service Cloud and Marketing Cloud apps which is how we got the name Salesforce as well as Slack, Mulesoft and Tableau. And now we have Agentforce on top of all that. Thats how we can turn on 10,600 customers over three days with agents. Its because we are using the same platform as we have for 25 years. So, with a healthcare company, for example, that has workflows it has bult in its Salesforce deployment, it can make all those available for [virtual] agents, Schmaier added.He believes too many organisations are doing DIY AI. Most people are just trying to take whatever apps they have, whether its Salesforce or SAP or Workday, and just buying ChatGPT and trying to plug it in. No other competitor has what we have, in terms of agents. We think we have a real lead in this agentic field. Weve sold to 5,200 customers since launching at Dreamforce [in September 2024]. Now, we have 200,000 customers, and most dont use Agentforce today, he said.Rahul Auradkar, executive vice-president and general manager of Unified Data Services and Einstein at Salesforce, made a similar argument about what the provider calls DIY AI.What we are doing with agents is an entire system. Were not shipping a model, an app or a copilot. Were shipping an AI system on a deeply unified platform. What that system allows our enterprise customers, who dont want to do the DIY, to do is surface customer-centric analytics and workflows, and listen to the customers to feed back to the system so the agents get better. Copilots are a narrow sliver of what AI can be, he said.The difference between a DIY AI and an enterprise using [our] system is that the enterprise can focus on things that they are good at, which is plenty of things. They have their data. The have their transactions. They have their engagement data. They have their AI policies, their workflows, their automations. We bring all that together within a deeply unified platform and drive value for our customers, added Auradkar.And yet, analyst research from Informa TechTargets Enterprise Strategy Group (ESG) offers a contrast with Salesforces disparagement of DIY AI a complicating contrast rather than a confutation, but a contrast nevertheless.Towards the end of 2024, ESG surveyed 832 professionals at organisations across the globe involved in the strategy, decision-making, selection, deployment and management of generative AI (GenAI) initiatives and projects at their organisations and familiar with their organisations use of third parties to support GenAI initiatives.The resulting report, The state of the generative AI market: Widespread transformation continues authored by Mark Beccue, principal analyst, Mike Leone, practice director and principal analyst, and Emily Marsh, associate research director does find support for an agentic AI philosophy: Respondents most often said that they see AI agents, virtual assistants, and intelligent chatbots powered by AI as valuable productivity tools, though they also often said they view them with cautious optimism (41%). Over two-thirds of organisations are planning for or considering AI agents, which represents a significant opportunity for AI vendors to target these requirements with capabilities and services.They also note, however: The AI agent market is extremely nascent and loaded with challenges, including managing single-task agents, interoperability problems, the potential emergence of multitask agents and security.But the authors also remark, similarly to Salesforces Auradkar, that: A wide majority (84%) of respondents agreed it is important to incorporate their own enterprise data into models that support generative AI. GenAI models themselves are not a competitive differentiator. Rather, effectively identifying, organising and vetting internal data for use with GenAI models is the key to creating unique and highly actionable insights.The research also found user organisations to be embracing a variety of LLMs open source and proprietary. The largest percentage of respondent organisations (43%) are both proprietary and open source models.Alongside this enthusiasm for using large language models, the study found that organisations are placing their bets on internal resources, planning to reskill or upskill employees (58%) and provide education and awareness training to employees (43%). This suggests a growing cadre of employees who will want to do DIY AI.The authors comment: Employee enthusiasm for these technologies is likely at a high point as GenAI excitement pervades many facets of society, so this internal investment will likely be a win-win situation whereby personnel receive welcome development opportunities and the business gains valuable GenAI expertise.At Dreamforce in September 2024, Marc Benioff, co-founder, chairman and CEO of Salesforce, was in combative mood in respect of Agentforce, positioning it as a wholescale alternative to generative AI copilot usage, associated with Microsoft and Google, but with other vendors too.Theres a lot of narratives out there from vendors, and a lot of it is not true, he said at the time. You need to sit with those customers [at the Dreamforce event], look at the code and break the hypnosis coming from all the vendors. Theres plenty of real customers here who are really deploying real AI. But there are billions being invested in copilots, delivering how much productivity increase? Is there a better way to do it? And so, thats our gambit.The game is still being played. The middle game lies ahead.Read more about Salesforces AgentforceSalesforce banking on autonomous agents with Agentforce 2dx.TDX 2025: Salesforce vaunts Agentforce 2dx as evolved agentic AI platform.After rebranding Einstein copilot products as agents, Salesforce CEO Marc Benioff likens Microsoft Copilot AI to Clippit, also known as Clippy, the original intelligent agent.Singapore Airlines is deploying Salesforces Agentforce AI agent platform to improve customer interactions and personalise experiences.

hanohiki - stock.adobe.comNewsApple slated in CMA mobile browser investigationApple policies are main focus, but Google doesnt escape the regulators scrutiny either, with its business practices to promote Chrome coming under fireByCliff Saran,Managing EditorPublished: 12 Mar 2025 15:48 The Competition and Markets Authoritys (CMA) final report into the mobile browser market has found innovation is being held back by a lack of competition, which could be limiting growth in the UK.Margot Daly, chair of the CMAs independent inquiry group, said: Following our in-depth investigation, we have concluded that competition between different mobile browsers is not working well, and this is holding back innovation in the UK. I welcome the CMAs prompt action to open strategic market status investigations into both Apple and Googles mobile ecosystems. The extensive analysis weve set out today will help that work as it progresses.The final report highlights Apples policy that third-party web browsers need to use its underlying browser engine called WebKit, which, the CMA said, determines what competing mobile browsers can do on iOS.Apples own mobile browser Safari has or has had greater or earlier access to key functionalities from the operating system and Apples WebKit browser engine, compared to competing mobile browsers. This has a negative impact on competition and innovation, the CMA report stated.The CMA investigation also found Apple appears to be holding back progressive web apps (PWAs), described in the report as lower cost and easier for developers to build since they can run on any operating system and do not need to be listed on an app store. This means Apple is unable to charge a commission for hosting them on its App Store, which it does with iOS apps.While the CMA considered submissions from Apple, in which it said browsers must use WebKit because allowing alternative browser engines could raise security, privacy and performance risks, the regulator felt these risks could be managed in other ways.The report also found that alternative browser engines perform similarly to WebKit on security outcomes and that Apples current restriction prevents mobile browsers competing and innovating on security and privacy features, for example by implementing security updates more frequently than Apples architecture currently allows.Another issue noted in the report is the inability for iOS apps to offer in-app browsing functionality something that is possible on Android. Meta told the CMA that in-app browsing could improve user experience, security and performance. While it has developed this functionality on its Android app, Meta told the CMA that it cannot develop these features on iOS currently because Apples rules require apps to use Apples own technology including its WebKit browser engine.Looking at Googles product design choices, the CMA said Google had made it significantly harder for consumers to drive competition by actively choosing which browser they use.Googles control of the Android operating system means it is able to determine key design decisions such as which products are placed prominently on a users screen and which apps are treated as the default option. We have seen evidence that this is happening in relation to how browser options are presented when users first get their device, and again later, while they are using it. Google uses factory setting agreements with device manufacturers who use Googles Android operating system, the report stated.Read more CMA investigationsCMA clears Google over Anthropic partnership: The UK competition watchdog has finished its initial investigation into Googles partnership with Anthropic, with no follow-up on the cards.Chrome cookies reprieved amid Google Privacy Sandbox changes: Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified new experience for users.In The Current Issue:Digital twins map the world and guide strategic decisionsLiverpool reinvents customer service through digital platformDownload Current IssueSLM series - SAS: Whats old is new again CW Developer NetworkSUSE CEO: Enterprise Linux where choice happens' Open Source InsiderView All Blogs

Apple has released updated versions of its iOS and iPadOS mobile operating system (OS) that address a potentially dangerous vulnerability that appears to have been exploited in the wild.The two releases, iOS 18.3.2 and iPadOS 18.3.2, are available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.Collectively, the update addresses a single vulnerability tracked as CVE-2025-24201. Apple customarily releases very sparse details of the vulnerabilities it addresses to avoid giving too much away to threat actors, and the flaw in question is no exception.Apple revealed that the flaw is an out-of-bounds write issue affecting the WebKit open source web browser engine that powers Safari, Mail, App Store and many other Apple and Linux ecosystem applications.Cupertino said: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2.Version 17.2 of the two OSes dates back just over a year to December 2023, and besides security fixes brought a large number of new features to Apples mobile estate, including the launch of a diary feature called Journal, and enhancements to its Weather app, among other things.In its update notes, Apple indicated that it took steps to address the issue after it became aware of exploitation of CVE-2025-24201 in the wild. The firm said: Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.The fact that this attack is being described as sophisticated and targeted likely indicates that the vulnerability was used by a nation-state threat actor, possibly against individuals of interest to the intelligence services in that country. To Western ears, this could indicate exploitation by actors linked to China, Iran, North Korea or Russia.However, given Apple mobile devices are so widely used, other countries and even private companies are known to seek out and leverage vulnerabilities in its device estate for similar purposes.Notably, disgraced Israeli spyware manufacturer NSO Group the organisation behind the Pegasus malware that was famously used by the Saudi Arabian regime against murdered journalist Jamal Khashoggi exploited multiple Apple vulnerabilities in the service of its mercenary activities.Even though this might indicate the risk to everyday members of the public might be limited, Sylvain Cortes, vice-president of strategy at Hackuity, told Computer Weekly that all users should take steps to protect themselves.The flaw poses a significant risk to users of older versions of the operating system, particularly those released before iOS 17.2, said Cortes. We highly encourage users to update their devices to iOS 18.3.2 as soon as possible to maintain the security and privacy of their data.Besides the fix, the update also brings new customisation options for Apple users, a redesigned Photos application, new ways to express yourself in Messages, a hiking feature in Maps, and updates to Wallet.Read more about Apple securityCampaigners call for High Court hearing to be held in public as tech giant appeals against UK government order to open a backdoor into its encrypted iCloud service.After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK.CVE-2025-24200 is a zero-day vulnerability that bypasses Apple's USB Restricted Mode in iPhones and iPads and was exploited in the wild against specific targeted individuals.

There were many consequences of the extraordinary timing of last Julys General Election. One was that my AI Regulation Bill, which had made its way through all stages in the House of Lords and was just about to go to the Commons, was stopped in its tracks. Almost a year later, a new government and another Parliament has provided the opportunity to reintroduce my AI Bill, as I did last week.If the need for artificial intelligence (AI) regulation was pressing in November 2023, when I first brought my Bill to bear, that need is now well past urgent and, it seems, even further from fruition.How the sands have shifted, both domestically and internationally. A UK government, keen on AI regulation while in opposition, slated an AI Bill in the Kings Speech last summer. Now, some eight months later, there is still no sign of a Bill and what appears to be an increasing reluctance to do anything much until they have squared it with the US.At the Paris AI Action Summit earlier this year, a declaration for inclusive and sustainable AI was signed by international participants, although both the UK and US decided not to put their pens to that paper.Further, the AI Safety Institute has been renamed the AI Security Institute signalling a definite shift towards cyber security rather than a broader focus on safety that would include mitigating risks associated with societal impacts of AI modelsAll of this makes the case - the more than urgent case - for UK AI regulation. It seems we still have to slay that falsehood which recurs with tedious inevitability that you can have innovation or regulation but you cant have both. This is a false dichotomy. The choice is not between innovation or regulation. The challenge is to design right-sized regulation - a challenge that has become much more pronounced in the digital age. With no current AI-specific regulation, it is us, as consumers, creatives and citizens who find ourselves exposed to the technologies Lord Chris HolmesEvery learning from history informs us, right-sized regulation is good for citizen, consumer, creative, innovator, and investor. We all know bad regulation - sure, theres some of that around but thats bad regulation, that in no sense says to us regulation of itself is bad.Take the UK approach to open banking as an illustration, replicated by over 60 jurisdictions right around the world. A determined, thought-through regulatory intervention created in the UK - good for consumer, good for innovator and investor.We know how to get right-sized regulation, well, right. This could be no more important than when it comes to AI, a suite of technologies with such potentially positively transforming opportunities - economic, social, psychological. All potentially positive if we regulate it right.My attempt to design a flexible, principles-based, outcomes-focused and inputs-understood, regulatory approach for AI is set out in the provisions of the Bill.First, an AI Authority. Dont think of a huge bureaucratic burdensome behemoth - not a bit of it. We need an agile, right-touch, horizontally focused, small r regulator, intended to range across all existing regulators to assess their capacity and competency to address the opportunities and challenges AI affords. Through this, crucially, to identify the gaps where there exists no regulator or regulatory cover, recruitment being one obvious example.The AI Authority would stand as the champion and custodian of the principles set out for voluntary consideration in the previous governments whitepaper - those principles, put into statute through this Bill.The Bill would also establish AI responsible officers, to the extent that any business which develops, deploys or uses AI must have a designated AI officer. The AI responsible officer would have to ensure the safe, ethical, unbiased and non-discriminatory use of AI by the business and to ensure, so far as reasonably practicable, that data used by that business in any AI technology is unbiased.Again, dont think unnecessarily bureaucratic and burdensome. Proportionality prevails and we already have a well-established and well-understood path for reporting through adding to the provisions set out in the Companies Act.With no current AI-specific regulation, it is us, as consumers, creatives and citizens who find ourselves exposed to the technologies. Clear, effective labelling, as provided for in the Bill, would hugely help.It holds that, any person supplying a product or service involving AI must give customers clear and unambiguous health warnings, labelling and opportunities to give or withhold informed consent in advance. Technologies already exist to enable such labelling.Similarly, the Bill supports our creatives through intellectual property and copyright protection. No AI business should be able to simply gobble up others property without consent and, rightly, remuneration.The most important provisions in the Bill are those around the question of public engagement. The Bill requires the government to implement a programme for meaningful, long-term public engagement. It is only through such engagement that we are likely to be able to move forward together, cognisant of the risks and mitigations, rationally optimistic as to the opportunities.When the Warnock inquiry was established to do just this as IVF was being developed in the 1980s, we had the luxury of time. The inquiry was set up in 1982 and the Human Fertilisation and Embryology Act came into force in 1991.Technologies, not least AI, are developing so rapidly we have to act faster. The technologies themselves offer some of the solution, enabling real-time ongoing public engagement in a manner not possible even a few years ago. If we dont address this, the likely outcome is that many will fail to avail themselves of the advantages while simultaneously being saddled with the downsides, sharp at best - at extreme, existential.To conclude, we need regulation - cross-sector AI regulation for citizen, consumer, creative, innovator, investor. We must make this a reality and bring to life, for all our lives, that uniting truth - our data, our decisions, our AI futures.Read more about AI regulationNavigating the practicalities of AI regulation and legislation - What CIOs need to know about the global patchwork of existing and upcoming laws governing AI and what CIOs need to be doing about them.Global AI regulation is heating up: can the UK afford to remain silent? - Why UK lawmakers should be pro-active about introducing AI regulation.The race to regulate AI The EUs AI Act is set to become a gold standard of AI regulation. Will other countries adopt the same high standards or like the UK opt for a light touch in favour of growth and investment?

