Archive for the ‘Security and Compliance’ category

Deal with WannaCrypt ransomware

May 15th, 2017

To get the latest protection from Microsoft, upgrade to Windows 10.
Keep your computers up-to-date to get the benefits of the latest features and proactive mitigations built into the latest versions of Windows.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender – built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware
• Microsoft Safety Scanner:

(The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.)

Also view :
• Microsoft Security Response Center Blog
• Microsoft Malware Protection Center Blog
• Microsoft Safety and Security Center webpage

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we recommend two possible workarounds to reduce the attack surface:
• Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 (Reboot Required)
• Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the update.

Enable Windows Defender Antivirus to detect this ransomware.
Windows Defender Antivirus uses cloud-based protection, to help protect you from the latest threats.

Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities.

For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.

A ransomware threat does not normally spread so rapidly. Threats like WannaCrypt typically leverage social engineering or emails as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators incorporated publicly-available exploit code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
It was fixed in security bulletin MS17-010, released on March 14, 2017.

WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

We haven’t found the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly likely for this ransomware family:
• Arrival through social engineering emails designed to trick users to run the malware and to activate the worm-spreading functionality with the SMB exploit
• Infection through SMB exploit when an unpatched computer can be addressed in other infected machines

The threat arrives as a dropper Trojan that has the following two components:

• Ccomponent that tries to exploit the SMB EternalBlue vulnerability in other computers
• Ransomware known as WannaCrypt

The dropper tries to connect the following domain using the API InternetOpenUrlA():

When connection is successful, the threat does not infect the system further with ransomware, nor try to exploit other systems to spread; it simply stops execution. However, when the connection fails, the dropper proceeds to drop the ransomware and creates a service on the system.

Blocking the domain with firewall either at ISP or enterprise network level will just cause the ransomware to continue spreading and encrypting files.

The threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system:

Service Name: mssecsvc2.0
Service Description: (Microsoft Security Center (2.0) Service)
Service Parameters: “-m security”

When run, WannaCrypt creates the following registry keys:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ = “\tasksche.exe”
• HKLM\SOFTWARE\WanaCrypt0r\\wd = “

It changes the wallpaper to a ransom message by modifying the following registry key:
• HKCU\Control Panel\Desktop\Wallpaper: “\@WanaDecryptor@.bmp”

It creates the following files in the malware’s working directory:

• 00000000.eky • 00000000.pky
• 00000000.res

• 274901494632976.bat
• @Please_Read_Me@.txt
• @WanaDecryptor@.bmp
• @WanaDecryptor@.exe
• b.wnry
• c.wnry
• f.wnry
• m.vbs
• msg\m_bulgarian.wnry
• msg\m_chinese (simplified).wnry
• msg\m_chinese (traditional).wnry
• msg\m_croatian.wnry
• msg\m_czech.wnry
• msg\m_danish.wnry
• msg\m_dutch.wnry
• msg\m_english.wnry
• msg\m_filipino.wnry
• msg\m_finnish.wnry
• msg\m_french.wnry
• msg\m_german.wnry
• msg\m_greek.wnry
• msg\m_indonesian.wnry
• msg\m_italian.wnry
• msg\m_japanese.wnry
• msg\m_korean.wnry
• msg\m_latvian.wnry
• msg\m_norwegian.wnry
• msg\m_polish.wnry
• msg\m_portuguese.wnry
• msg\m_romanian.wnry
• msg\m_russian.wnry
• msg\m_slovak.wnry
• msg\m_spanish.wnry
• msg\m_swedish.wnry
• msg\m_turkish.wnry
• msg\m_vietnamese.wnry
• r.wnry
• s.wnry
• t.wnry
• TaskData\Tor\libeay32.dll
• TaskData\Tor\libevent-2-0-5.dll
• TaskData\Tor\libevent_core-2-0-5.dll
• TaskData\Tor\libevent_extra-2-0-5.dll
• TaskData\Tor\libgcc_s_sjlj-1.dll
• TaskData\Tor\libssp-0.dll
• TaskData\Tor\ssleay32.dll
• TaskData\Tor\taskhsvc.exe
• TaskData\Tor\tor.exe
• TaskData\Tor\zlib1.dll
• taskdl.exe
• taskse.exe
• u.wnry

WannaCrypt may also create the following files:

• %SystemRoot%\tasksche.exe
• %SystemDrive%\intel\\tasksche.exe
• %ProgramData%\\tasksche.exe

It may create a randomly named service that has the following associated ImagePath: “cmd.exe /c “\tasksche.exe”"

Then it searches the whole computer for any file with any of the following file name extensions:
.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image. After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with a message and also runs an executable showing a ransom note which indicates a $300 ransom and a timer. The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infects other vulnerable computers. This activity results in large SMB traffic from the infected host, which normally can be observed by SecOps personnel.

Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode which seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems.