jijomathai - stock.adobe.comNewsReport hails benefits of socially integrating datacentres into local communitiesResearch report, featuring input from datacentre market stakeholders and sociological experts, makes case for socially integrating server farms into societyByCaroline Donnelly,Senior Editor, UKPublished: 12 Mar 2025 0:01 Datacentre developers should be doing more to ensure local communities are reaping the full benefits that having a server farm on their doorstep can bring, according to a report by engineering firm Hoare Lea.The companys DC society: putting community into datacentre thinking report makes the case for developments to become more socially integrated with the communities around them because as things stand datacentres are something that is often done to local communities, not by local communities.As detailed in the report: This is because there is no agreed blueprint or roadmap on what a socially conscious datacentre looks like. And this is wrong because datacentres have the potential to bring multiple benefits to local communities, beyond simply creating jobs for residents during the construction and operation phases of their development, the report stated.To this point, datacentres have the potential to improve health outcomes, create jobs, support research centres and draw in high-value industries for the benefit of local residents, the report continued.This means that datacentre developers have a responsibility to work with other stakeholders to create a positive impact on society, beyond data buildings and campuses, said Derek Main, director of datacentre and mission critical at Hoare Lea, in the introduction to the report.At the same time, developers are likely to favour setting up shop in locations where the local community is supportive of what they are trying to do. However, securing that support will be difficult to achieve without spelling out the benefits to local citizens that a datacentre development can bring.Datacentres will locate elsewhere to countries and regions where there is less resistance and where they are more welcome, the report stated. The lack of a direct community dividend can make datacentre developments untenable.Examples shared in the report of local benefits that could be generated by encouraging developers to forge closer ties with the surrounding communities include schemes where the waste heat from datacentres are reused within neighbouring housing developments, community buildings or vertical farm setups.The sites could also offer discounted data access for research institutions, such as universities or NHS organisations, or bring in economic benefits by acting as lure for other digitally minded businesses to move into the area, the report added.Datacentre developments can be beacons, catalysts and nodes for social and economic gains if fully realised, the report stated. This type of infrastructure can also supercharge communities that embrace them.The report features input from several datacentre industry market stakeholders, as well as sociology experts to establish how datacentres could be more socially integrated into local communities.Datacentres do not need to be pitted in competition with local people for access to resources they can enable other opportunities for people instead, said Main.Paul Hanna, head of societal impacts at Hoare Lea, said the contents of the report champions the importance of large-scale infrastructure developers taking time to understand a communities needs, which he describes as a crucial part of the planning process such projects.Alongside the technology, security, and energy-efficiency, datacentres would benefit greatly by being designed with societal insight, Hanna continued. If datacentre developers and owners opt into a social contract with their neighbours all parties can benefit.Read more about datacentre developmentsThe UK government has unveiled its 50-point AI action plan, which commits to building sovereign artificial intelligence capabilities and accelerating AI datacentre developments - but questions remain about the viability of the plans.The government is inviting feedback on its plans to rejig the UK planning system to make it more supportive of datacentre developments.In The Current Issue:Digital twins map the world and guide strategic decisionsLiverpool reinvents customer service through digital platformDownload Current IssueSLM series - SAS: Whats old is new again CW Developer NetworkSUSE CEO: Enterprise Linux where choice happens' Open Source InsiderView All Blogs

Microsoft has dropped a grand total of 57 fixes to mark the third Patch Tuesday update of 2025 rising to closer to 70 when third-party vulns are taken into account including six zero-days and six critical flaws needing urgent attention.The zero-days comprise a security feature bypass in Microsoft Management Console, two remote code execution (RCE) issues in Windows Fast FAT File System Driver and Windows NTFS, two information disclosure vulnerabilities in Windows NTFS, and a privilege escalation flaw in Windows Win32 Kernel Subsystem.All are listed as exploited by Microsoft, but have not yet been made public, and all are considered to be important in their severity, carrying CVSS scores that range from 4.6 to 7.8.A seventh vulnerability, an RCE issue in Windows Access, has been listed as public but does not appear to be actively exploited at the time of writing.The six critical vulnerabilities, carrying CVSS scores of 7.8 through 8.8, are all RCE flaws. Two of them affect Windows Remote Desktop Services, and the four others relate to Microsoft Office, Windows Domain Name Service, Remote Desktop Client, and Windows Subsystem for Linux Kernel.All six of the vulnerabilities that Microsoft has labelled as exploit detected are resolved with the monthly cumulative update, said Tyler Reguly, Fortra associate director of security research and development.This means a single update to roll out to fix all of these at once. Thankfully, none of them require post-patch configuration steps. The same is true for five of the six critical severity vulnerabilities. A lot of our important fixes come from the same patch.The remaining critical vulnerability, CVE-2025-24057, and the publicly disclosed vulnerability, CVE-2025-26630, both require Office updates. For those running click-to-run, theres not a lot to do, but for those running Office 2016, there are two patches to install, one for Office and one for Access, he added.Reguly said that fortunately, this limited the amount of patching needed to resolve the attention-grabbing flaws. However, he said, they arebig ticket items and with headlines likely to state, Microsoft Patches Six 0-Day Vulnerabilities, admins will likely have a lot of questions to answer about the state of their patching.Assessing these big ticket items in a little more depth, Immersive senior director of threat research, Kev Breen said the NTFS and FAT RCE flaws probably warrant the greatest attention. These flaws form part of a chain with the two NTFS information disclosure vulnerabilities.These four CVEs are all related to a remote code execution vulnerability that is associated with mounting Virtual Hard Disk (VHD) files. These are tracked separately as CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, and CVE-2025-24993, so when it comes to patch management ensure all four are covered.Breen explained that the exploit chain relies on the attacker convincing a user to open or mount a virtual hard disk (VHD) file. These are typically used to store operating systems for virtual machines and while more usually associated with VMs, there have been cases down through the years where such files have been used to smuggle malware payloads onto target systems.Depending on the configuration of Windows systems, simply double-clicking on a VHD file could be enough to mount the container and, therefore, execute any payloads contained within the malicious file, said Breen. Organisations should check their security tools for any VHD files being sent via email or downloaded from the internet and look to add security rules or blocks for these file types where they are not required.Meanwhile, Alex Vovk, CEO and co-founder of Action1, considered some of the implications of the Windows Win32 Kernel EoP flaw, tracked as CVE-2025-24984.CVE-2025-24983 provides a direct path from low privileges to SYSTEM access, making it an attractive target for attackers with initial access via phishing, malware, compromised credentials, or insider threats, said Vovk.Although classified as high complexity, well-resourced attackers including state-sponsored groups and cyber criminal organisations have historically overcome such constraints through automation and repeated attempts. Race-condition vulnerabilities in kernel subsystems have proven to be reliably exploitable, given sufficient attacker persistence and environment predictability. Organisations heavily dependent on Windows infrastructure including enterprises, governments, and critical infrastructure sectors are at risk. Kernel-level privilege escalation vulnerabilities remain highly valuable to attackers, as they serve as a key pivot point in advanced cyber attacks, enabling deeper network infiltration and persistent access, said Vovk.Read more about Patch TuesdayFebruary 2025: Microsoft is correcting 57 vulnerabilities in its February Patch Tuesday, two of which are being actively exploited in the wild, and three of which are critical.January 2025: Thelargest Patch Tuesday of the 2020s so farbrings fixes for more than 150 CVEs ranging widely in their scope and severity including eight zero-day flaws.December 2024: Microsoft has fixed over 70 CVEs in itsfinal Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flawin the Lightweight Directory Access Protocol.November 2024: High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Servershould be prioritised from Novembers Patch Tuesday update.October 2024: Stand-out vulnerabilities in Microsofts latest Patch Tuesday drop include problems in Microsoft Management Consoleand the Windows MSHTML Platform.September 2024: Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilitieswill keep admins busy.August 2024: Microsoft patches six actively exploited zero-days among over 100 issuesduring its regular monthly update.July 2024: Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-daysingled out for urgent attention.June 2024: An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address inMicrosofts latest Patch Tuesday update.May 2024: A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malwarethat is drawing attention.April 2024: Support for the Windows Server 2008 OS ended in 2020, but four years on and there's a live exploit of a security flawthat impacts all Windows users.March 2024: Two critical vulnerabilities in Windows Hyper-V stand out onan otherwise unremarkable Patch Tuesday.

zgphotography - stock.adobe.comNewsUK government under-prepared for catastrophic cyber attack, hears PACThe Commons Public Accounts Committee heard government IT leaders respond to recent National Audit Office findings that the governments cyber resilience is under parByBrian McKenna,Enterprise Applications EditorPublished: 11 Mar 2025 15:00 The government is under-prepared for a catastrophic cyber attack and still dogged by legacy IT, but making progress, the Public Accounts Committee of the House of Commons has heard.The committee, chaired by Geoffrey Clifton-Brown, Conservative MP for North Cotswolds, took testimony on 10 March from four high-ranking government IT leaders about the cyber resilience of Whitehall departments. This followed the publication, in January, of a report by the National Audit Office (NAO), which found government cyber resilience lacking, weakened by legacy IT and skills shortages, and facing mounting threats.In itsGovernment cyber resiliencereport, thepublic spending watchdogwarned that the cyber threat to the UK government is severe and advancing quickly. It found that 58 critical government IT systems, assessed in 2024, had significant gaps in cyber resilience, and the government does not know how vulnerable at least 228 legacy IT systems are to cyber attack.The NAO spotted that the governments cyber assurance scheme,GovAssure, found significant gaps in cyber resilience, with multiple fundamental system controls at low levels of maturity across departments.GovAssureassesses the critical systems of government organisations. It was set up in April 2023.The question, according to the report under review at the PAC committee session, is no longer if the government will face a damaging cyber attack, but how severe the impacts may be, as the sophistication and number of attacks continues to rise.As the governments operations become increasingly digitised, so too does the severity of potential impacts resulting from cyber attacks. In an effort to combat this, the government published a Cyber Security Strategy in 2022, which set out plans to make the public sector resilient to cyber attacks by 2030. The PAC chair said the committee would look at how the government understands the severity of the cyber threat that it faces, how it can best achieve the aim of the strategy, and build the governments resilience to cyber attacks.Testifying before the committee were: Cat Little, chief operating officer for the Civil Service and permanent secretary to the Cabinet Office; Vincent Devine, government chief security officer and head of the Cabinet Offices Government Security Function; Joanna Davinson, interim government chief digital officer at the Department for Science, Innovation and Technology; and Bella Powell, cyber director of the Cabinet Offices Government Security Group.One matter of concern to the MPs on the committee is the lack of visibility civil servants seem to have into the very number of government IT systems, spread across departments and arms-length bodies, and to what extent they are legacy systems especially vulnerable to cyber attack.Clive Betts, Labour MP for Sheffield South East, said: This is quite a critical issue. This is about the threat from potential cyber attack that could be launched against a legacy system, and we dont yet know what the systems are to begin with. This is quite a critical issue. This is about the threat from potential cyber attack that could be launched against a legacy system, and we dont yet know what the systems are to begin with Clive BettsLabour MP for Sheffield South East Davinson responded: Its not a simple, Whats the list? Weve asked that question of departments, and have had responses through our legacy risk framework. Weve got that understanding and we are continuing to expand that out to other organisations. [But] its not a resource-free exercise.Little added: What this part of our discussion really brings to light is that government, in a period of scarce resources, has got to make prioritised decisions based on risks and how much assurance is desired. And its for the government to set its risk appetite, and to use that risk appetite and information to allocate resources accordingly.Weve made huge progress in understanding the most significant issues that weve got [in terms of legacy], and whilst its not every single system, it is the vast majority ... [and] were using both GovAssure and our technical expertise in legacy IT to set out for ministers the choices about risk and how much risk they want to buy out. That is the fundamental question. If youve got X billion pounds available to fund people, resources, skills, to remediate legacy IT, and to invest in new technology, how you use your allocative resource has got to be risk based, and its got to be outcome based. The whole point of the Spending Review process is to bring outcomes and risks together so that ministers can make a funding allocation choice.Powell said: We are ramping up the number of systems that were looking at. We are not doing that in an exponential fashion, but I think its also worth noting that with GovAssure, we are driving the car and building it at the same time. We launched it in April 2023 following some early pilots with departments [when] it was still at an early-stage assurance process.There is much more that we can and need to do, particularly in terms of automation of that process, in terms of providing stronger support and guidance to departments in implementing it, and also in the root cause analysis to better understand the data that we are gathering from that process. It is by no means a finished product, it is by no means a perfect product, but what its already starting to do is give us the outcomes that we need in terms of understanding resilience levels and where we can take action.MPs were also concerned about the extent to which the government has, as the NAO report states, under-estimated the extent of cyber risk.Devine was candid in relation to the lateness of the introduction of GovAssure in April 2023. We probably have woken up to the scale of cyber risk more slowly than we should have done. We were probably unrealistic in relying upon self-assessment [of government departments], he said. We didnt ramp up the government response to cyber security from assurance through to response as quickly as we should have ... because we [werent] as alive to the threats as we should have been Vincent DevineCabinet Office Despite recognising this in 2010, starting to invest money significantly in 2016, we didnt ramp up the government response to cyber security from assurance through to response as quickly as we should have, in retrospect. Why? Because I dont think we were as alive to the threats as we should have been, and probably because we hadnt had the incidents that brought it to life for us that we and our allies have had over the last five years. Its not a good answer, but it is the true answer, Devine added.To that, Little added: Its really difficult to go back in time to our predecessors. Like all good risk management, you manage risks as best you can until they become an issue. When they become an issue, and theyre live and theyre real, you step up your response. Weve always known about the risks, but it wasnt until it became a real, live issue that the scale of what we were dealing with became clear, and it needs a different sort of response.The original NAO report gave, as an example of how damaging cyber attacks can be, the instance, in June 2024, of anattack on a supplier of pathology services to the NHS in south-east London, which led to two NHS foundation trusts postponing 10,152 acute outpatient appointments and 1,710 elective procedures. It also cited the British Library ransomware attack in October 2023, which has already cost 600,000 to rebuild services. The library expects to spend many times more as it continues to recover. These were mentioned in the PAC session.The report found that the biggest risk to making the UK government resilient to cyber attack is a gaping skills gap. One in three cyber security roles in government were vacant or filled by temporary and more expensive staff in 2023-24, while more than half of cyber roles in several departments were vacant, and 70% of specialist security architects were staff on temporary contracts.In the Public Accounts Committee meeting, Little said she was sad to see a continued over-reliance on contractors, but that initiatives such as a cyber security Fast Stream and a new digital pay framework were starting to have an impact.Powell added that the overall number of digital technology professionals in the civil service has grown, and stands at nearly 6%.Its not as much as wed like it to be. We are struggling with the very technical resources, and thats a market problem they are scarce in the private sector as well as in the public sector, she said.Read more about UK government cyber resilienceNAO: UK government cyber resilience weak in face of mounting threats.Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks.Labour government plans new laws around cyber security, data sharing and skills.In The Current Issue:Digital twins map the world and guide strategic decisionsLiverpool reinvents customer service through digital platformDownload Current IssueSUSE CEO: Enterprise Linux where choice happens' Open Source InsiderSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkView All Blogs

Tech oligarch Elon Musk has drawn criticism from cyber security experts following unsubstantiated claims that Ukraine was behind an apparent distributed denial of service (DDoS) attack on his social media platform, X, formerly known as Twitter.Musk, who currently heads the US governments Department of Government Efficiency (Doge) that has fired thousands of federal workers, accused the Ukrainian government of being behind the incident that brought down X services for many users on Monday 10 March. Speaking to the Fox Business news channel, he claimed a massive cyber attack targeting X appeared to have originated from IP addresses located in Ukraine.The incident came amid a serious deterioration in relations between Ukraine and the US, and just days after US Cyber Command, the countrys military offensive and defensive cyber unit, suspended offensive operations against Russia in a significant climbdown.Ukrainian officials were quick to refute the suggestion Kyiv was behind the cyber attack, and in conversation with the BBC, former National Cyber Security Centre head Ciaran Martin described Musks accusations as unconvincing and pretty much garbage.Martin told the BBC he would be hard-pressed to think of an organisation of Xs scale that has been so badly impacted by such an incident in recent years and suggested the incident did not paint a good picture of the platforms wider cyber resilience.In a DDoS attack, malicious actors bombard a server with junk web traffic to overwhelm it, forcing it offline and leaving legitimate users unable to access it.Such crude forms of cyber attack are well-known and relatively common they frequently form a key element in hacktivist actions thanks to their accessibility, which at first glance lends a certain element of credibility to Musks claims.However, DDoS attacks are launched via geographically disperse networks of computers and other devices that have been co-opted into botnets without their owners knowledge or consent. This makes it very hard to accurately locate the individuals responsible for them.Tom Parker, cyber security author and chief technology officer (CTO) at NetSPI, said the magnitude of the attack did strongly suggest the involvement of a sophisticated threat actor but it was important to understand that accurately attributing DDoS incidents is notoriously difficult.Such adversaries are highly adept at concealing their tracks. We must be extremely cautious about pointing fingers and sabre rattling without clear and compelling evidence to demonstrate capability, motive,and likely benefit for the party involved, Parker told Computer Weekly.Despite recent events, I do believe Ukraine is still seeking to foster a more positive relationship with the US, which would make it unlikely that the claims of Ukrainian involvement are well-grounded. Rather, the scenario appears to align more with a false flag operation deliberately crafted to implicate Ukraine.As we often see in these complex situations, the most straightforward explanation isnt always correct, and drawing conclusions prematurely can lead us astray, he said.Lending more weight to arguments against Musk, a pro-Palestinian hacktivist group known as Dark Storm Team subsequently claimed via Telegram that it had been behind the incident.An account on the Bluesky social media platform claiming to be associated with this group and appearing to have links to the Anonymous collective, described the DDoS attack as a peaceful protest and said attacks would continue.Jake Moore, global cyber security advisor at ESET, said: Cyber criminals attack from all angles and are incredibly fearless in their attempts. Whether they are directed by geopolitical groups or financially motivated gangs, DDoS attacks are a clever way of targeting a website without having to hack into the mainframe, and therefore the perpetrators can remain largely anonymous and difficult to point a finger at.This also makes it that much more difficult to protect from when the landscape is completely unknown apart from having generic DDoS protection. However, even with such protection, each year, threat actors become better equipped and use even more IP addresses such as home IoT devices to flood systems, making it increasingly more difficult to protect from.Added Moore: Unfortunately, X remains one of the most talked about platforms, making it a typical target for hackers marking their own territory. All that can be done to future-proof their networks is to continue to expect the unexpected and build even more robust DDoS protection layers.Read more about DDoS attacksDDoS attacks are on the rise again. While they usually strike without warning, there are some red flags to be aware of. Rapid detection is key to surviving such an attack.A DDoS attack can wreak havoc on an organisation, but a number of strategies can help stop such attacks and minimise their damage.Learn how to recover from a DDoS attack and get operations back online quickly, while minimising impact on customers and brand reputation.

clrcrmckNewsSecret London tribunal to hear appeal in Apple vs government battle over encryptionCampaigners call for High Court hearing to be held in public as tech giant appeals against UK government order to open a backdoor into its encrypted iCloud serviceByBill Goodwin,Computer WeeklyPublished: 11 Mar 2025 15:30 A secret tribunal is due to meet at the High Court in London this week to hear tech giant Apple appeal against a Home Office order to compromise the encryption of data stored by its customers on the iCloud service worldwide.The Investigatory Powers Tribunal (IPT) has taken the unusual step of publishing a notification of a closed-door hearing on Friday 14 March, days after leaks revealed that Apple was intending to appeal against the secret order.Press and civil society groups are expected to petition the Tribunal, which rules on matters of national security, to hold the hearings in open court, given the important public interest surrounding the case and the fact the governments order has been widely leaked.The decision by home secretary Yvette Cooper to issue a Technical Capability Notice requiring Apple to give UK law enforcement and intelligence services backdoor access to data stored by Apples customers on the encrypted version of its iCloud service, has raised tensions between the UK and the US.US lawmakers are expected to intervene further in the case after the US director of national intelligence Tulsi Gabbard President Trumps most senior advisor on intelligence and security - warned that any order from the UK that could put Americans privacy at risk would be a clear and egregious violation.As a result of the UK governments move, Apple in the UK has withdrawn its Advanced Data Protection (ADP) service which allows users to store data in encrypted form on iCloud.The decision is likely to expose people in the UK using Apple services to greater risk of cyber threat as they will no longer have the ability to fully encrypt their personal data on Apples iCloud, though the service will remain available elsewhere in the world.The president of the IPT, Lord Justice Rabinder Singh, and a senior High Court Judge, Mr Justice Jeremy Johnson, have made themselves available at short notice to hear a case behind closed doors on the morning of 14 March, according to court listings.The IPT hears national security cases in secure courts at the High Court in the Strand the only central London venue authorised for national security cases, aside from a secure court on Chancery Lane used for immigration cases.A series of leaks about the secret order issued by the UK have made it more difficult for the Home Office and security agencies to maintain a stance of neither confirming nor denying the move against Apple.Privacy International, which has brought a number of cases against government agencies in the IPT, said the Apple hearings should be conducted in public.Caroline Wilson Palow, legal director and general counsel at Privacy International said: This is a very important debate to have in public, because we're talking about the security of our computer systems that can affect millions, if not billions, of people around the world, given the reported technical capability notice has global reach.Last month, over 100 cyber security experts, companies and civil society groups signed a letter calling for home secretary Cooper to drop the demands for Apple to create a backdoor that would allow government access to encrypted communications and data stored on Apples iCloud service.Timeline of UK government's order for a backdoor into Apple's encrypted iCloud service7 February: Tech companies brace after UK demands back door access to Apple cloud - The UK has served a notice on Apple demanding back door access to encrypted data stored by users anywhere in the world on Apples cloud service.10 February: Apple: British techies to advise on devastating UK global crypto power grab - A hitherto unknown British organisation which even the government may have forgotten about is about to be drawn into a global technical and financial battle, facing threats from Apple to pull out of the UK.13 February: UK accused of political foreign cyber attack on US after serving secret snooping order on Apple - US administration asked to kick UK out of 65-year-old UK-US Five Eyes intelligence sharing agreement after secret order to access encrypted data of Apple users.14 February: Top cryptography experts join calls for UK to drop plans to snoop on Apples encrypted data - Some of the worlds leading computer science experts have signed an open letter calling for home secretary Yvette Cooper to drop a controversial secret order to require Apple to provide access to users encrypted data.21 February: Apple withdraws encrypted iCloud storage from UK after government demands backdoor access - After the Home Office issued a secret order for Apple to open up a backdoor in its encrypted storage, the tech company has instead chosen to withdraw the service from the UK.26 February: US intelligence chief Tulsi Gabbard probes UK demand for Apples encrypted data -5 March: Apple IPT appeal against backdoor encryption order is test case for bigger targets - The Home Office decision to target Apple with an order requiring access to users encrypted data is widely seen as a stalking horse for attacks against encrypted messaging services WhatsApp, Telegram and Signal.In The Current Issue:Digital twins map the world and guide strategic decisionsLiverpool reinvents customer service through digital platformDownload Current IssueSUSE CEO: Enterprise Linux where choice happens' Open Source InsiderSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkView All Blogs

Compromised or vulnerable perimeter security appliances and devices especially virtual private networks (VPNs) formed the initial access vector in over half of observed ransomware attacks during 2024, according to data released this week by cyber security insurance provider Coalition in its latest annual threat report, covering 2024.US-based Coalition, which began offering its so-called Active Insurance policies in the UK back in 2022, said that cyber criminals compromised such appliances in 58% of claims with which it dealt during 2024, with the second most widespread access point being remote desktop products, blamed in 18% of claims.While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors ransomware playbook hasnt evolved all that much theyre still going after the same tried and true technologies with many of the same methods, said Alok Ojha, head of security products at Coalition.This means that businesses can have a reliable playbook too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber attack. Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.Unsurprisingly, the most commonly compromised products were all built by household names in the industry, including the likes of Cisco, Fortinet, Microsoft, Palo Alto Networks and SonicWall. The most common initial access vectors (IAVs) were stolen credentials, used in 47% of such intrusions, and software exploits, seen in 29% of cases.Coalitions analysts warned that exposed logins were fast-emerging as an underappreciated and acute driver of ransomware risks. They claimed that the organisation detected more than five million remote management solutions and tens of thousands of login panels exposed on the public internet. It added that, according to its data, most applicants for cyber insurance (65%) had at least one internet-exposed web login panel, and securing these is a requirement for buying its products.Out of these, the most commonly exposed admin login panels related to VPNs from Cisco and SonicWall, which between them accounted for over 19% of detected exposed panels, followed by Microsoft email services.In 2024, Coalition also observed a significant number of exposed Citrix panels, which caused significant losses, including more than a billion dollars from the infamous Change Healthcare incident in the US, in which a ransomware gang used stolen Citrix credentials and exploited a lack of multifactor authentication to access the victims systems.As part of the set of services Coalition provides, it sends out zero-day alerts to its customers as and when new vulnerabilities are discovered, and constantly monitors for new vulnerabilities.As such, its annual report also includes data on some of the more widespread common vulnerabilities and exposures (CVEs) it saw in 2024 issues with Citrix, Fortinet, Ivanti and Palo Alto Networks prominent among them.Looking ahead to 2025, Coalitions analysts said the number of published vulnerabilities would likely increase to more than 45,000, a rate of nearly 4,000 every month, up 15% over the first 10 months of 2024.This aligns closely with data released in February by the Forum of Incident Response and Security Teams (First), a non-profit, which suggested that CVE volumes may even top 50,000 this year.A combination of new players in the CVE ecosystem, evolving disclosure compliance practices and a rapidly expanding attack surface are likely behind the growing number of vulnerabilities being reported on.This years report focuses on the most crucial security risks that under-resourced organisations should understand to better calibrate their defensive investments to bolster resilience, said Daniel Woods, senior security researcher at Coalition.Calibration involves balancing security investment across vulnerabilities, misconfigurations and threat intelligence, while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. Thats why Coalition issues Zero-Day Alerts to help businesses, especially SMEs with limited security resources, stay ahead of these vulnerabilities and reduce alert fatigue by prioritising those posing the greatest risk.Read more about ransomwareThis key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024, with the help of highly-placed contacts in Moscow.Several factors, including the impact of law enforcement operations disrupting cyber criminal gangs and better preparedness among users, may be behind a significant drop in the total value of ransomware payments.The criminal ransomware fraternity was hard at work over the festive period, with attack volumes rising and a new threat actor emerging on the scene.

Shuo - stock.adobe.comNewsPure aims at AI beyond the enterprise with FlashBlade//ExaFlashBlade//Exa targets use cases between the enterprise and hyperscalers with a disaggregated architecture and its DFM flash modules to be available separately for the first timeByAntony Adshead,Storage EditorPublished: 11 Mar 2025 13:00 Pure Storage has announced FlashBlade//Exa, which aims at artificial intelligence (AI) and high-performance computing (HPC) workloads that demand extremely high throughput to graphics processing units (GPUs). That will serve customers between large enterprise users of AI and the hyperscalers.At the same time, FlashBlade//Exa has also introduced a new architecture to a Pure product line, one in which metadata and bulk storage are disaggregated with different hardware and protocols in use.All of which is in line with Pures orientation towards architectures used by the hyperscalers, and comes hot on the heels of last weeks revelation that Meta is the mystery hyperscaler that decided to buy Pures Direct Flash Modules (DFMs) for its own systems (see below).According to Patrick Smith, field chief technology officer at Pure Storage, Exa addresses challenges in storage for AI that include GPU utilisation, inconsistent performance generally, all specifically with metadata, scalability and management complexity.Exa aims at a performance level somewhat higher than current FlashBlade products, targeting AI factories and GPU-as-a-service providers such as Coreweave, Tenstorrent, DataCrunch and Foundry, as well as research labs, HPC users and sovereign cloud projects. All of which, Pure said, have performance needs in the 1TBps (terabytes per second) to 50TBps throughput range, with 100PB (petabytes) to multiple exabytes of capacity and support for thousands to tens of thousands of GPUs.FlashBlade is Pures fast file and object family, although Exa appears to be file access-only for now.Its next level in comparison to the FlashBlade S500, said Smith, citing FlashBlade//Exa performance figures of greater than 10TBps read performance in a single namespace, 3.4TBps throughput per rack, and an increase of 20 times in the number of files handled under single namespace.The novel architecture for Pure that lays the ground for the new product, is disaggregation between the metadata and bulk storage data nodes. Metadata is stored on FlashBlade nodes ie with controller hardware and connects to customers compute cluster via NFS v4.1 parallel file access and TCP. Meanwhile, data nodes connect via Network File System (NFS) v3 (not parallelised) and Remote Direct Memory Access (RDMA).For the first time, Pure will offer this with Pure-recommended network interface cards (NICs) in customer-specified commodity non-volatile memory express (NVMe) storage servers, but later this year, Pure DFMs will be available for use with FlashBlade//Exa.As mentioned, this is the first time Pure has released a product without its own DFM capacity, but according to Smith, a decision was forced by acceleration in the AI [artificial intelligence] landscape, increased demand and especially increased scale.And so, coming out with a platform that allows customers to meet those scale demands in terms of performance and capacity is something we felt we shouldnt wait on, he added.This disaggregation of metadata storage and bulk storage, as well as the independent supply of its flash modules, is in keeping with recent developments that saw it unveil Meta as a hyperscaler customer for Pures DFMs.Around the turn of the year, Pure announced Kioxia and Micron as quad-level cell (QLC) flash chip providers for DFM modules for supply to a hyperscaler customer. That customer has now been revealed as Meta, which has gone public with a blog post detailing a shift from hard disk drives to QLC flash.That is for workloads that suit QLCs performance profile of highly sequential data and infrequent/low-intensity writes due to its low write endurance, and because QLC is not yet price competitive enough for a broader deployment.General availability of FlashBlade//Exa will be in summer 2025. Also planned for later this year are S3 object storage access via RDMA, Nvidia certification and Pure Storage Fusion integration.Read more about storage and AIStorage technology explained AI and data storage: In this guide, we examine the data storage needs of artificial intelligence, the demands it places on data storage, the suitability of cloud and object storage for AI, and key AI storage products.Storage technology explained vector databases at the core of AI: We look at the use of vector data in AI and how vector databases work, plus vector embedding, the challenges for storage of vector data and the key suppliers of vector database products.In The Current Issue:Digital twins map the world and guide strategic decisionsLiverpool reinvents customer service through digital platformDownload Current IssueSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkSUSE Edge for Telco 3.2 dials into disaggregated network architectures Open Source InsiderView All Blogs

CW+ Premium Content/Computer WeeklyThank you for joining!Access your Pro+ Content below.11 March 2025Digitally mapping the worldIn this weeks Computer Weekly, we find out how digital twins are mapping our planet to guide strategic decisions such as environmental policies. Liverpool City Council explains how a digital overhaul will transform customer experience. And we find out what it takes to become a cyber security entrepreneur. Read the issue now.Access this CW+ Content for Free!Already a member? Login hereFeaturesin this issueDigital twins map the world and guide strategic decisionsbyMartin SchwirnDigital twins are seeing use in an increasing number of potential applications such as decision-making purposes with a focus on scenarios and potential dynamics to capture uncertainties and make them manageableLiverpool reinvents customer service through digital platformbyLis EvenstadLiverpool City Council wants to improve residents experience of dealing with the council, and sees digital technologies as key to achieving its goalView Computer Weekly ArchivesNext IssueMore CW+ ContentView All

Trump tariffs raise USMCA trade agreement questionsImposing large tariffs on U.S. allies in the United States-Mexico-Canada Agreement could be a boon for China.16 top ERM software vendors to consider in 2025Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management ...New FTC rules unlikely with limited funds, policy shiftsAmid resource limitations and changes at the federal level, the FTC will be cautious in its approach to bringing cases and making...RSA 2025 Innovation Sandbox Contest Celebrates 20th AnniversaryStarting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity ...SEC cybersecurity disclosure rules, with checklistPublic companies must regularly share information about their cybersecurity practices and disclose details of material ...Top 14 open source penetration testing toolsFrom Aircrack-ng to ZAP, these open source penetration testing tools are essential additions to any security pro's toolbox.The 4 different types of wireless networksThe four types of wireless networks -- wireless LAN, wireless MAN, wireless PAN and wireless WAN -- differ in size, range and ...802.11 standards: How do 802.11ac, 802.11ax, 802.11be differ?Wi-Fi standards -- 802.11ac, 802.11ax and 802.11be -- differ based on frequency bands, spatial streams and maximum data rates, ...4 phases to build a network automation architectureThe implementation of a network automation architecture involves several elements, including a core orchestration engine, ...8 IaC configuration file editors for admins to considerConfiguration files are essential for app and OS functionality but managing them at scale can be challenging. Here are eight ...Tidal energy for data centers: A sustainable power optionTidal energy offers a sustainable and dependable power source for data centers. It reduces carbon emissions and operational costs...How data centers can help balance the electrical gridData centers consume 1% of global electricity. To ease grid pressure, data centers should use renewable energy, partner with ...New Databricks tools tackle lingering GenAI accuracy issuesFeatures such as centralized model governance and real-time monitoring aim to improve the accuracy of outputs so that enterprises...Qdrant update adds security measures for AI developmentThe vector database specialist's update includes features that enable secure AI development such as role-based access control and...Alation unveils AI agents plus SDK for agentic developmentThe data catalog vendor's new agents for documentation and data quality monitoring represent innovation among metadata management...