Ransomware strikes again

May 13th, 2017

Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.

Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.

Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.

Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn

Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up

The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack

The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.

The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,

Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.

Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.

What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.

This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.

The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.

Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided

VAT planning- GCC framework is published

May 10th, 2017

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

Mobile security- Microsoft’s Secure Productive Enterprise

May 7th, 2017

As more information, devices and users travel beyond the traditional network restraints, every organisation needs to place security at the forefront of a modern workforce strategy. It’s now over 6 months (October 2016) since Microsoft released its Secure Productive Enterprise package,
• What is SPE all about?
• Is SPE just ECS under a new name?
• Is SPE just a licensing bundle?

1. What is Secure Productive Enterprise?

SPE is a licensing option from Microsoft that e bundles together: Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security technologies into a single offering.

It comes in two variants: SPE E3 and SPE E5.
It can be purchased per user, with a significant cost saving compared buying the products individually.

There are several other variations nuances, of how you can buy SPE (which licensing program) and how much it will cost you. This will largely depend on your organisation’s requirements and your current licensing position with Microsoft.

2. Is SPE just ECS under a different name?

The Microsoft Enterprise Cloud Suite (ECS) has effectively become SPE E3 and includes the following core products and services:
• Windows 10 Enterprise (E3)
• Office 365 (E3)
• Enterprise Mobility + Security (E3)

3. What is Enterprise Mobility + Security?

Enterprise Mobility + Security (EMS) is what was the Enterprise Mobility Suite. The name change reflects the significant number of security products and services that were added to this solution since the launch of EMS.

4. So, is SPE just a licensing bundle?

SPE can just be a licensing bundle, if that’s all you want it to be. But it is also much more…
There is so much new technology in SPE (and Microsoft is adding to it all the time) that it can be hard to keep up. Even as a licensing option, Microsoft has included some firsts.

SPE includes brand new cloud and on-premises licensing entitlements to help organisations who plan to transition to the cloud over time, and it allows Software Assurance customers to install Office Professional Plus and Office 365 Professional Plus on up to five devices per user for the length of the subscription.

You also get the on-premises server rights for SharePoint, Exchange and Skype for Business thrown in.

More than forty thousand customers that Enterprise Mobility + Security (EMS) today.

For industries that require advanced identity governance such a:s government, military, pharma, financial services, etc SailPoint integration will extend Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud. A direct connector automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.

In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control

Contact us to request a copy of Microsoft’s fact sheet “Secure-Productive-Enterprise-at-a-Glance-October-2016.pdf”


3 new Microsoft tools to help you to move to the cloud.

April 18th, 2017

Here’s a breakdown of the three new Microsoft tools to help you move to the cloud faster and what they can offer businesses.

1. Free cloud migration assessment

This assessment will help customers to more easily find and to better understand their current server setups, to help them to determine the cost and the value of moving to the cloud. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Data center administrators can export the results of the assessment into a customized report. The report could provide some valuable data and statistics for a CIO conversation with the CFO.

2. Azure Hybrid Use Benefit

This tool should save users money on their cloud deployments. Customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal,It is available on Windows Server virtual machines in Azure, to all customers. “Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure. By using your existing licenses, you pay the base compute rate and save up to 40 percent.” the tool’s web page said,

3. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself, This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more

Office malware patch due out today.

April 11th, 2017

A new exploit, reported by McAfee, uses trick Microsoft office files to install malware on a user’s machine and can bypass existing protection methods. According to the report, the attacks started in January and leverage a vulnerability that hadn’t yet been disclosed. The hack affects all versions of Office, the report noted, including the latest version of Office 2016 on Windows 10.

This exploit uses fake versions of Office files—like Word documents—to install malware on a victim’s computer.
The problem starts when a user is sent a fake Word document from the attacker. Once the user tries to open the file, a malicious HTML application is downloaded from the attacker’s server and is then executed as an .hta file (disguised as an RTF document), giving the hacker full code execution on the victim’s computer, the report noted.”… this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” the McAfee report said.

Once the damage is done, a fake Word document is shown to the user, but at that point it is too late—malware is already installed on the machine. The vulnerability lies in the Windows Object Linking and Embedding (OLE) feature in office.

Microsoft is planning a patch for the vulnerability today – Tuesday, April 11.

it is important that users protect themselves.
1.”Do not open any Office files obtained from untrusted locations.”
2.”According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that the Office Protected View is enabled.”

Malware continues to grow as a major security threat in the enterprise. Apple recently patched a mysterious malware known as proton, and other “invisible” forms of malware have recently been found in Windows Powershell and other testing tools.

Your internet history is now for sale.
Smartphone malware rises 400% in 2016, Nokia reports

Security – Verizon Data Breach insights

February 18th, 2017

The 2017 Verizon Data Breach Digest, published Tuesday, found that the effects of a breach are spreading to even more parts of an enterprise, increasingly causing problems outside of IT.