Pawel Pajor - stock.adobe.comNewsPeter Kyle sets stage for making tech workDuring his speech at the Tech Policy conference, Kyle announced a number of initiatives to support AI and other new technologiesByCliff Saran,Managing EditorPublished: 10 Mar 2025 16:28 During his presentation at TechUKs Tech Policy conference in London, science and technology minister Peter Kyle unveiled investments, reforms and appointments to drive innovation and boost the economy.Technology is set to play a pivotal role in the governments industrial strategy called Invest 2035. The governments greenpaper on a 10-year industrial strategy notes that the economy has faced significant shocks in recent years and has had a poor productivity record over the past decade and a half, consistently investing less than its international peers, and lagging on the performance of city regions outside London and the South-East.Kyle said: Everywhere you see, there is an imbalance of power in this country which has for too long made it impossible to imagine a better future for Britain. To deliver our Plan for Change, we have to shift the balance of power away from stagnation and old ideas towards innovation and opportunity, and to the bold people building a new future for Britain.AI, semiconductors, cyber security and quantum technologies are among the promising technology developments that could drive growth in the UK economy. But direct support, which includes public sector funding, is likely to be needed to stimulate these sectors.The governments greenpaper on its industrial strategy, published in October 2024, calls for a targeted strategy where the government takes a deliberate and targeted approach towards growth-driving sectors and places. The approach requires temporary government support to scale up industries, particularly those with potential for global competitiveness.The greenpaper urges the government to focus on a range of technologies and their commercialisation, with a portfolio approach that backs smaller, less proven and more disruptive businesses alongside larger, well-established businesses.The aim of such support is to provide a stimulus to enable innovative businesses and startups to get the funding they require to scale up. Direct government intervention is seen as a way to reduce uncertainty and support the development of critical sector-specific knowledge, and crowd in private capital to growth-driving sectors.Direct government support, according to the greenpaper, also encourages competitive and innovative business ecosystems, particularly in industries with low market dynamism and high barriers to entry, and can be used to identify the importance of strong supply chain linkages between sectors.One example of such direct support is the Quantum Missions Pilot, which aims to accelerate quantum computing and quantum networking technologies. During his TechUK speech, Kyle announced winners of Innovate UKs Quantum Missions Pilot, each of whom is set to receive a share of 12m to help accelerate the real-world impact of quantum computing and quantum networking technologies.The government also said it will be investing 23m in edge telecoms research and deployment to expand mobile coverage for people and businesses across Britain.As Computer Weekly has previously reported, during his TechUK speech, Kyle announced an overhaul in how AI experiments and other digital projects are funded in the public sector. The government hopes the overhaul will simplify the process to cut down waste in taxpayer funding.He also named David Willetts, who served as science minister from 2010 to 2014, as the first chair of the Regulatory Innovation Office (RIO). The RIOs goal is to ensure the UKs regulatory regime can keep pace with innovation.Read more about UK tech fundingGovernment funding to help businesses discover AI value: The government is betting the bank on the power of artificial intelligence to fix the public sector, mend roads and boost the UK economy.Government launches 100m innovation fund for public service reform: Chancellor of the Duchy of Lancaster calls on Whitehall to adopt a test-and-learn culture and pledges to make government more like a startup.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkSUSE Edge for Telco 3.2 dials into disaggregated network architectures Open Source InsiderView All Blogs

Chris Conway, Co-op Foods e-commerce director, promised on 11 February that a rebranded business-to-business (B2B) quick commerce app from the organisation was imminent.Talking at Retail Week and The Grocers Live 2025 event in North London, Conway said Co-ops Nisa to You app helping more than 30 of the independent retailers in its network to deliver groceries speedily to customers was set for relaunch. It was initially unveiled in trial form last summer, enabled by Co-ops tech stack and with integrations into the same couriers used by the Co-op Food stores.Well be able to commercialise and operationalise it and go at huge scale, Conway said at Live 2025.On 27 February, it all became clear. Co-op announced the launch of Peckish, describing it as a million-pound rapid delivery grocery app offering a technologically advanced service to thousands of independent retailers looking to serve their customers and communities online.The new name is incidental its what the tech can help individual stores to achieve thats important. The has Co-op said Peckish will give small, often family-owned, independent grocery businesses, shops and other co-operative retail societies the chance to provide an online grocery shopping and delivery service using their stores as fulfilment centres.The retailer stated that it helps these businesses overcome barriers that independent retailers face when moving to sell online, which typically relate to cost, scale and resource. In some cases, it means independents will be able to get goods delivered to their local customers in under 30 minutes.Co-op, which has rapidly built its own quick commerce proposition in the past five years, with the aim of being a leading grocer in that space, already works with Deliveroo, Just Eat and Uber Eats nationwide, as well as Starship Technologies for autonomous robot delivery in some regions. The new Peckish app will mean the independents it owns thanks to its acquisition of symbol group Nisa in 2018 can also offer many of these delivery courier partner options to their customers.Co-op is making an initial 1m investment for year one on Peckish, and is targeting a sign-up rate of more than 1,000 stores in year one, with potential to treble that by year three.Peckish will be linked with a retailers electronic point of sale (PoS) system, meaning it saves the individual store manual tasks such as pricing and stock control and management. Retailers who sign up to the service have also been promised a range of support including data and insight from Co-ops quick commerce team, as well as PoS material, window stickers, leaflets, shelf talkers, digital assets, posters and banners.Matt Hood, Co-op Food managing director, said consumers appetite for a convenient grocery delivery service in as little as 30 minutes from ordering increases almost weekly.Hood announced major plans for Co-op growth in January, saying 75 new stores would be opening in 2025, with 80 undergoing refurbishment. A central cog of the work is to maximise the potential of Co-ops existing portfolio of properties, and part of that means strengthening shops role in the retailers online proposition.Co-op calls its stores micro-distribution hubs for its online home delivery operation, with orders picked fresh in local stores and delivered quickly to ensure its high street shops benefit from online orders.The retailer said in January that it wants to grow its share of the quick commerce market to over 30%, which is one of the motivating factors behind Peckish.It has been incrementally reinforcing its tech stack to support this strategy, with a SAP migration completing in June 2024. Eight years previous, Co-op started implementing SAPs Retail ECC Suite on HANA to drive improvements in product ranging, stock visibility and forecasting across its stores.More recently, RISE with SAP S/4HANA Cloud has been put in place which brings Co-ops ERP into the cloud and streamlines its finance and procurement functions. In addition, an ongoing project with Manhattan Associates is seeing Co-ops warehouse management systems (WMS) switching over to the suppliers cloud-based Manhattan Active WMS as part of a move away from datacentre reliance.Meanwhile, in July 2024, Co-op started work withWalmart Commerce Technologiesto implement the US grocery giants online fulfilment technology, Store Assist.The official jargon surrounding the tool is that it digitises and streamlines online order fulfilment workflows. What that means in practice is that Co-op can integrate all its third-party delivery partnerships on one platform and device, which is then put in the hands of store staff so they can understand, organise and manage a complex network of couriers turning up at shops to collect online orders throughout the day.Co-op even announced in September 2024 that some of its city centre stores will offer a 24-hour service, meaning consumers can order goods online for instant delivery at any time of day. The service, it said, could be ideal for shift workers, young families and late-night partygoers.Co-ops quick commerce investment and focus is not unique, albeit it is more comprehensive in its offering compared to the wider UK grocery industry.Tesco has doubled down on its Whoosh rapid delivery service in the last year, with it featuring heavily in the retailers national advertising campaigns. Former Deliveroo global head of strategy Francesca Jones arrived in January to lead Whoosh, which contributed significantly to a 10.8% year-over-year (YoY) Tesco online sales rise over Christmas 2024.Some 1.2 million customers placed orders on this instant delivery offering during the peak period, supported by the expansion of the service which meant it was more accessible at Christmas than before and available up until 24 December. I speak to my team and say, Dont worry about the other grocers, see what McDonalds is doing Chris Conway, Co-op FoodElsewhere, Ocado ramped up its Express It offering in August 2024, allowing its customers to book for same-day delivery up until 11am. One month before, Morrisons expanded its partnership with Just Eat to include on-demand grocery deliveries from its groceries from its supermarkets in addition to the service from its cafs and Morrisons Daily convenience stores that had been in place since 2022.And as Co-op launches its B2B app, its worth remembering Snappy Shopper is already making waves in this space supporting convenience stores with an online delivery service. In January, it said its weekly trading volumes surged by 42% YOY at the end of 2024, with the platform facilitating more than 14m in monthly transactions during the final quarter.In December, Snappy Shopper said it was increasing the number of Tesco-owned One Stop stores served by its network to 530, further highlighting the consumer demand for rapid fulfilment from local stores.Talking at Live 2025, Conway gave some deep insight into Co-ops innovation strategy and how it monitors its competition in the quick commerce space.Our competitor set is amazing its a privilege to be in that competitor set, he said, adding that many of its competitors follow the Co-op with innovation. Our competitor set in grocery is fantastic at supply chain, getting thousands of products to thousands of locations in the most efficient way possible.Intriguingly, its an adjacent industry where Conway encourages his team to look for inspiration: I speak to my team and say, Dont worry about the other grocers, see what McDonalds is doing. Go to some of their new sites and you see theyve made space for riders, and the way they operate is effectively as a mini fulfilment centre as well as a restaurant. Thats fascinating and the way I see the future of Co-op going.When looking at how the Co-op embraces digital and tech-enabled transformation, Conway said the organisation has gotten better over time. In particular, he said the Co-op has approved investment and funding in the past 18 months to do discovery work rather than waiting for a detailed business case.Once youve done discovery, youre almost in and its too late to back out, he said, reflecting on the previous methods used by the retailer. Now were prepared to throw some money away and do discovery to realise if its something we want to do. And what we realise is that, 95 times out of 100, once weve done discovery, its the right idea and we go ahead.He talked of Co-op now having a fail-fast mentality, adding: Its been refreshing to be around that mentality; it wasnt like that when I joined. How weve grown up and how the culture has changed is really infectious.Conway stated that the Co-op is already benefiting from the SAP migration in terms of how quickly it can introduce new ideas and drive efficiency.It seems that having a thought-out approach to transformation can also be beneficial in dealing with unexpected burdens. With most retailers voicing concerns about the impact of the October 2024 Budget, which will result in increased employment costs from April in the form of greater National Insurance Contributions (NIC), Conway offered a pragmatic response.In business, you have to expect the unexpected, he said of the budget announcements. Of course, the incremental costs are always a challenge, but its about realising the country is in quite a dilemma in terms of where to get the funding, so something had to give.Whats more important is looking at your innovation transformation programme. As long as you have that constant balance of transformation where youre driving efficiency but driving new business and growth doing that equally I think youre able to ensure youre able to cope with things like NIC.Offering a personal viewpoint, Conway said that he envisions a growth agenda from the UK government coming into force in the second half of the year: For now, its about continuing innovation, doubling down on cost savings, doing the right thing for colleagues and communities, and then hopefully we can put our foot down and support the governments growth agenda.Read more about retail technologyReal-life pilot projects show the potential, but industry mindset change is required to help retail and wholesale fleets drive major decarbonisation gains in the year ahead.Retailers and carriers met for the annual Delivery Conference in February 24, discussing how to use tech and data to drive improvements in e-commerce.

.shock - stock.adobe.comOpinion2024: the year misconfigurations exposed digital vulnerabilitiesSmall configuration errors cascaded into major outages during 2024. Mike Hicks, from Cisco ThousandEyes, propounds techniques to defend digital resilience against tales of the unexpectedByMike HicksPublished: 10 Mar 2025 Imagine the impact of a sudden service disruption on your business. Customers unable to access your platform, transactions put on hold, and your team racing against the clock to fix the issue. These arent far-fetched scenarios theyre the kinds of challenges many organisations faced in 2024 when small configuration errors cascaded into major outages.Our increasingly digital world has provided incredible opportunities for growth and efficiency, but its also introduced new vulnerabilities. Configuration changes have always had the potential to take out services but with more of the digital landscape managed and configured with code, the propensity for mistakes is now much higher. The missteps of 2024 were a stark reminder that even minor errors can disrupt operations, dent user trust, and create lasting challenges for businesses across all industries.This makes digital resilience more than a best practiceits a critical necessity. By examining the high-profile outages of 2024 and understanding their causes, businesses can take actionable steps to build stronger, more reliable systems and safeguard their digital experiences.Identifying the route causeWhen it comes to configuration-caused outages, businesses were challenged by two key trends over the last year that elevate the importance of digital resilience in the face of disruptions: continuous improvement and delivery (CI/CD), and the accelerated deployment of modern applications and cloud services.The first trend, CI/CD, characterises modern software engineering best practices. It allows product and engineering teams to make small modifications and improvements faster and with greater frequency, but on the flipside, the rapid pace shortens the time available for end-to-end testing. In addition, the ever-changing nature of application code makes its behaviour unpredictable, even on a day to day basis.The second trend is the accelerated deployment of modern applications and cloud services, which are inherently distributed in design, including their underlying infrastructure. Digital applications comprise of many components that are orchestrated together to deliver a single, seamless experience. These components are often developed by different agile teams and may reside on either owned or unowned (third-party) infrastructure. In these environments, we often observe instances where a team making a change is doing so to improve their own patch or portion of the application, but may not have complete visibility into what flow-on impact their change might have on the rest of the infrastructure.While the resulting misconfigurations may be unintentional, software configuration outages can have a significant impact relative to the size of the change. So, what does this look like in practice for organisations?2024 - the year of outagesIn the networking space, unintended misconfiguration of routing policies has been a recurring issue over many years. A service provider, for instance, may mistakenly insert themselves into a traffic path by advertising a prefix it doesnt own or control and is unable to handle the sudden traffic influx, leading to timeouts and other connectivity-related failures for end users. One example took place in October last year, when a number of OVHcloud services were subject to a faulty configuration that impacted several regional telecom providers.With accelerated cloud adoption, configuration errors have also become an increasingly common issue in the cloud, impacting security functionality, performance, and availability. Last year, for example, two Azure resources were impacted: one in January, when an erroneous configuration change triggered a dormant defect that resulted in a 7-hour long degradation of the Azure Resource Manager; and one in July, when a configuration change impacted backend connections to compute and storage resources, ultimately impacting services such as Confluent, Elastic Cloud, and Microsoft 365. Later in the year, Salesforce also suffered a similar incident that prevented global users from accessing the cloud service when critical information was left out of an updated configuration file.It isnt just the network or cloud infrastructure where configuration errors occur. Problems also manifest within the applications themselves. Notably in July last year, an issue with a single CrowdStrike configuration file resulted in system crashes and blue screens of death (BSOD) on affected Windows systems worldwide - but there were other incidents as well. A series of temporary issues with ChatGPT pointed to configuration changes and re-architecture to improve the user experience. And Square merchants experienced payment problems when a new feature configuration could not be interpreted by Android devices.Digital resilience in the face of disruptionIn 2024, many configuration changes not only degraded digital experiences but also disrupted the delivery of the service completely. Its this subset of incidents that produced the biggest lessons of 2024 that shouldnt be repeated in 2025.For product owners and operations teams, the drive to continuously improve remains as important as ever, but user experience needs a bigger focus. Automation and assurance technologies both have a role to play here. These solutions can compare ongoing patterns against known outage patterns, providing visibility and correlating signals to allow early detection of degradations or disruptions to an application or other IT asset. In the case of a configuration change gone wrong, this could be the difference between a speedy rollback and a lengthy troubleshooting process.Successfully implementing a configuration change on the first attempt is key for businesses across all industries and indicates that the organisation has access to ample data and insights all the way from the end user to the cloud, allowing them to adequately assess the potential impact of changes made at any point in the end-to-end delivery chain.Be it caused by a misconfiguration or otherwise, lessons can be learned from the outages of 2024 and minimising the occurrence and impact of any disruption will be core to achieving digital resilience in 2025.Mick Hicks is a Principal Solutions Analyst at Cisco ThousandEyesRead more about outagesBig bank systems crashed for over 800 hours in last two years due to IT outages8 largest IT outages in historyCauses of IT outages explainedIn The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkSUSE Edge for Telco 3.2 dials into disaggregated network architectures Open Source InsiderView All Blogs

Trump tariffs raise USMCA trade agreement questionsImposing large tariffs on U.S. allies in the United States-Mexico-Canada Agreement could be a boon for China.16 top ERM software vendors to consider in 2025Various software tools can help automate risk management and GRC processes. Here's a look at 16 enterprise risk management ...New FTC rules unlikely with limited funds, policy shiftsAmid resource limitations and changes at the federal level, the FTC will be cautious in its approach to bringing cases and making...RSA 2025 Innovation Sandbox Contest Celebrates 20th AnniversaryStarting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity ...SEC cybersecurity disclosure rules, with checklistPublic companies must regularly share information about their cybersecurity practices and disclose details of material ...Top 14 open source penetration testing toolsFrom Aircrack-ng to ZAP, these open source penetration testing tools are essential additions to any security pro's toolbox.802.11 standards: How do 802.11ac, 802.11ax, 802.11be differ?Wi-Fi standards -- 802.11ac, 802.11ax and 802.11be -- differ based on frequency bands, spatial streams and maximum data rates, ...4 phases to build a network automation architectureThe implementation of a network automation architecture involves several elements, including a core orchestration engine, ...15 common network protocols and their functions explainedNetworking makes the internet work, but it needs several key protocols. These common network protocols make communication and ...8 IaC configuration file editors for admins to considerConfiguration files are essential for app and OS functionality but managing them at scale can be challenging. Here are eight ...Tidal energy for data centers: A sustainable power optionTidal energy offers a sustainable and dependable power source for data centers. It reduces carbon emissions and operational costs...How data centers can help balance the electrical gridData centers consume 1% of global electricity. To ease grid pressure, data centers should use renewable energy, partner with ...Qdrant update adds security measures for AI developmentThe vector database specialist's update includes features that enable secure AI development such as role-based access control and...Alation unveils AI agents plus SDK for agentic developmentThe data catalog vendor's new agents for documentation and data quality monitoring represent innovation among metadata management...Teradata unveils vector store to fuel AI developmentThe longtime data management and analytics vendor's new feature will enable developers to discover the relevant data needed to ...

sdecoret - stock.adobe.comNewsGoverment overhauls AI funding to drive agilityA startup mindset is at the heart of a Labours approach to how it wants to speed up AI innovation in the public sectorByCliff Saran,Managing EditorPublished: 10 Mar 2025 12:14 To tie in the TechUK Tech Policy conference, the government said it plans to overhaul how artificial intelligence (AI) experiments and digital projects are funded in the public sector. The Department for Science, Innovation and Technology (DSIT) wants to cut down waste in taxpayer funding, boost efficiency through innovation, and to improve services for the public to deliver on Labours Plan for Change.The review into funding aims to stop public sectors technology money being spent on projects that fail to deliver intended outcomes for the public. The overhaul in funding follows the publication of a blueprint for a modern digital government, which set out how technology will be used to improve public services, drive growth and deliver the Plan for Change.The blueprint revealed that one in four of the digital systems used by central government are outdated. For the worst affected organisations, this figure is almost triple (70%).Technology secretary Peter Kyle said: Technology has immense potential to build public services that work for citizens. But a decades-old process has encouraged short-sighted thinking and outdated tech, while stopping crucial innovation before it even gets going.These changes were making ensure innovation is the default. We will help give AI innovators in government the freedom they need to chase an exciting idea and build prototypes almost immediately.Following publication of the funding review, which reported that many digital projects face overly complex spending approval processes, among the changes the government is putting in place is what DSIT describes as a startup mindset, which it said will offer a route to simplify how government funds small AI projects.The government plans to put in place four new approaches to funding innovation that it will start testing from April. These approaches build on the success of Gov.uk Chat, the governments experimental generative AI chatbot, to provide staged funding for innovation. The government said it will focus on developing new outcome metrics and evaluation plans for major digital projects to ensure that these deliver value for money for the taxpayer.DSIT hopes that a more agile funding process will speed up building and testing of initial prototypes. If early trials of a project show the potential to save money and improve public services for citizens, the government plans to increase support through larger tests.Chief secretary to the Treasury, Darren Jones, said: This government is determined that digital transformation of the state and our public services will deliver better outcomes for people, and ensure every pound of taxpayers money is spent well.As the government continues to work out the best route to support UK tech innovation and make use of such innovation to improve digital services across the public sector, a study for TechUK reported that the tech sector has a broadly positive view of the UK government twice as many tech businesses think the new Labour government has performed well (52%) than poorly (23%). However, a third of small and mid-side businesses polled believe the government is performing poorly. The poll of 250 businesses reported that issues such as high implementation costs (41%), the complexity of new technologies (37%), and energy costs associated with new technology (34%) were the major barriers that tech sector customers face.Read more digital government articlesDelivering digital government its (still) not about technology: One of the UK governments most senior digital leaders reveals the flaws and difficulties of delivering digital transformation across the civil service.Everything, everywhere, all at once automated decision-making in public services: Despite the UK governments fervent embrace of artificial intelligence, there is still little meaningful transparency around the scope of the technologys deployment throughout public services.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - OurCrowd: Are domain-specific LLMs just as good (or better)? CW Developer NetworkSUSE Edge for Telco 3.2 dials into disaggregated network architectures Open Source InsiderView All Blogs

The United Nations-backed Science Based Targets Initiative (SBTi) launched a campaign with 1,045 companies participating in June 2019 to help limit the long-term, global average increase in the Earths surface temperature to 1.5C.According to a report published by the SBTi last year, charting the progress made towards achieving the 1.5C goal, 239 of the original participants were removed on 7 March 2024 for failing to meet deadlines conducive to hitting their net-zero goals.Accentures Destination net zero report, published in November 2024, says companies across all industries are making meaningful progress towards their net-zero goals, but progress is not fast enough.As once distant climate targets become near-term business priorities, only a small percentage of the worlds largest companies are on track to realise net zero by [the] mid-century, the report states.And there are several reasons why companies are finding it difficult to hit their net-zero goals, it seems.Economic pressure is a major one, with green IT initiatives and sustainability strategies often falling victim to cuts when times get tough within companies, says Shane Herath, chair of the Eco-Friendly Web Alliance.Economic uncertainty in 2024 posed a serious challenge for sustainability efforts across industries, he says. Initiatives aimed at reducing environmental impact were sometimes postponed or scaled back, viewed as cost centres rather than investments.And, when times are tough, company stakeholders and shareholders will be looking to prioritise spend that delivers short-term financial gains and tangible benefits, which is not always true of sustainability-focused investments.Carmen Ene, CEO of sustainable technology lifecycle management service provider BNP Paribas 3 Step IT, says companies across the world also deprioritised working towards their net-zero goals in 2024 because of political pressure. Sustainability and profitability arent at odds they are powerful partners Carmen Ene, BNP Paribas 3 Step ITIn some parts of the world, politicians have weaponised action on the environment, pedalling the misconception that sustainability is expensive, burdensome, and a threat to affordability and prosperity, she says.Amidst a cost-of-living crisis and rising global energy prices, this has resonated, weakening support for a swift end to fossil fuels.As a result, she says it is not surprising that some businesses have become more hesitant to embrace IT sustainability and have even rowed back on their environmental, social and governance (ESG) targets.[They are] wary of the complexities of sustainability reporting, the perceived cost of implementing green solutions, and the impact on competitiveness, she says.However, research shows that companies that embrace sustainability significantly outperform their less environmentally friendly competitors, and are more efficient too, says Ene.Its time to shift the focus from the perceived costs and complexities of sustainability to the immense opportunities and tangible advantages it presents, not just for the planet but also for businesses and the economy, she says.Lets reframe the climate discussion and tell a more persuasive story about the measurable wins we can achieve, like jobs, new partnerships, business growth, resilience and innovation.She adds: Sustainability and profitability arent at odds they are powerful partners.On this point, Herath agrees, and says senior leaders need to realise that investing in IT sustainability initiatives has long-term benefits for companies, particularly when it comes to creating efficiencies, cultivating a favourable reputation, and generating more business later on.Companies that integrated sustainability into their business models demonstrated the financial and operational benefits of going green, he says.And there are myriad ways that companies can achieve this from a technology perspective, he adds.Investing in energy-efficient hardware, cloud services powered by renewables and smarter data management systems are actionable steps that can deliver measurable results, suggests Herath.Collaborating across departments to align sustainability goals will also be critical, especially in areas like procurement and product lifecycle management. Investing in energy-efficient hardware, cloud services powered by renewables and smarter data management systems are actionable steps that can deliver measurable results Shane Herath, Eco-Friendly Web AllianceRich Gibbons, head of IT asset management, and Stephen Old, head of FinOps, at consultancy Synyega, suggest some tech-focused steps enterprises can take to reduce their environmental footprint.For instance, they recommend that enterprises regularly do a stock-take of the technology providers that make up their supply chains, to ensure they are only working with suppliers that prioritise sustainability.In a similar vein, the pair also advise enterprises to carry out regular assessments of the software and hardware assets that make up their IT estate to ensure none are using up unnecessary amounts of compute resources, in the form of unused cloud instances, for example.The way organisations acquire, use and dispose of all technologies including software and hardware contributes to good sustainability practices, say Gibbons and Old.On-premise datacentres are full of servers, storage and networking equipment, while users across an organisation account for hundreds and thousands of laptops, desktops, mobile phones, tablets and more. All of these have a carbon footprint throughout the lifecycle of creation, use and disposal.With this in mind, companies should also look to implement a circular economy model in IT operations by focusing on reusing, refurbishing, remanufacturing and recycling IT assets to extend their lifecycle and reduce waste, the pair add.Technology giants Google and Microsoft are examples of companies that have faced difficulties in balancing their climate commitments with business growth, with both posting sustainability reports in 2024 that showed their carbon emissions going up, rather than down.As reported by Computer Weekly at the time, keeping up with the growing enterprise demand for cloud and artificial intelligence (AI) services was cited as a factor in both cases.Microsofts May 2024 environmental sustainability report revealed that, despite pledging to become a carbon-negative entity by 2030, the companys greenhouse gas (GHG) emissions for 2023 were 29.1% higher than its 2020 baseline.The report attributed this rise to a 30.9% increase in the companys indirect Scope 3 emissions, generated in part by Microsofts efforts to expand its global datacentre footprint.Googles sustainability report, published in July 2024, cited an increase in datacentre energy consumption as a factor in why its 2023 GHG emissions were up 13% on the previous year.Gartner vice-president analyst Bob Johnson highlights various pressures the exponential demand for AI services from enterprises is putting on the hyperscalers datacentres and wider sustainability strategies.Gartners data shows, for example, that by 2027, 40% of AI datacentres will face operational constraints due to power shortages, because the amount of electricity consumed by these facilities is set to soar by 160% within the next three years.Such a surge threatens to overwhelm utility providers, disrupt energy availability and undermine sustainability goals as fossil fuel plants remain in operation to keep up with demand, says Johnson.The insatiable energy appetite of hyperscale datacentres is outstripping the ability of power grids to cope [because] AI models require immense computational power for training and operations, making 24/7 energy availability essential, he says.The strain on energy grids [this situation is creating] is having a knock-on effect on sustainability goals. In the short term, many datacentres will need to rely on fossil fuels, increasing their carbon footprints and delaying forward progress toward net-zero targets.That said, there are actions the hyperscalers and other enterprises can take now that could mitigate some of these impacts, until the availability of renewable energy to power AI workloads increases, for example.Balancing the deployment of energy-intensive GenAI [generative artificial intelligence] applications with environmental responsibility requires innovative approaches, such as adopting smaller language models, leveraging edge computing and collaborating with datacentre providers to optimise energy use, says Johnson.Organisations must prioritise efficiency in AI workloads, re-evaluate sustainability goals, and actively support the development of greener energy alternatives like clean hydrogen and small nuclear reactors, he adds.As the demands of GenAI reshape the global energy landscape, success will require more than just technological prowess. It will demand foresight, collaboration and a willingness to innovate sustainably.And where the wider technology community is concerned, BNP Paribas 3 Step ITs Ene says the responsibility is now on them to ensure that the roadblocks to sustainability that emerged in 2024 do not become more obstructive, and cause more enterprises to turn their backs on sustainability and circular IT.It will be up to savvy tech providers to keep championing the cause and clearly highlighting the full spectrum of business benefits sustainable business models can deliver operational, financial, reputational and beyond, she says.For me, [2025] is about making sure everyone is onboard our people, partners and customers to understand just how powerful a circular economy for technology can be in helping organisations remain competitive with the latest technology while managing legacy tech in a way that recoups its value and minimises its environmental impact, she continues.We can only foster a shared understanding of its transformative potential by engaging in open and transparent dialogue about the challenges and opportunities sustainability can create. If organisations are armed with the information, evidence and tools to make the case for sustainable investment, positive change will certainly be on the horizon.Read more about IT sustainabilityHow to use data center wind turbines for sustainable energy: Wind power is a promising way for data centers to cut carbon footprints. Despite challenges, evolving technology offers efficient turbines for substantial electricity generation.Cisco aims for better AI power consumption: At Cisco Live EMEA in Amsterdam, Cisco execs shared their thoughts on the developing issues around how artificial intelligence is affecting datacentre power consumption.

kittikorn Ph. - stock.adobe.comNewsLatest Alibaba AI model demos AI improvementsThe latest model from Chinese public cloud provider Alibaba shows how reinforced learning is driving AI efficiencyByCliff Saran,Managing EditorPublished: 07 Mar 2025 15:42 Just two months after the tech world was upended by the DeepSeek-R1 AI model, Alibaba Cloud has introduced QwQ-32B, an open source large language model (LLM).The Chinese cloud giant describes the new model as a compact reasoning model which uses only 32 billion parameters, yet is capable of delivering performance comparable to other large language AI models that use larger numbers of parameters.On its website, Alibaba Cloud published performance benchmarks which suggest that the new model is comparable to AI models from DeepSeek and OpenAI. These benchmarks include AIME 24 (mathematical reasoning), Live CodeBench (coding proficiency), LiveBench (test set contamination and objective evaluation), IFEval (instruction-following ability), and BFCL (tool and function-calling capabilities).By using continuous reinforced learning (RL) scaling, Alibaba claimed the QwQ-32B model demonstrates significant improvements in mathematical reasoning and coding proficiency.In a blog post, the company said QwQ-32B, which uses 32 billion parameters, achieves performance comparable to DeepSeek-R1, which uses 671 billion parameters. Alibaba said that this shows the effectiveness of RL when applied to robust foundation models pretrained on extensive world knowledge.We have integrated agent-related capabilities into the reasoning model, enabling it to think critically while utilising tools and adapting its reasoning based on environmental feedback, Alibaba said in the blog post.Alibaba said QwQ-32B demonstrates the effectiveness of using reinforcement learning (RL) to enhance reasoning capabilities. With this approach to AI training, a reinforcement learning AI agent is able to perceive and interpret its environment, as well as take actions and learn through trial and error. Reinforcement learning is one of several approaches developers use to train machine learning systems. Alibaba used RL to make its model more efficient.We have not only witnessed the immense potential of scaled RL, but also recognised the untapped possibilities within pretrained language models, Alibaba said. As we work towards developing the next generation of Qwen, we are confident that combining stronger foundation models with RL powered by scaled computational resources will propel us closer to achieving Artificial General Intelligence [AGI].Alibaba said it is actively exploring the integration of agents with RL to enable what it describes as long-horizon reasoning which, according to Alibaba, will eventually lead to greater intelligence with inference time scaling.The QwQ-32B model was trained using rewards from a general reward model and rule-based verifiers, enhancing its general capabilities. According to Alibaba, these include better instruction-following, alignment with human preferences and improved agent performance.Chinas DeepSeek, which has been generally available since the start of the year, demonstrates the effectiveness of RL in its ability to deliver comparable benchmark results compared to rival US large language models. Its R1 LLM can rival US artificial intelligence without the need to resort to the latest GPU hardware.The fact that Alibabas QwQ-32B model also uses RL is no coincidence. The US has banned the export of high-end AI accelerator chips such as the Nvidia H100 graphics processor to China, which means Chinese AI developers have had to look at alternative approaches to making their models work. Using RL does appear to deliver comparable benchmark results compared with what models like those from OpenAI are able to achieve.What is interesting about the QwQ-32B model is that it uses significantly fewer parameters to achieve similar results to DeepSeek, which effectively means that it should be able to run on less powerful AI acceleration hardware.Read more about reinforced learningAi2's new model more open than DeepSeek: The AI research lab released Tlu 3 in November. The new 405B version was trained using reinforcement learning from verifiable rewards and was technically challenging to create.Deep learning model personalises adaptive therapy for prostate cancer: A deep reinforcement learning model designed to tailor adaptive treatment schedules could double the time to progression for prostate cancer patients.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSUSE Edge for Telco 3.2 dials into disaggregated network architectures Open Source InsiderCan the government's new digital broom sweep the civil service clean of its resistance to change? Computer Weekly Editors BlogView All Blogs