They examined 16 different scenarios examined in the 2017 Digest drawn from Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team’s investigation of 1,400 breach cases over the past three years. The scenarios were broken up into the following four breach types:

1. The human element.
Those breaches in which humans:
- had been compromised,
- or simply made a mistake,
- or intentionally acted maliciously.

Two of the scenarios—hactivist attack and partner misuse—were labeled as “lethal.”

The hacktivist attack occurs when a hacker targets a company in response to a perceived injustice committed by the firm.
Partner misuse refers to an attack when an indignant stakeholder attacks the firm from the inside. Another example of this kind of breach is a disgruntled ex-employee.

2. Conduit devices

Conduit devices are points of entry by which an attacker gains access to an organization’s network. Mobile assault and IoT calamity were the names given to the lethal scenarios of this breach type.

- A mobile assault occurred refers to a business traveler who uses an unsecure Wi-Fi connection, which leads to his phone being compromised.

- An example of an IoT calamity is a major university that was breached through its connected vending machines and smart light bulbs.

3. Configuration exploitation

“From a system standpoint, misconfigured devices are the vectors of compromise; from a network standpoint, misconfigurations allow for easy lateral movement and avenues for data exfiltration.”

Lethal scenarios of this type are a DDoS Attack. and an ICS onslaught.

- An One example of a major DDoS attack is the Mirai botnet that took down the DNS provider Dyn, and almost took down an entire country.
- An ICS onslaught occurs when an industrial control system is compromised, and may lead toboth massive physical damage and data leaks.

4. Malicious software

In the Verizon report, none were labeled as lethal. Examples are traditional malware, RAM scraping, spyware, and keylogger software. The Digest lists the three primary purposes of malware as meant to “establish a beachhead, collect data, and exfiltrate data.”

To respond to a breach, the Verizon Data Breach Digest recommends taking the following five actions:
1.”Preserve evidence; consider consequences of every action taken.”
2.”Be flexible; adapt to evolving situations.”
3.”Establish consistent methods for communication.”
4.”Know your limitations; collaborate with other key stakeholders.”
5.”Document actions and findings; be prepared to explain them

Digital revolution – does it apply to me? ask Synergy Software Systems

January 19th, 2017

Digital transformation has been a hot topic for at least he last 5 years and is increasingly become reality. for those of us who lived through the re-engineering of the early 90s this seems to be another twist of a familiar tale. However there are major differences.Digital is no longer the shiny front end of the organization – it’s integrated into every aspect of today’s companies. As digital technologies continue to transform the economy, many leaders are struggling to set a digital strategy, shift organizational structures, and remove the barriers that are keeping them from maximizing the potential impact of new digital technologies.

A workable definition is that Digital disruption is the change that occurs when new digital technologies and business models affect the value proposition of existing goods and services.

A current aphorism is that you either have to be smarter than a robot or cheaper.

Recent developments in robotics, artificial intelligence, IoT, digital printing, virtual reality, and machine learning have put us on the cusp of a new automation age. Robots and computers can perform a range of routine physical work activities better and cheaper than humans, and are now capable of using cognitive capabilities once considered too difficult to automate successfully, such as making tacit judgments, sensing emotion, or even driving. Automation is already changing the daily work activities of everyone, from retailers, miners and landscapers to commercial bankers, fashion designers, welders, DBAs and CEOs.

What will the impact be on productivity? previous technical revolutions such as the introduction of the steam engine, or personal computing, delivered annual productivity increases of less than 1%. The speculation now is that new changes will increase productivity by 1 to 1.5 % an unprecedented rate of change, with many economic, social and political implications.

Fifty-two percent of the Fortune 500 since 2000 have merged, been acquired, or gone bankrupt since 2000.
A study by Richard Foster from Yale, shows that in the the SMP 500, the average age of a company in 1959 was about 58 years. It’s now down to 15, and it’s going to be 12 by 2020. There’s no time to wait. Digital Darwinism is unkind to those who wait.

“We’re talking about a three to four-times compression in terms of age of a company since the 50s and 60s. So, if you’re not making the shift, if you’re not even moving in that direction, you’re probably going to be merged or acquired, or go bankrupt.”

According to the new MIT Sloan Management Review and Deloitte University Press report, “Aligning the Organization for Its Digital Focus”, nearly 90% of more than 3,700 business executives, managers and analysts from around the globe say that they anticipate that their industries will be moderately, or greatly disrupted by digital trends. Yet less than half (44%) currently believe their organization is adequately preparing for this digital disruption. Ray Wang

Also see this HBR post for similar survey results

The most disrupted industries typically suffer from a perfect storm of two forces. First, low barriers to entry into these sectors lead to more agile competition. Secondly, they have large legacy business models which often generate the majority of their revenue. These organizations, therefore, have embedded cultural and organizational challenges when it comes to changing at the pace required. Digital companies can reach new customers immediately and at virtually zero marginal cost. They can compete in new sectors by collaborating with peers and competitors.