Madoc Batters likes a challenge. As head of cloud and IT security at Warner Leisure Hotels, hes inherited a big task leading the UK hotel chain on a digital transformation journey, including moving the business to the cloud to build a platform for long-term innovation.I gravitate to change thats what brought me into the position, he says. Previously head of the cloud centre of excellence and operational security at holiday operator Haven, Batters assumed his position at Warner in February 2024.Id already taken Haven through a digital transformation, standing up all the AWS infrastructure, getting the teams ready and putting the organisation in a good place operationally. I like pushing companies forward technologically with what they can deploy and their capabilities.Batters is completing a similar transformation at Warner. His team is coming to the end of a large on-premise IT to cloud migration. All the companys apps and services are being moved to Amazon Web Services (AWS) and Microsoft Azure.Weve got about 100 different applications and services that were living on-premise. Weve been moving those workloads over for the past year now, and were getting to the end of that process, he says. Within the next three months, we should have finished all that on-premise to cloud migration.Hows that transition going? So far, so good, says Batters, outlining a series of issues familiar to any IT leader whos led a similar large-scale digital transformation initiative.Some of these on-premise machines have been sitting there for 30 years. Every time you move something, another bunch of technology runs out from underneath the rock youve just lifted, and youre untangling a range of organically grown systems introduced over time, he says.Weve had old bits of equipment that may not have been turned off or tested, or theyre running on old software versions. This transformation process gives us a great chance to re-factor older systems. Theres never a dull day. Were always working at high speed.He gives an example of the replatforming work in progress: Were putting in place a new booking system from a third party. Instead of migrating our legacy system, well sunset that technology and then put our new booking system live. That system is due to go live this year as well.Batters reflects on his first year in the role and says the big achievement has been establishing the cloud capabilities and pushing full-steam ahead with the transition to on-demand IT. He says another success has been establishing an internal security practice at Warner and implementing a new approach to networking to support the shift to the cloud.Weve redefined our whole approach. Weve gone with a Microsoft-centric stack for security. Were also using infrastructure-as-a-service [IaaS] specialist Alkira, which means were bringing our networking in line with how we deliver our cloud resources, he says.That approach means weve moved from a traditional, long-winded change management system to a distributed, asynchronous change paradigm. Now we can deliver change to networks and security at the same pace as in the cloud.Batters says there are two key components to his security strategy. One is end-user compute. In addition to implementing a Microsoft-focused stack that uses Defender for endpoint protection, Sentinel for analysing internet traffic and Microsoft 365 for productivity, hes bolstered IT security awareness by providing cyber training for people across Warner.Humans are usually the weakest point, he says. If you do get hit with some issues, thats usually due to an action by one of the team accidentally. So, the training is about ensuring everyone knows what they should and shouldnt be doing and supporting them as best as we can in that area.Batters says the second core element of his strategy focuses on infrastructure security. Hes a massive believer in shifting left with security, a practice that moves testing to the beginning of the development process. Warner uses a mix of in-house and outsourced developers and is keen to create an enterprise-wide approach to data protection.What we try to do is secure by design. Security is a team game. Shifting left is like increasing the size of your security team. If you give capabilities and assistance to the developers, its almost like they become part of your security team, he says.The more people involved in security from the start, the better. So, we have static code analysis in our pipeline. We surface any issues in the infrastructure that theyre looking to build within the cloud. They can deal with these issues before anythings deployed.Security is a team game...the more people involved in security from the start, the betterMadoc Batters, Warner Leisure HotelsBatters says shifting left effectively is more than standing back and admiring your work once the strategy is established. Smart digital leaders take a proactive stance and ensure vulnerabilities are tracked and traced. He says the aim is to reduce administration and risks.Theres so much noise in security. When there is an actual issue, we will raise it automatically. We use the Wiz cloud security platform and plug that insight into our pipeline. We have Wiz in our back end and a single pane of glass for security, he says.We have connectors going into our cloud and on-premise systems. And well raise tickets automatically. The teams can look at those issues and make modifications, and any concerns are closed down automatically. That approach takes away some of the administrative burden for the teams.Batters says his IT organisation is focused on creating the technological foundations for the business, enabling the hotel chains customers to have the best possible experiences.Were the platform team, and we make sure that all the guardrails and the base infrastructure are set up to allow the stream-aligned teams in the business to work on top of those systems and services, he says.Networks are a key element of this infrastructure. One of the most important foundational elements is the companys relationship with Alkira. The networking specialists end-to-end platform connects users and branches to multiple clouds. Batters says hes been looking for this as-a-service approach for a long time.Ive worked in networks for many years, he says. I worked at BT in 1997, so Ive got a long legacy working in networks and know how things are implemented and deployed. I was aware the speed of innovation within networks was nowhere near as fast as the cloud. Ive always wanted networks to catch up.Batters says thats where Alkiras as-a-service provision comes in. The technology can be deployed with infrastructure as code, he says. And Im very code-first for our cloud infrastructure. Its all deployed as code using Terraform. When I saw Alkira, I thought, Well, this is exactly what were looking for. Because its deployed as code, we can plug it into our pipeline and add all the other tools we have.For example, complex changes to firewalls and other security settings that might have taken weeks before can now be sorted in minutes. Batters says the combination of cloud, security and infrastructure-as-code makes it easier to roll out innovations to front-end services to hotels quickly and effectively.Our use of technology is all about giving our customers a great experience during their short breaks at our locations around the UK. We have several ways to enable those experiences. One is customers have apps that they can use to book activities, like spa days, golf, dining experiences and shows, he says.We also have a website and a direct booking system. We want to be able to give the best experiences we can across all those platforms. Were also rolling out Alexa [devices] in our hotel rooms so customers can see whats happening, order things to their rooms, check different events that are going on, or book time slots.Batters says his priority for the next year is to finish off Warners cloud migration. That process will be followed by a period of refactoring to ensure the on-demand services and networks are in the best possible state and running optimally.As with security, the refactoring will involve shifting left, this time using FinOps, an operational framework that helps organisations manage their cloud spending. One of the key issues with on-demand IT is cost, he says.When we deploy things into the cloud, FinOps will tell us exactly how much the move will cost before we make it. Were empowering the engineers. Well get them to revisit what they put in before and get them to go through and see what we can refactor.Batters says this proactive approach to service management is the key to success for a modern digital leader. IT chiefs must enable their teams, giving developers, operations specialists and security staff space to innovate. That process must include exploiting emerging technologies, such as generative artificial intelligence (GenAI).You need guardrails in place, he says. But youve got to let people innovate. Give your teams access to secure GenAI. If they dont have access to a service youve created for your internal teams, theyll experiment themselves using a tool like ChatGPT. That approach creates the risk of people using company-confidential information for their prompts.Batters also likes to empower his staff. Instead of dictating what people should do, hes eager for staff to get involved in decision-making processes. Successful IT chiefs create diverse teams with a range of skills that are confident enough to make big calls.Being a digital leader now is not about directing from the front of the ship, he says. Its about enabling people to make intelligent decisions based on data they can collect from as many places and people as possible.Read more interviews with travel and leisure IT leadersRahul Todkar, head of data and AI, Tripadvisor: The travel website generates huge amounts of data as a result, artificial intelligence offers equally huge opportunities for the business and its customers.Raymond Boyle, vice-president of data and analytics, Hyatt Hotels: Data culture is a key focus for the strategy at the global hotel chain, especially as AI opens up new opportunities to drive personalisation and trust with customers.Interview: Nick Woods, CIO, Manchester Airports Group: The IT chief of the UKs biggest airport operator wants to give his organisation the worlds most intelligent airports he explains the data-led approach thats aiming to reach that destination.

The day before Computer Weekly visited Amazons BRS2 fulfilment centre in Swindon, the tech and retail giant announced the imminent launch of drone deliveries in the UK.Its statement said a planning application with the local authority is being lodged for flight operations facilities at the distribution hub and authorisation from the Civil Aviation Authority (CAA) to fly drones in the airspace is still required. But Amazon will be hiring for staff to run the operation as soon as it is permitted to do so.Amazon has promised to work closely with the CAA as the organisation develops the regulatory framework to make commercial drone delivery in the UK a reality, but it seems consumers in the north-east will soon be able to order selected items directly from the Amazon app or website and receive those goods via drone.There are no Amazon drones in Swindon, which opened in 2021, and no immediate plans to introduce them but our tour of the site underlines the innovation prowess and tech capability behind an organisation that generated 11% UK retail revenue growth in 2023-24 to hit 27bn.With the name BRS2, the 500,000ft2 Amazon Swindon site at Symmetry Park prompts an image of robots prior to entry. And the place lives up to its robotic-sounding name inside.Automation equipment manufactured by Dutch company Vanderlande is put to use from the moment goods arrive as they come straight off the back of trucks onto a telescopic conveyor. From there, they are fast-tracked to the three robot-heavy floors above or to a manned receive line.Fulfilment centres like the one at Swindon are the link in the Amazon UK supply chain responsible for receiving goods from large fast-moving consumer goods (FMCG) and small business customers before processing, storing, picking and packing those goods for distribution to regional delivery centres across the UK as required. Swindon doesnt handle the biggest and bulkiest lines.Staff on the receive lines unload products into black tote boxes, which are then sent upstairs on conveyors to stow stations, where teams of stowers are instructed by computer systems which pods to place items into. The system identifies which compartment of the pod is the optimum position for each item to be stowed.Pods store the inventory until it is needed for an order, and they sit on top of automated guided robots (AGR) which move around and are programmed to line up the goods for picking when required. The robots are continually active and have a charging station they automatically return to when a power top-up is required.Amazon acquired Kiva Systems in 2012, and the AGRs are the modern iteration of this manufacturers robots. They are known internally as Hercules, can each lift 1,200 lb, and they navigate around the site using QR code-esque floor symbols.There are dozens of engineers on each floor, some dedicated to managing the robots and others focusing on the wider machinery. Anyone who enters the caged pod area must wear aThe fulfilment centre employs around 2,000 people on a variety of contracts, and the sites general manager, David Tindal, says: Man and machine is the future. Automation is making it safer and more comfortable in the warehouse.He says staff are taught to think like a customer, claiming that they have more skilled jobs as a result of the tech deployment, with a vital role in not letting the wrong product go through.Tindals favourite technology at the Swindon site is the sorter, which neatly directs parcels off the conveyor system to the right place ready for their onward journey.But a more recent transformative piece of tech, Tindal says, is the computer vision implemented on the conveyor to check for any defects to the goods or packaging before items leave the building.In Swindon, the SICK-manufactured sensor above the conveyor can automatically pick up whether a parcel is suitable for sending out or can identify potential problems before they arise.Systems of this nature began appearing in Amazons US operations in May 2023, but Swindon was one of the first UK sites to implement the tech. Tindal says it is effective at identifying whether packaging has not been prepared accordingly for example, if tape is unsticking or if there are labelling irregularities that might provide an early indication of poor printer health.Amazon Swindon was an early UK adopter of the imaging sensor techWithout these checks, the parcel might get all the way to the customer with something missing, but the tech provides the feedback for us without anyone looking, he comments, adding it tracks back problems to source.The technology is another checking layer for Amazon, which prides itself on speedy and reliable customer service. The Swindon site handles millions of parcels a week and, although no specific figures are mentioned by Tindal, the peak period from Black Friday to Christmas 2024 broke records for the number of packages processed by the centre.Reflecting on the attitude to artificial intelligence (AI) across the Swindon workforce, the general manager says AI is effectively invisible to them. The systems working smoothly is whats important to them, he adds.As we talk in the general managers office, which houses the senior team and has several screens monitoring site performance, Tindal says he encourages all managers to experiment with the new strands of AI, such as generative AI, because he feels it will help us all to get up to a base level so we can use it more.You learn the strengths and weaknesses and that makes it easier to spot applications where it will help us do things, he reflects.Tindal calls the automation and AI at Amazons sites a gamechanger in terms of productivity and essential for supporting the companys speedy fulfilment customer promise. The tech and processes are ever evolving often based on staff feedback.One of Amazons strengths is we have so many warehouse and we put a lot of effort into developing the best possible systems and then roll them out across the world, he adds.The general manager also talks of the difficult tension to get all staff following precise standards while also leaving room for them to generate ideas for improvement. He welcomes an entrepreneurial mindset in his staff and chats regularly to his colleagues during the tour.Towards the end of a products time at Swindon, it will reach the packing station. Amazon as is the case with other retailers has faced regular criticism for excess packaging which creates waste, and it is making a concerted effort to minimise its use of materials and ensure packaging size matches product size.As the items arrive at the packing station, packers will be informed by their computer system what type of cardboard-only packaging is required. There will also be intermittent SIOC [ship in own case] or SIOB [ship in own bag] on-screen alerts that accompany the arrival of a package, prompting workers not to add further packaging.This is AI-powered tech in action once again, but the packer has the power to override decisions and select what they deem to be the most appropriate packaging.Amazon drones may soon start making deliveries to customers in the north-east, which despite several trials from the likes of Boots and Tesco would be a commercial first for the UK and Ireland. Evidence from Swindon is that this is simply the next step on the tech and automation path Amazon has long been treading.Read more about retail technologyRetailers and carriers met for the annual Delivery Conference in February, discussing how to use tech and data to drive improvements in e-commerce.Real-life pilot projects show the potential, but industry mindset change is required to help retail and wholesale fleets drive major decarbonisation gains in the year ahead.

Events in the US are top of mind, with President Trumps administration pushing against the diversity, equity and inclusion (DEI) agenda, particularly within government offices and departments. The main thrust of this appears to be from a legal perspective the danger of litigation if an individual claims to have been overlooked due to DEI targets as well as financial considerations, given that running DEI teams and initiatives creates costs that, in a strict sense, could be viewed as optional.But these arent the only headwinds against DEI. Nationalism remains on the rise a fifth of the electorate in Germany recently voted for the far-right party, for example and this is usually typified by embracing a single world view and the valuing of specific characteristics over others.For anyone who supports diversity and inclusion as a matter of principle, as I do, these are disconcerting developments.However, its important to remember that its not yet clear where all of this will land. On the DEI front, the US as influential as it is is only one country and doesnt automatically dictate what happens elsewhere. And while some US corporations, including major players in my own industry of tech, have indicated that they will revisit their approach to DEI, that doesnt mean they will abandon it altogether. It is worth noting the words of Apple CEO Tim Cook when he recently said: As the legal landscape around this issue evolves, we may need to make some changes to comply, but our north star of dignity and respect for everyone and our work to that end will never waver. He added that the company would continue to work on a culture of belonging where everyone can do their best work.I believe it will always be true that businesses need to be representative of the communities, customers and markets that they serve. For most organisations, those communities and markets are diverse. So there remains a clear business case for diversity inside the workforce too.Only time will tell how much difference there is in practice to hiring and promotion decisions as they happen in the daily workplace. My gut feeling is that the effect wont be to decimate diversity ratios although it may not actively help them either.So where does this leave us, and in particular around gender given the approach of International Womens Day? My message to women is simple: continue to believe in yourself. As women, we often spend a lot of time nurturing and caring for others, whether as mothers, carers, colleagues or friends. That should continue of course but now also feels like the time to invest more energy in nurturing yourself. Nurture your skills, your career and your aspirations. Believe in your abilities. Barriers are nothing new after all weve always faced them so dont get distracted by the judgements or biases of others and keep on forging your path. Maintain your networks, stay connected and lean into development opportunities. If you dont have a mentor, consider looking for one. If you are a mentor yourself, stay committed to that.There is a message here for men, too. They can be powerful allies and advocates in promoting gender equality and inclusion and that should continue. This is no time to step away from it. If youve been thinking about becoming an ally in a formal sense (perhaps through mentoring or supporting a network) then now is the time to do it. Think about the women, the daughters, in your life who matter to you and do something in support.While there are plenty of reasons to be concerned, fundamentally I believe that great people will always win through. Thats why women should continue to believe in themselves and keep setting their sights high. After all, most women I know dont put themselves forward for jobs or new responsibilities on the basis that theyre a woman they do it on the basis that theyre a great professional in their field.Perhaps we are moving towards an era that is more explicitly about meritocracy than equity. If that is the case, history is full of examples where capable women across the business landscape have broken through. Now is the time for us to not just celebrate these achievements but use them to fuel our own ambitions. Happy IWD!