In the first wave of the commercial Internet, the dot-com era, falling transaction costs altered the traditional trade-off between richness and reach> Rich information was suddenly communicated broadly and cheaply, and changed how products are made and sold. Strategists made hard choices about which pieces of their businesses to protect and which to abandon. The learned to repurpose some assets to attack previously unrelated businesses. Virtual companies relied on outsourcing and offshore and owned little and made nothing. Incumbent value chains were “deconstructed” by competitors focused on narrow slivers of added value. Traditional notions of who competes against whom were upended—Microsoft gave away Encarta on CDs to promote sales of PCs and incidentally destroyed the business model of the venerable Encyclopædia Britannica.

With Web 2.0, the economies of mass scale evaporated for many activities nd small became beautiful. It was the era of the “long tail” and of collaborative production on a massive scale. Minuscule enterprises and self-organizing communities of autonomous individuals surprised us by performing certain tasks better and more cheaply than large corporations. Hence Linux, hence Wikipedia and Open source. Those communities grow and collaborate without geographic constraint, and major work is done at significantly lower cost – and oftenat zero price.

Many strategists adopted and adapted to these new business architectures. IBM embraced Open Source to challenge Microsoft’s position in server software; Apple and Google curated communities of app developers so that they could compete in mobile; SAP recruited thousands of app developers from among its users; Facebook transformed marketing by turning a billion “friends” into advertisers, merchandisers, and customers.

Where are we now? Hyperscaling and connectivity. Big—really big—is now beautiful. The cloud, new databases, new processing power, new BI tools, predictive analytics, data from IoT correlated with contextual search, delivered anytime anywhere on any device. Social media and smart phones are ubiquitous and real time news and peer opinion is replacing traditional news channels, and marketing and government communications. At the extreme—where competitive mass is beyond the reach of the individual business unit or company—hyperscaling demands a bold, new architecture for businesses.

We are only at the beginning of what the World Economic Forum calls the “Fourth Industrial Revolution,” characterized not only by mass adoption of digital technologies but by innovations in everything from energy to biosciences. The digital consumer, who enjoys more interactive and personalized experiences thanks to SMAC (social, mobile, analytics and cloud) technologies; the digital enterprise, which leverages SMAC technologies to optimize the cost of corporate functions and to transform enterprise collaboration for greater productivity; and the emerging digital operations wave, where companies are revolutionizing business with the use of artificial intelligence, robotics, cognitive computing and the Industrial Internet of Things.

Speculation about the effects of technologies often suffer from extreme optimism or pessimism. In the 1930s, several countries were enthusiastically experimenting with using new rocket technology to deliver mail, and in 1959, the United States trialed mail delivery via cruise missile, a proposition that could now be regarded as comical yet it ahs surfaced again with drone deliveries.

Jo Caudron and Dado Van Peteghem in their book Digital Transformation highlight 10 business models behind digital disruption. Professor Michael Wade, co-director of the IMD Leading Digital Business Transformation course has highlighted 7 strategies to respond to disruptors.

10 Hyper-Disruptive Business Models
1.The Subscription Model (Netflix, Dollar Shave Club, Apple Music) Disrupts through “lock-in” by taking a product or service that is traditionally purchased on an ad hoc basis, and locking-in repeat custom by charging a subscription fee for continued access to the product/service
2.The Freemium Model (Spotify, LinkedIn, Dropbox) Disrupts through digital sampling, where users pay for a basic service or product with their data or ‘eyeballs’, rather than money, and then charging to upgrade to the full offer. Works where marginal cost for extra units and distribution are lower than advertising revenue or the sale of personal data
3.The Free Model (Google, Facebook) Disrupts with an ‘if-you’re-not-paying-for-the-product-you-are-the-product’ model that involves selling personal data or ‘advertising eyeballs’ harvested by offering consumers a ‘free’ product or service that captures their data/attention
4.The Marketplace Model (eBay, iTunes, App Store, Uber, AirBnB) Disrupts with the provision of a digital marketplace that brings together buyers and sellers directly, in return for a transaction or placement fee or commission
5.The Access-over-Ownership Model (Zipcar, Peerbuy, AirBnB) Disrupts by providing temporary access to goods and services traditionally only available through purchase. Includes ‘Sharing Economy’ disruptors, which takes a commission from people monetising their assets (home, car, capital) by lending them to ‘borrowers’
6.The Hypermarket Model (Amazon, Apple) Disrupts by ‘brand bombing’ using sheer market power and scale to crush competition, often by selling below cost price
7.The Experience Model (Tesla, Apple) Disrupts by providing a superior experience, for which people are prepared to pay
8.The Pyramid Model (Amazon, Microsoft, Dropbox) Disrupts by recruiting an army of resellers and affiliates who are often paid on a commission-only model
9.The On-Demand Model (Uber, Operator, Taskrabbit) Disrupts by monetising time and selling instant-access at a premium. Includes taking a commission from people with money but no time who pay for goods and services delivered or fulfilled by people with time but no money
10.The Ecosystem Model (Apple, Google) Disrupts by selling an interlocking and interdependent suite of products and services that increase in value as more are purchased. Creates consumer dependency.