Britains National Cyber Security Centre (NCSC) has secretly censored detailed public computer security guidance provided to barristers, solicitors and legal firms without explanation or announcement.The guidance, a web page and a seven-page PDF report called Cyber Security Tips for barristers, solicitors, and legal professionals, was removed from the Centres public website two weeks ago on 24 February.NCSC refused to respond to questions from CW asking if they knew that the deleted web page and booklet had automatically been archived by The National Archives, multiple times, and so were all still online.On the NCSC website, requests for the legal advice web page are now redirected to an incorrect page on the same site. The deleted booklet link returns a 404 http not found error page stating sorry - the page you're looking for isn't here. Embarrassingly for NCSC, the not found error page then suggests that The National Archive might have archived versions of the removed file. It does.Cyber criminals are not fussy about who they attack, the censored NCSC booklet had warned, which means law practices of all sizes are at risk. The booklet lists 37 steps lawyers and legal firms should take to help them to reduce the likelihood of becoming victims of a cyber-attack.The booklet was published on 11 October 2024, following a special 2023 NSCS Cyber Threat report for the UK legal sector. The Cyber Threat report, published with the assistance of the Bar Council, noted that by 2020 three quarters of UK legal firms had reported cyber-attacks.According to the Bar Council, barristers in England and Wales face threats, harassment, and intimidation at the hands of state and non-state actors from around the world. The Bar Council is concerned by the rising reports from members who have faced different forms of attack and threats because of their international legal work.Targeted attacks reported to the Bar Council have included physical as well as cyber surveillance, cyber harassment including threatening or impersonating emails, repeated and sustained hacking attempts, death threats and rape threats, threats to family members via email or social media, and 'privilege phishing' which attempts to seek to persuade those who are targeted to divulge sensitive information.These threats are not just an attack on the legal profession, they also have a chilling effect on access to justice and the rule of law, it said.NCSCs advice to lawyers was removed one month after these grave warnings from the Bar Councils and on the weekend after Apple had indicated it would refuse to comply with a UK Home Office Technical Capability Notice (TCN) requiring it to disable its high security end-to-end encrypted Advance Data Protection (ADP) system used on iCloud. The ADP system causes the encryption keys for users iCloud files to be stored only on devices, so improving security for legal data from outside attackers.This looks like clumsy Home Office political censorship, according to cybersecurity expert Dr Ian Brown. This kind of politicisation by GCHQ [which runs NCSC] is a hazard to security, because of the risk of subordinating protective security to surveillance, he said. Brown and other security experts warned when NCSC was set up it should be run separately from GCHQ to avoid conflict and embarrassment.Cambridge University Professor of Communications Systems John Crowcroft, commenting on the move against Apple, said The UK now is in a weaker state of protection. The attraction to the bad guys is increased here massively above other countriesOur government has painted a target on us, and explicitly on all the us that are not engaged in anything other than everyday commerce and discourse. The UK weakened position now recommended by NCSC now fails to refer to the critical need for end-to-end encryption, except for one isolated and obscure document. The incorrect page that lawyers are now linked to does not refer to encryption at all.In contrast, and in the face of an onslaught of suspected Chinese led attacks against multiple high-value targets, the US equivalent cyber defence agency, CISA, has recently stipulated that highly targeted individuals [should] immediately review and apply the best practices provided including consistent use of end-to-end encryption.Highly targeted individuals should assume that all communications between mobile devicesincluding government and personal devicesand internet services are at risk of interception or manipulation, CISAs advice states.NCSC refused this week to answer any questions from CW and referred enquiries to the Home Office, who also refuse to respond. The still unanswered questions included who ordered the takedown, why, and why partner legal organisations were not notified or consulted in advance of the tampering. NCSC also refused to say whether it would now seek to have government archive copies erased and consigned to a memory hole - a reference to technique adopted by the Ministry of Truth in Orwells 1984; or whether they would put the censored pages back.Until the secret takedown, the NCSC booklet included the instruction to lawyers to turn on encryption. It advised, Turn on the free encryption products included with your Windows or Apple devices, so cyber attackers cant access your sensitive data if your device is lost or stolen. Make sure encryption is enabled on your mobile device (this is done automatically on modern Android/Apple devices).For iOS devices, users were told to enable Advanced Data Protection for iCloud. This advice had become impossible for UK users because of Apples reaction to the Home Office notice. All the other cybersecurity guidance in the booklet remained validThe escalating row between Apple and the Home Office has also flushed out more serious concerns about the use of far-reaching powers to impose controls on telecommunications companies, by issuing National Security Notices. The vague terms of National Security Notices require telecommunications operators to take specific steps that the Secretary of State considers necessary in the interests of national security. Parliament was led to believe that this power applied only to technical facilities such as interception arrangements. Multiple industry sources say that since 2016, NSNs have been used to require telecommunications company boards, including Apple, to delegate Board authority to secret Home Office controlled and selected internal National Security Committees, all of whose members and staff, and any lawyers they hire, must be approved for Developed Vetting (DV) checks. The arrangement means that companies may be ordered to implement security breaches that directors and engineering staff do now know about.Notoriously, after the 2016 Investigatory Powers Act came into effect, the Home Office and intelligence agencies used the Developed Vetting Process to block the newly appointed Investigatory Powers Commissioner, Lord Justice Adrian Fulford, from appointing the Commissions chosen Head of Investigations, lecturer in surveillance law Eric Kind. Although initially approved by a Vetting Offices, Kind was told that DV security clearance had been rejected after the intervention of the Security Service, MI5.As reported earlier, Apple has now appealed against the ADP instruction to the Investigatory Powers Tribunal. All eleven members of the IPT are senior barristers who have serves as Judges. After checking, the Bar Council told Computer Weekly that it was not notified of the takedown of this document by the NCSC. We will contact the NCSC and make enquiries about the status of the document and its removal. A Bar Counsel Spokesperson added that the Council would consider linking to a National Archive copy of the removed page and document after speaking to our IT panel and raising it with the NCSC.Read more about the Home Offices battle with AppleApple IPT appeal against backdoor encryption order is test case for bigger targetsUS intelligence chief Tulsi Gabbard probes UK demand for Apples encrypted dataApple withdraws encrypted iCloud storage from UK after government demands back door accessTop cryptography experts join calls for UK to drop plans to snoop on Apples encrypted dataUK accused of political foreign cyber attack on US after serving secret snooping order on AppleApple: British techies to advise on devastating UK global crypto power grabTech companies brace after UK demands back door access to Apple cloud

charles taylor - stock.adobe.comNewsEuropean cloud providers unite over data sovereignty-focused APIThree of the continents cloud providers have joined forces to create an API that will make it easier for users to move apps, data and workloads from one European providers platform to anotherByCaroline Donnelly,Senior Editor, UKPublished: 06 Mar 2025 15:50 European cloud providers are being urged to adopt a newly created open source infrastructure management application programming interface (API) designed to make it easier for customers to move workloads and applications between competing off-premise platforms.The Sovereign Europe Cloud API (SECA) is freely available to all European cloud providers to adopt and contribute to the development of, and has been co-created by suppliers Aruba S.p.A, Ionos and Dynamo.The offering is being touted by its creators as a tool to enhance interoperability so that users can run workloads and applications in the European cloud environments of their choice.It also ensures seamless access to the respective platforms, while upholding the highest levels of security, control, and data sovereignty in full compliance with stringent European standards, said its creators, in a statement. At the same time, this will enable enterprises to leverage integrated solutions that drive greater efficiency and innovation, all while ensuring full compliance with European regulations.Web hosting companies Aruba and Ionos have committed to becoming the first two European cloud service providers to roll out the SECA API to their customers.Achim Weiss, CEO of Ionos, said the API will ensure its customers, which are predominantly SMEs, will have the digital independence they need to thrive during the era of artificial intelligence (AI).AI and cloud are transforming the global economy, and Europe cannot afford to be left behind, Weiss said. Europe needs a strong, sovereign digital ecosystem. SECA is a critical step in building a secure, independent and future-proof digital infrastructure one that keeps Europe strong, competitive and in control.Stefano Cecconi, CEO of Aruba S.p.A, added: The creation of these common APIs with Aruba and IONOS as first movers marks a pivotal and voluntary step for the European cloud industry towards enhanced interoperability, strengthening the continents cloud services ecosystem.The third participant in the creation of SECA is Dynamo, which is a company that offers an all-in-one platform that brings together multiple cloud service providers from across Europe, and has committed to offering connectors based on SECA to automate the provisioning process for all compatible providers joining its network.Dynamo CEO Francesco Bonfiglio, said the offering of sovereign APIs such as SECA represent the offering of a a strong handshake of trust between customers and providers.The timing of the APIs creation is notable, as matters of data sovereignty are increasingly top of mind for European cloud providers and their customers, as concerns about entrusting all of their data and workloads to US tech giants, such as Amazon Web Services (AWS) and Microsoft, rise.In recent weeks, this movement has seen the Cloud Infrastructure Services Providers in Europe (CISPE) trade body announce a shake-up of its governance structure, with greater emphasis on championing the interests of the continents homegrown cloud services providers.The organisation announced an update to its articles of association on 13 February 2025 that means only European cloud providers are permitted to hold board positions at CISPE. The rule change resulted in US cloud giant Amazon Web Services (AWS) stepping down as a board member, meaning it now has no sway over the organisations governance or direction, because only board members have the right to vote on such matters at CISPE.At the start of 2025, details of the EuroStack initiative also emerged, which is geared towards creating an open, interoperable and sovereign digital infrastructure for Europe, which will incidentally be supported by the SECA API and Dynamo.According to its creators, EuroStack will provide the building blocks for Europe to build its own cloud ecosystem, independent of external control, and that will underpin a competitive, sustainable and democratic digital economy.Read more about data sovereigntyWe assess the impact of new regulations and government policy on the ability to use public cloud services.Documents show Microsofts lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary.In The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueCan the government's new digital broom sweep the civil service clean of its resistance to change? Computer Weekly Editors BlogSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkView All Blogs

Birmingham City Councils Oracle system woes have continued into 2025, with concerns being raised in Mondays meeting of the council to set the annual budget, highlighting accounting problems. These cannot be fixed until reimplementation of the enterprise resource planning (ERP) system is operational.One councillor said: When you look into the budget book, you find that there is a deficit in the budget of 380m over the next three years, but what really concerns me is the effect of Oracle and that we have a deficit of 141m of uncollected business rates that is equivalent to a 30% increase in council tax.During the latest Birmingham audit committee meeting, which took place the following day, on 5 March, councillors raised serious questions over why the decision to go live with the Oracle system was taken, despite many areas of the project being incomplete.There was an optimism bias, said Grant Thornton auditor, Mark Stocks.Reflecting the findings of the Grant Thornton value-for-money report in relation to the implementation of the ERP system, which was published at the end of February, Stocks, who led the team of two external auditors present, said: Nobody took ownership.Stocks went on to describe how the council had lost corporate knowledge of the reimplementation of the Oracle ERP system after its finance officer Fiona Greenway left. Significantly, the suppliers all told the council to go live.The information was there to stop this, but all the suppliers said go live. The system wasnt ready when it went live, he added.As Computer Weekly previously reported, since the implementation of an Oracle ERP system to replace SAP in April 2022, the council has faced significant issues with the processes and interfaces, as well as the systems ability to produce reports.Rather than adapting its internal business processes to align with the way the new system worked, Birmingham embarked on an ERP programme involving adapting the Oracle system, which resulted in an incomplete implementation at the time the system was meant to go live.Regarding the decision to proceed with going live with Oracle, the auditor said that council officers did not have a thorough understanding of the risks they were taking. The advice from the suppliers was caveated and these caveats, according to the auditor, should have been looked at. The areas of concern included the bank reconciliation system (BRS) and general ledger in testing.Theres correspondence from officers saying they were struggling with the BRS system, the accounts receivable and some aspects of the general ledger were reported as untestable. Concerns were expressed over past customisations; accounts payable and accounts receivable customisations were not switched on and the programme was still receiving change requests, he said.Commenting on the Grant Thornton report, councillor Richard Parkins said: This report is probably the worst one Ive seen. Of all the reports across my desk, this really is a case study in how not to implement an IT system. The go-live decision is an astonishing one when you look at where we were and how many people sat around the table.When questioned on whether the system had been adequately tested before the go-live date, auditor Thomas Foster from Grant Thornton, said: Testing was completed in many areas. Payroll had been highlighted as a key area, but the problem was that the testing wasnt complete and there were key areas that hadnt been tested and they, perhaps, were lower down the list of risk highlighted items and therefore didnt get the focus that they deserved at that time.The commissioners review of the audit committee report published on 5 March stated that the council is running a business change programme underpinned by technology, which requires people to be trained and upskilled in how to use the new ERP software.The council must not deviate from adopting the best practice processes offered by the software, it must focus on completing the system design and obtaining full executive commitment, the review document stated.The commissioners also said they remain concerned about the inherited quality of data that was loaded into the 2022 implementation and the current poor-quality data held in the current system.Even if the council delivers a well-designed system and equips users with the training required to use it, if the quality of the data migrated to the new system is of poor quality (missing, inaccurate, duplicated), the system will again fail to operate and deliver the benefits the council needs, the commissioners warn in the review document. They urged the council to address data quality ahead of the implementation.At the previous audit committee meeting on 29 January, councillor Paul Tilsey asked if the culture of the council is changing around areas such as the ERP project: Do you think that there are adequate independent ways of reporting on progress of these to make sure that we are on track?The need to change the culture at the council is among the key recommendations Grant Thornton highlighted in its report.Stocks, who was the auditor at the 29 January meeting, acknowledged Tilseys concerns that the ERP may not be fixed in a short time. The earliest I think is April 26, he said. Until I see everything aligned, I am worried. Until you have an operating financial system, this is always going to be difficult.Read more stories about the Birmingham City Council ERP projectBirmingham City Councils Oracle implementation explained What went wrong: The council swapped out a heavily customised SAP ERP system for Oracle Cloud, but since it went live, it has had numerous technical challenges.Birmingham looks into reimplementing troubled Oracle ERP: City council audit committee meeting shows Birmingham City Council plans to follow Oracle best practices.