Business leaders are now more intent on disrupting before they are disrupted. How can you drive value from data in new ways? How can you shorten product development cycles? How can you tap into predictive analytics and social media to determine the right strategy?. Success is not just changing strategies, increasingly the need is for agility to execute multiple strategies concurrently. Such success requires CEOs to develop new leadership capabilities, new workforce skills and new corporate cultures and processes to support digital transformation. Mobile, ‘work from home’, BYOD, self-service, collaboration tools like Yammer and Team and Skype Business, e-payments, digital signatures, are tools that offer new ways of working.

For society, the implications of the Fourth Industrial Revolution are profound – from saving lives to creating jobs to better stewardship of the environment. For example our Healthcare solution built on Dynamics CRM, is providing guided pathways to the optimal route for treatment and is delivering huge cost savings and more effective care delivery by better targeting and use of resources.

Strategies to Respond to Digital Disruption
1.The Block Strategy. Using all means available to inhibit the disruptor. These means can include claiming patent or copyright infringement, erecting regulatory hurdles, and using other legal barriers.
2.The Milk Strategy. Extracting the most value possible from vulnerable businesses while preparing for the inevitable disruption
3.The Invest in Disruption Model. Actively investing in the disruptive threat, including disruptive technologies, human capabilities, digitized processes, or perhaps acquiring companies with these attributes
4.The Disrupt the Current Business Strategy. Launching a new product or service that competes directly with the disruptor, and leveraging inherent strengths such as size, market knowledge, brand, access to capital, and relationships to build the new business
5.The Retreat into a Strategic Niche Strategy. Focusing on a profitable niche segment of the core market where disruption is less likely to occur (e.g. travel agents focusing on corporate travel, and complex itineraries, book sellers and publishers focusing on academia niche)
6.The Redefine the Core Strategy. Building an entirely new business model, often in an adjacent industry where it is possible to leverage existing knowledge and capabilities (e.g. IBM to consulting, Fujifilm to cosmetics)
7.The Exit Strategy. Exiting the business entirely and returning capital to investors, ideally through a sale of the business while value still exists (e.g. MySpace selling itself to Newscorp)

As the world moves to amore digital future so the threats change. There is more data so there is more to steal and to corrupt. Security threats- phishing Trojans, malware, hacking of politicians email or government or company files or credit card details are now major challenges for all. As data grows-(how many hours of you tube video get uploaded each second) topics like high speed internet, and edge computing become more important.

Last Microsoft Security Bulletins – ends after January 2017

January 11th, 2017

Microsoft has a long tradition of publishing Security Bulletins to share information about patches and security fixes that it releases. But starting next year this is going to change. As of February 2017, Microsoft will make use of the newly launched Security Updates Guide database.

it was a little afterthought tacked on the end of a short blog post: “Security update information will be published as bulletins and on the Security Updates Guide until January 2017. After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide”.

The main point of the blog point was to point out the existence of the new database, of which Microsoft says:
“This month we released a preview of our new single destination for security vulnerability information, the Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database.”

Meanwhile Microsoft’s January 2017 Patch Tuesday Comes with 4 Security Updates and two of the four Microsoft security bulletins are rated as critical, the highest severity rating a bulletin can receive. Because of this, users should make sure they install this month’s updates as soon as possible.

The Patch Tuesday update fixes 15 unique vulnerabilities, among which 12 are inherited from Adobe Flash, and only three affect Microsoft native products. In fact, this month’s security updates are one of the smallest security bulletin Microsoft has released to date. Besides the security updates, Microsoft also released new Windows 10 cumulative updates KB3213986, KB3210720, and KB3210721, for which there are no changelogs available at the time of writing

Ransomware was on the rise throughout 2016.

January 10th, 2017

49% of businesses fell victim to cyber ransom attacks in 2016

Ransom is the top motivation behind cyberattacks, – Radware’s Global Application and Network Security Report 2016-2017
The report listed five cybersecurity predictions for 2017:
1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets. IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.
2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.
3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called “phlashing,” damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.
4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.
5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.

To avoid ransomware attacks and other cyber threats: keep software up to date, back up all information every day to a secure, offsite location (e.g. Azure cloud back up), segment your network, performing penetration testing, train staff on cyber security practices.
Ensure passwords are strong and are regularly updated
Ensure you have deployed appropriate anti virus / anti-malware tools.
Test your back up and restore periodically.
Ensure your support contracts are up to date.
Don’t forget your hardware e.g. out of date protocols on routers may be targets for hackers.
If you have large complex networks and critical data and up-time requirements, then consider ethical-hacking penetration testing.
Managed services solutions can monitor your networks and services to ensure critical hardware and services are functioning.

Security and data privacy – vigilance needed more than ever

November 19th, 2016

The personal details of millions who signed up to a sex hook-up website in the past 20 years have been exposed in one of the largest ever data breaches.
The email addresses and passwords of 412 million accounts have been leaked after the meet-up website AdultFriendFinder and sister sites were hacked. At least 5.2 million UK email addresses were stolen in the breach, which also included the date of last visit, browser information, some purchasing patterns.
AdultFriendFinder describes itself as “one of the world’s largest sex hook-up” websites, with more than 40 million active users. The hack, against its parent company Friend Finder Networks, also involved data from, a live video sex site, and, an internet porn site that was sold in February.

The attack, occurred in October and is one of the biggest on record, following closely behind Yahoo, which recently reported the loss of half a billion users’ details. It eclipses last year’s Ashley Madison hack, in which the personal information and sexual preferences of 37 million people were exposed.

The passwords and usernames were stored in a way that is easily decoded, meaning 99 per cent of those stolen were legible to the hackers either in plain visible format or SHA1 hashed. Neither method is considered secure.

The stolen data included the details of 15 million accounts that had been deleted by the users but remained on the company’s servers.

Companies still tend to underestimate the risks related to web applications, and consequently put their customers at huge risk. With this breach of 400 million accounts expect a domino effect of smaller data breaches with password reuse and spear-phishing.  

Don’t re-use passwords. One ultra-secure one won’t be any good if someone finds it
While combining upper and lower case passwords with numbers to alter a memorable word – M4raD0na – is often advised, these are more easily cracked than you might think
Good advice is to make a memorable, unusal sentence: “I am a 7-foot tall metal giant” is better than “My name is John”, and use the first letter of each word with punctuation: “Iaa7-ftmg”
The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in.

The aim of spear phishing is to trick people into handing over sensitive information, such as card or login details, with an email that appears to be from a person or business they know and trust.
It is more targeted than phishing, which is when emails are sent out that contain either links or attachments that either take you to a website that looks like your bank’s, or installs malware on your system.
A report by Verizon into data breach investigations has shown that 23% of people admit to having opened phishing emails.
Many phishing attacks come from East Europe so be very suspicious is you see RTU in the email address domain.

The bank or will never phone you for your PIN or password.
They don’t send you mails form a hotmail account.
No company will send someone to your home to collect financial information or your bank card. Neither will they ask you transfer money to a new account – even if only for fraud reasons
No business or individual needs to know your personal financial information – including the bank or the police. Do not disclose your PIN, password or personal details unless you are sure of who you are talking to
Do not assume a caller is genuine if they know personal details about you. This could have been garnered elsewhere or pieced together through other means or email and may be trying to gather more information such as answers to security questions.

When you receive an email asking you to check your account manually type the company’s website into your browser rather than clic on a link that could take you to a fake version of the site

SQL 2016 Sp1- this is a big deal – Synergy Software Systems

November 19th, 2016

In addition to a consistent programmability experience across all editions.

SQL Server 2016 SP1 also introduces all the supportability and diagnostics improvements first introduced in SQL 2014 SP2, as well as new improvements and fixes centered around performance, supportability, programmability and diagnostics based on the learnings and feedback from customers and SQL community.

SQL Server 2016 SP1 also includes all the fixes up to SQL Server 2016 RTM CU3 including Security Update MS16–136.

SQL editions have traditionally been differentiated by features- this meant that essential features for day to day database use were not present in express or standard versions. Our view is that this is not desirable and that ther is core set of features needed in all editions, and that differentiation should be more about hardware size and resource supported.

Well Sql 2016 sp1 now brings us close to that wish so its a really big deal for the SMB and mid market customer.

Once you have an application using SQL Server 2016 Standard Edition, you can just do an Edition Upgrade to Enterprise Edition to get even more scalability and performance, and take advantage of the higher license limits in Enterprise Edition. You will also get the intrinsic performance benefits that are present in Enterprise Edition.

The table compares the list of features which were only available in Enterprise edition, which are now enabled in Standard, Web, Express, and LocalDB editions with SQL Server 2016 SP1. This consistent programmatically surface area allows developers and ISVs to develop and build applications leveraging the following features which can be deployed against any edition of SQL Server installed in the customer environmen

This is a bold move by Microsoft, and should increase Standard sales, and customer satisfaction, without cannibalizing Enterprise sales. Standard Edition customers can use these features both to consolidate their codebases and, in many scenarios, build solutions that offer better performance.

There are many of new features available across all editions of SP1.
There still differences in Enterprise:

Availability features like: online operations, piecemeal restore, and fully functional Availability Groups (e.g. read-only replicas) are still Enterprise only.

Performance features like parallelism still don’t work in Express Edition (or LocalDB).