In 2024, the Norwegian government set out a national digitisation strategy with the aim of making the country the most digitised in the world by 2030.This intent is nothing new and has both ignited, and been ignited by, a tech startup ecosystem that has taken Norway away from its industrial and maritime roots and into a new era of innovation. Chief among the countrys startup impact has been a globally significant fightback against financial crime.Fintech as an all-encompassing term has proved to be something of a double-edged sword. Greater accessibility and democratisation of finance, more seamless financial management for the general public and whole new industries such as blockchain point to progress. In opposition lies a new catalogue of opportunities for criminals to commit fraud, attack personal and business finances, and to obtain sensitive data.Finding solutions to these problems, fighting tech with tech, was always likely to be a lucrative pursuit, and three Norwegian-born companies are finding just that.One cyber security company, Promon, is a driving force behind the global cyber security agenda, with more than three decades of influence. Promon, known as the godfather of app-shielding, has more than two billion users globally, and protects more than $2.5trn in market capitalisation.Norways forward-thinking approach has created fertile ground for a thriving tech ecosystem, with startups across sectors like fintech, cyber security and AI all flourishing, says Promon founder, Tom Lysemose. Widespread digital infrastructure, a tech-savvy population and government support for innovation foster an environment where Norwegian startups can rapidly prototype, scale and connect with global markets.Lysemose notes that cyber crime in general continues to escalate globally, fuelled by the rise in digital transactions, making banking apps prime targets. Malware, phishing and ransomware remain the most common forms of attacks, with Promon uncovering several sophisticated strains of these vectors in recent years. One, he notes, defrauded just one victim out of $280,000, adding: It highlights the urgent need for robust, proactive security solutions.Promons journey manifested from Lysemoses Masters thesis and doctoral work, realising the vulnerability of applications while networks, devices and operating systems were getting so much attention.It seemed natural that the only way to protect an application is to understand how the application should behave, he says. This way, you can detect when someone tries to make the application do something it should not.These core ideas were present in the very first Promon product, and today they are also some of the core tenets of the entire industry known either as Runtime Application Self-Protection (RASP), app shielding, or in-app protection.Lysemose recalls: We had two disruptive ideas. The first was that the application needed to have security embedded directly in it to proactively prevent attacks. The second was that the security tools needed to understand the intended behaviour of applications and when an attacker might try to change that behaviour.Many other companies emphasise threat detection, but thats like identifying a criminal after theyve already entered your house. Helpful, but youd rather prevent them from getting in at all.The result of this ethos and service, still ongoing, is a two billion user portfolio across the world, all the while still being headquartered in Oslo.Weve seen some amazing cases in e-commerce and banking, especially. In many of the cases weve seen, the fraud entirely ends, full stop. Adding app shielding isnt about reducing or minimising, but stopping malicious activity from happening entirely.Being proactive is also the name of the game for Strise, a company founded in 2016 by Marit Rdevand, Patrick Skjennum and Sigve Srsen while they were studying together in Oslo.What started as a university project, has since grown into a leading innovator in anti-money laundering (AML) technology, after noticing that traditional AML compliance methods often struggle with fragmented customer data and manual processes both leading to potential vulnerabilities.Strise developed software that unifies disparate data sources and automates compliance workflows, empowering institutions to proactively detect and prevent financial crimes, Rdevand says. This approach not only enhances security but also reduces operational costs and ensures adherence to complex regulatory AML landscapes.Initially, Strise focused on creating a platform that organised vast amounts of public and external data into customer-centric workflows, supporting AML, know your customer (KYC) and know your business (KYB) processes.Over time, we integrated advanced AI models and expanded our data sources to enhance the platforms capabilities, Rdevand adds. Our geographic footprint has grown from serving Nordic clients to partnering with international clients, and since first launching commercially in 2020, we are now leading the AML automation revolution.Strise is already planning to enhance the AML Automation Cloud to cover a broader spectrum of crimes in the future. One of its core areas, KYC, is a focus shared by Convier, a Norwegian tech startup that enables financial institutions to identify and report on customer risk regardless of where data is stored.Only founded in 2022, the company is not as far along in its journey, but like all ambitious Norwegian startups is already targeting international traction very soon.CEO, Andreas Engstrand co-founded Convier after having a very similar realisation to Strises founders. He recalls: I had noticed in my former role as head of financial crime at KPMG Norway that customer data in a bank was often fragmented, scattered across multiple systems, and was difficult to access, which meant that customer due diligence took hours to perform.Vitally, it also meant that they didnt see the full customer risk picture. We started building a platform that would unify banking data.A key issue that many financial institutions around the world have is a pressure to keep up with the rapidly changing landscape and associated technologies. This often equates to a race to comply, forgetting that there is an extremely important security and business purpose behind safeguarding data.Regulated entities spend up to $280bn a year to comply with regulations, says Engstrand. But the focus needed to shift away from just avoiding penalties, to directly addressing underlying criminal activities and vulnerabilities.We built our platform to run within the banks infrastructure without its own data store. This meant that instead of the bank spending months or even years trying to clean up its data, our platform would do that job for them so they could start identifying risk immediately.Not building a SaaS from the start was something completely different to what others were doing, but it has been a real accelerator for us because it enables us to deliver value from day one.Engstrand sees a clear correlation between Conviers own positive experience in Norway, the global success of companies such as Strise and Promon, and the role of Oslo as a hub for all three.Its such a good place to start building and testing technology because a lot of the data you need is openly available. It enables any startup to demonstrate quite early on what you can do with the technology you build, he summarises.While the citys impact on global finance and on the financial crime landscape now seems inevitable, it wasnt so long ago that oil and maritime occupied the minds of the citys innovators.Now, these three examples among many more serve as role models and mentors for the entire tech ecosystem, often sharing their insights with academic institutions and at industry events. Oslo is set to remain a thorn in financial crimes side for many years to come.Rdevand concludes: Oslo has rapidly transformed into a hub for digital innovation, fostering a vibrant tech startup scene characterised by collaboration and a forward-thinking mindset. The citys emphasis on education, coupled with government support for technology initiatives, has cultivated a talent pool adept in digital solutions.While Norways economy has traditionally been rooted in industries like maritime and oil, there has been a strategic shift towards technology and finance. This transition has opened avenues for startups to develop solutions addressing financial sector challenges that are being felt all over the world.Read more about Nordic tech innovationNordic innovators look to revive the zombie subscriber population.Virtual wards to digital feedback: the Nordic approach to post-pandemic healthcare.Channelling Nordic startup innovation towards global survival.

alexskopje - stock.adobe.comNewsCFIT publishes blueprint for digital company business IDsPlan to increase the use of digital identities by businesses could add billions of pounds to UK economy through compliance savings and reduced fraudByKarl Flinders,Chief reporter and senior editor EMEAPublished: 06 Mar 2025 8:00 The government-backed Centre for Finance, Innovation and technology (CFIT) has outlined its plan to fight economic crime through digital business IDs.Digital IDs for business will improve business efficiency, security and trust, according to the CFIT, which was launched in February 2023 with 5.5m funding in response to a report into UK fintechcarried out by WorldPay chairman Ron Kalifa in 2021.The organisation has published its blueprint for the plans it first announced in December. At the time, chancellor Rachel Reeves said she would consider any findings that emerge from CFITs work.The business IDs will consolidate information about companies in one trusted place, easing the process of accessing finance for them and streamlining compliance costs.CFIT said they will reduce regulatory and administrative burdens for businesses, particularly SMEs, and financial institutions could see compliance costs reduce by 1.7bn a year. It said the IDs, which it likens to digital passports for businesses, will also help reduce the annual 6.8bn cost of fraud.Fraud, it said, will be reduced directly through unified and secure data sharing that will disrupt fraud networks and close exploitable gaps and indirectly by enabling financial institutions to redeploy compliance savings into strengthening anti-fraud efforts.Emma Reynolds MP, economic secretary at HM Treasury, said: The UKs leading financial services sector is key to driving growth and putting money in peoples pockets through the Plan for Change. CFITs work in countering fraud demonstrates the UKs position as an innovator within the global financial ecosystem. I look forward to considering the coalitions findings as part of our range of work to grow the sector.Charlotte Crosswell, chair at the CFIT, said the organisation has brought together some of the brightest industry minds to work together and find solutions to reduce the fast-rising, multi-billion-pound annual cost of fraud to the economy.Access to verified, authenticated and centralised data sharing through Digital Company ID would help to dismantle systemic barriers, close the loopholes exploited by fraudsters, reduce compliance costs for banks and transform the business landscape in the UK, she added.Elyn Corfield, Lloyds Bank CEO for business and commercial banking, said: The coalition has proven that digitising how banks undertake know your customer obligations will help to make compliance checks more user-friendly for small businesses and support the UKs fight against financial crime.Jordan Shwide, general manager at Monzo Business, added: Driving innovation and supporting initiatives that make life easier for SMEs is in our DNA so were incredibly excited to be at the forefront of delivering a Digital Company ID solution. This will enable quicker access to financial services for legitimate businesses and ensure that key business information lives in one place. This will also make it harder for fraudsters to set up fake companies and ultimately help to prevent people falling victim to fraud.The CFIT blueprint makes seven recommendations:Develop a prototype for digital company ID: The CFIT, in collaboration with industry, should launch and test a fully functional Digital Company ID prototype, preferably with the support of FCA Innovation services.Enable reciprocal and secure data sharing: The government should consider mandating all relevant organisations across the ecosystem to share data on economic crime, via Digital Company ID.Appoint a lead authority: To address market coordination failures, the government should consider appointing a responsible body to oversee implementation and governance.Promote standards for interoperability: CFIT should work with industry to establish standards that ensure interoperability, accountability and secure adoption of Digital Company ID.Create a multi-stakeholder taskforce: Establish a taskforce to identify, prioritise and develop high-value use cases for Digital Company ID within financial services.Review the regulatory framework: Policymakers, working closely with industry, must review the regulatory framework for Digital Company ID ensuring it is fit for purpose.Drive market confidence through government adoption: Government departments should lead by example, adopting Digital Company ID for critical interactions such as procurement, tax filings and confirmation statement submissions.Read more about CFITIn The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsView All Blogs

iStockNewsBig bank systems crashed for over 800 hours in last two years due to IT outagesBank bosses forced to reveal extent of banking IT failures to MPs on the Treasury Select CommitteeByKarl Flinders,Chief reporter and senior editor EMEAPublished: 06 Mar 2025 8:07 Nine of the UKs biggest banks accumulated over 33 days of IT downtime over the last two years with millions of people affected.Data received from banks by MPs on the Treasury Committee revealed at least 158 banking IT failures between January 2023 and February 2025, equating to over 800 hours of service unavailability..Following the recent three-day outage experienced by Barclays Bank customers, which began on payday at the end of January, MPs demanded answers from bank CEOs.Chief executives at Barclays, Santander, NatWest, Danske Bank UK, Nationwide Building Society, Allied Irish Bank, HSBC, Bank of Ireland and Lloyds Banking Group were asked for information on the scale and impact of IT failures over the past two years.The data does not include the recent Barclays crash, but the bank did provide MPs with details of the effect of the outage. It revealed that during the three-day incident 56% of online payments failed due to severe degradation of mainframe processing performance, according to the Treasury Committee. Barclays said it will pay between 5m and 7.5m to customers as a result of the outage and in total Barclays could pay out up to 12.5m in compensation due to outages over the two years in scope.The banks told MPs that systems and internal software malfunctions were common reasons for the IT failures.Meg Hillier MP, chair of the Treasury Committee, said for families living pay cheque to pay cheque banking downtime is a terrifying experience.The fact there has been enough outages to fill a whole month within the last two years shows customers frustrations are completely valid. The reality is that this data shows even the most successful banks and building societies hit technical glitches. Whats critical is they react swiftly and ensure customers are kept informed throughout," she added.Last month, Hillier said the closure of high street branchesin favour of online banking means bank crashes hit customers harder. The rapidly declining number of high street bank branches makes the impact of IT outages even more painful; thats why Ive decided to write to some of our biggest banks and building societies.She thanked banks for their responses and was reassured they are taking action to minimise the impact of IT failures on customers.Barclays Bank reported the most incidents, 33, with Allied Irish Bank, HSBC and Santander next with 32 each. Nationwide Building Society reported 18 outages, NatWest 13 and Lloyds Bank 12. In single figures were Allied Irish bank (9), Danske (5), and Bank of Ireland (4).NatWest reported the most downtime at 194 hours, followed by HSBC with 176.Just last week a further payday outage hit banks including Lloyds Bank, Nationwide, TSB and Nationwide, according to outage monitoring organisation Downdetector.One senior banking IT professional said that if a number of banks experience problems at the same time, it points to a relating factor. If its lots of banks, it makes me think theres a common denominator, like theyre using a supplier or software thats shared by multiple banks, because it would be coincidental for several of them to go down on the same day, he said.Further pointing to a potential problem with external IT, the expert added that in his experience, banks try to avoid making IT changes at the end of the month. End of the month is normally a time banks avoid making changes. For example, financing departments inside the banks do not like the risk of chaos at an unprecedented end of the month because theyre doing month-end accounting and dont want technology problems.Read more about banking IT outagesIn The Current Issue:DeepSeek-R1: Budgeting challenges for on-premise deploymentsInterview: Why Samsung put a UK startup centre stageDownload Current IssueSLM series - Iterate.ai : Strategic sweet spots for sustainable savviness CW Developer NetworkRelaunching Neighbourhood Watch for the Internet Age When IT Meets PoliticsView All Blogs

Apple has filed a legal appeal against a secret Home Office order to provide back door access to its users encrypted data in a case that will test the limits of how far the government can lawfully go to access the publics private messages and emails.The Home Offices pursuit of Apple is widely seen as a stalking horse for more significant targets, including WhatsApp, Signal and Proton Mail, which provide the public with encrypted messaging and email services.Apple has fought back against the Home Office by filing an appeal to the Investigatory Powers Tribunal to challenge the lawfulness of the Home Offices order which requires it to provide UK law enforcement and intelligence services with access to encrypted files stored by Apple users on its iCloud service.The Home Office appears to have chosen Apple as a test case to test the limits of government powers under the Investigatory Powers Act 2016 to issue Technical Capability Notices (TCNs) requiring companies to give government agencies the ability to obtain and read encrypted communications.Ministers will be watching the publics reaction carefully to see whether people understand or care about the loss of their privacy of iCloud and if they do care, whether they care enough to vote against the government in future elections.Apples iCloud service is seen as and easy and relatively uncontroversial target compared to platforms like WhatsApp or Apples own encrypted iMessage service.Apples ADP cloud encryption service is an opt-in service, which is not widely used and might not be missed by those Apple customers that rarely think about their privacy and security.When the case reaches the IPT, which could be as early as this month, the first argument will be whether the case should be heard behind closed doors for national security reasons or whether the normal principles of open justice can and should apply.For the Home Office to continue to neither confirm nor deny the existence of the Technical Capability Notice issued against Apple will be hard to sustain when its existence has already been widely leaked and reported in the Washington Post and the Financial Times.The Spy Catcher case in the 1980s proved that it is pointless for governments to attempt to ban the publication of material that is already in the public domain. In other words, once a secret is no longer a secret there is no need for secret hearings.The courts took a dim view of MI5 when it emerged that the spy agency had falsely told three courts that the name of its agent had to be protected through secret court hearings without mentioning that it had already disclosed the agents name to a BBC journalist.Having a public hearing would allow the IPT to hear expert evidence from cryptographers and technical specialists who can properly explain how an order to break encryption could expose individuals and businesses to cyber security risks.For example, over 200 cyber security experts, companies and civil society groups, signed a letter in February calling for home secretary Yvette Cooper to drop demands for Apple to create a backdoors to its iCloud service.They pointed out in an open letter that back doors introduced for the government could just as easily be exploited by hostile nation states or cyber criminals, placing the UKs national security at risk.For national security professionals and government employees, access to end-to-end encrypted services allows them to safeguard their personal life, it said. Ensuring the security and privacy of government officials is vital for helping prevent extortion or coercion attempts, which could lead to greater national security damage.Apple's application to the Investigatory Powers Tribunal is believed to be the first time that a technology company has challenged a government Technical Capability Notice.Although similar notices have been issued in the past against traditional telecommunications companies, such as BT or Cable & Wireless, the companies have chosen to quietly implement them rather than to challenge them in court.The IPT will need to decide whether the Home Offices order against Apple is proportionate, which will mean weighing up the impact of breaking Apples encrypted services on security and privacy against the claimed benefits of the government having access to encrypted data on Apple's cloud storage.The argument is largely academic. Apple withdrew its Advanced Data Protection (ADP) service - which allows users to opt-in to use encryption to protect their iCloud data - from UK users in February, rather than comply with the Home Offices demands.That means that if police want to retrieve data from a UK registered phone, for example after a suspect had thrown their phone into the sea, they can ask Apple to retrieve the data from the phone owners iCloud account.For an overseas phone the task would be more difficult but far from impossible. GCHQ or the National Crime Agency for example have the ability to apply for equipment interference warrants to obtain data by lawfully hacking of a suspects phone.That leaves the only real case for introducing the order against Apple - to test the waters for issuing TCNs against big tech companies like WhatsApp, Signal and Telegram that appear to be the governments ultimate targets.UK law enforcement agencies and the Home Office have been claiming for years that such services pose a risk because they can be used by terrorists or paedophiles, regardless of whether they are used by millions of people for lawful purposes.The UKs action has created tensions with the US, however. President Trump told the Spectator on 28 February that the UKs actions were something you would hear about in China and that he had warned the UK you cannot do that during talks with prime minister Keir Starmer.Rebecca Vincent, Interim Director of Big Brother Watch, a civil society organisation that has successfully challenged the government over its use of intrusive surveillance in the courts, told Computer Weekly that the move against Apple would impact millions of people.The governments latest escalation towards Apple is alarming, as is the fact that the legal proceedings around this may take place in total secrecy. This is a matter of high public interest that will impact the privacy rights of millions in the UK, she said.If the government wins at the Investigatory Powers Tribunal, we will no doubt see similar orders to other platforms in the very near future. We will all pay the price, leaving the door to access our personal data wide open to the government and malicious actors alike, she added.A spokesperson for the Home Office said, We do not comment on operational matters, including for example confirming or denying the existence of any such [TCN] notices.But more broadly, the UK has a longstanding position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting peoples privacy, the spokesperson added.Security Minister Dan Jarvis told the Commons on 24 February that it was not the case that privacy and security were at odds and that we can and must have both.The Investigatory Powers Act contains robust safeguards and independent oversight to protect privacy and ensure that data is obtained only on an exceptional basis, and only when it is necessary and proportionate to do so, he said.In response to questions about its legal appeal, Apple referred back to a statement it issued last month announcing its withdrawal of ADP services in the UKApple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will, it said.Read more about the Home Offices battle with AppleUS intelligence chief Tulsi Gabbard probes UK demand for Apples encrypted dataApple withdraws encrypted iCloud storage from UK after government demands back door accessTop cryptography experts join calls for UK to drop plans to snoop on Apples encrypted dataUK accused of political foreign cyber attack on US after serving secret snooping order on AppleApple: British techies to advise on devastating UK global crypto power grabTech companies brace after UK demands back door access to Apple cloud