Automatic indexed view usage without NOEXPAND hints, and high-end features like hot-add memory/CPU, will continue to be available only in Enterprise.

Operational features like: Resource Governor, Extensible Key Management (EKM), and Transparent Data Encryption will remain Enterprise Edition only.

Others, like Backup Encryption, Backup Compression, and Buffer Pool Extension, will continue to work in Standard, but will still not function in Express.

SQL Server Agent is still unavailable in Express and LocalDB. As a result, , Change Data Capture will not work. Cross-server Service Broker also remains unavailable in these editions.

In-Memory OLTP and PolyBase are supported in Express, but ere unavailable in LocalDB.

Virtualization Rights haven’t changed and are still much more valuable in Enterprise Edition with Software Assurance.

Resource limits on the lower level editions remain the same. The upper memory limit in Standard Edition, is still 128 GB (while Enterprise Edition is now 24 TB).

I feel that Standard Edition is expensive enough that its memory limits should never be so dangerously close to the upper bound of a well-equipped laptop and maybe we should expect the limit to increase at least with each new version. If you when you are on Standard Edition and scale is required, then you can now use many Enterprise features across multiple Standard Edition boxes or instances, instead of trying to scale up.

All the newly introduced Trace flags with SQL Server 2016 SP1 are documented and can be found at

SP1 contains a roll-up of solutions provided in SQL Server 2016 cumulative updates up to and including the latest Cumulative Update – CU3 and Security Update MS16–136 released on November 8th, 2016. Therefore, there is no reason to wait for SP1 CU1 to ‘catch–up‘ with SQL Server 2016 CU3 content.

The SQL Server 2016 SP1 installation may require reboot post installation

SQL Cumulative updates for September 2016 –

September 24th, 2016

Cumulative update 14 release for SQL Server 2012 SP2 is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.
CU#14 KB Article:
Microsoft® SQL Server® 2012 SP2 Latest Cumulative Update:
Cumulative update 5 release for SQL Server 2012 SP3 is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.
To learn more about the release or servicing model, please visit:
• CU#5 KB Article:
• Microsoft® SQL Server® 2012 SP3 Latest Cumulative Update:
• Update Center for Microsoft SQL Server:
Microsoft also just announced that Cumulative Update 2 for SQL Server 2016 is now available for download here. There are a number of fixes including one regarding the Query Store. See here – you should seriously consider if you are running QSL Server 2016.

Stephen Jones
Synergy Software Systems
009714 3365589
Visit our active blog site for news and the latest product information
Microsoft Award – Highest Customer Satisfaction 2014
Microsoft President’s Club 2015

Gartner shows Microsoft Azure as a cloud leader for the third succesive year

September 23rd, 2016

Gartner has recently identified Microsoft Azure as a leader in the analyst firm’s Magic Quadrant for Cloud Infrastructure as a Service (IaaS), for the third year in a row, both based on both completeness of vision and the ability to execute.

Microsoft’s Azure cloud platform enables the creation of virtual networks, servers and machines, and supports multitenant storage, object storage and a robust content delivery network for both Microsoft and other vendor solutions. Azure also provides advanced services such as machine learning and Internet of things.

The Azure infrastructure has security integrated from the ground up, and all data, whether at rest or in transit, is strongly encrypted. All of offerings are supported by a leading-edge Cyber Defense Operations Centre that monitors customer infrastructure around the clock.

Gartner’s announcement comes at a time when the Gulf region is taking strident steps towards cloud infrastructure adoption. Saudi Arabia plans to invest $2 trillion in IT projects in the coming years, with a significant portion to be invested in cloud. Meanwhile, the United Arab Emirates will see a gradual growth in IT spend from now until 2020, according to a report from BMI Research. A compound annual growth rate (CAGR) of 3.4 per cent is expected.

An accompanying decline in hardware sales together with BMI’s prediction that SaaS will take an increasing share of software sales, and strongly indicates a decisive shift to cloud for the GCC.

When Microsoft announced the G series of virtual machines, back in Q1 of 2015, it represented the most memory, highest processing power and the largest local SSD capacity of any VMs then available in the public cloud. The G series, allowed Azure to lead the market with continued innovation also supporting SAP HANA workloads up to 32 TB. Azure has industry-wide recognition too for its support of Linux and other open-source technologies having nearly one third of all Azure VMs on Linux boxes.

Gartner’s report singled out Microsoft’s “rapid rollout” of these new features and many others, signaling that the company’s brand and history, both with its customers and with its delivery of enterprise-class solutions and services, combine to allow the company to ‘rapidly attain the status of strategic cloud IaaS provider’.
“Microsoft Azure encompasses integrated IaaS and PaaS components that operate and feel like a unified whole,” Gartner analysts wrote.

Microsoft has been rapidly rolling out new features and services, including differentiated capabilities. It has a vision of infrastructure and platform services that are not only leading standalone offerings, but also seamlessly extend and interoperate with on-premises Microsoft infrastructure (rooted in Hyper-V, Windows Server, Active Directory and System Center), development tools (including Visual Studio and Team Foundation Server [TFS]), middleware and applications, as well as Microsoft’s SaaS offerings.”

Gartner’s analysts also cited Microsoft’s “deep investments” in engineering and “innovative roadmap” as crucial factors in the company’s current IaaS market standing. The report further recommends Microsoft Azure for General business applications and development environments that use Microsoft technologies; migration of virtualized workloads for Microsoft-centric organizations; cloud-native applications (including Internet of Things applications); and batch computing.

Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organisation on the planet to achieve more.

Microsoft Gulf opened its Dubai-based headquarters in 1991 the same year as Synergy Software Systems.

For cloud hosting, or to back up to the cloud, or for applications like Dynamics 365 or Ax RTW (7) or Synergy MMS, or our xRM HIS, or Imaging storage, and Document management, or for cloud based monitoring of your clouds and on premise networks, find out how we can help with your move to the cloud.

Cloud – IaaS,PaaS,SaaS – what does this mean for Microsoft Dynamics?

September 20th, 2016

•<IaaS – Infrastructure as a service shares a huge gird of raw computing power and storage, including databases, rules engines, processing power and other infrastructure capabilities. A cloud provider makes this power accessible on an “as needed” basis. Its usually charged as a utility – you pay for what you use. for many comanies this is a way to outsource much of their day to day IT server management and strategy. The cloud provider takes care of hardware and database and operating systems upgrades, patches. log management, database tuning and expansion, and support, together with the associated overhead cost of energy, staff, server room – (no fit out, space to rent,n or A/c needed no separate maintenance contracts, no need for back up and anti virus software, etc)
PaaS - Platform as a service. This allows developers to access tools to create their own applications. The building blocks are made available by the software vendors to provide a jump start on development. PaaS is what your supply chain IT support or third party consultants can use to create customized workflows or tools specific to your needs. This may also for example be a temporary environment for testing
•SaaS – Software as a service. The business process application (“solution” in vendor-speak) layer in the cloud. Users can ‘rent’ or subscribe to applications on a per use basis to tackle specific business issues. SaaS is what you log on to use without any customization. Some vendors may also offer a rent to buy option.

Dynamics CRM is available on the cloud as part of the Office 365 suite ,and also on premise.

Ax can be run on premise, or the on premise licenses can be hosted on a cloud such as Azure i.e. IaaS charges are based on the server and database option selcted, the amount of storage space , the number of environments and a per month cost based on usage.
Both CRM and Ax are also available on a SPLA i.e rental licence basis/per user role either premise or on a hosted platform.
Third party hosting providers may offer a fixed priced SPLA and IaaS offering, for example Synergy Software Systems provides this option via our partner SaaS Plaza.

The current version of AX, released under the codename “AX 7″, or sometimes as Ax RTW provides both infrastructure and platform as a service, and you could also say software as a service for many businesses. It is currently only available as a cloud offering with a minimum of 20 Enterprise users or equivalent (this minimum number was reduced to 20 this month)

Note Historically AX has been a favored development platform and is often bought with the purpose of customizing the logic to match the exact needs of the business, instead of a company attempting to adjust their business processes.

The next step will be Dynamics 365 which will launch in the USA in November this year and we expect to see in the U.A.E. mid 2017. This will be an integrated solution with a common database, common data layer (out of the box master data integration), office productivity (Word Excel …) and communication tools (Skye Business,) collaboration tools )SharePoint, Yammer..) CRM, A Business logic layer which until recently was called ‘madeira’ this will extend to include sales, purchases finance … and will be an excellent solution of the SMB sector and medium size businesses. For the Enterprise customer Dynamics Ax 7 will also be an option finally set of tools will work across this solution stack Power Apps (think Xamarin, AsxStudio) Power BI, Microsoft Flow etc. And that’s not all there will also be an apps store and it will be easy for developers to push new apps into the store.

we will be covering lot more in this topic in coming months.

So the cloud is coming and offers more options than ever. Many companies will have a mix of on premise and cloud based solutions for the foreseebale future.Azure technology stack is due mid next year and will enable on premise Ax 7 as will as other hybrid cloud options There are many other azure solutions, e.g. for cloud based back up, or Cortana Analytics for Bi or the Azure IoT stack.

All the major IT vendors are now focused on the cloud. As the world becomes more mobile, and business models more disruptive expect its adoption to accelerate -we already mass use cloud systems One note, drop box, Facebook Linked-in Google apps, Hotmail, You tube, Vimeo,…. and many mobile apps already in our personal lives and the new ‘generation z’ employees now entering the job market expect the same power, agility and simplicity f se in their work tools.
So if the cloud, social and mobile are not part of your IT strategy then you have already ‘missed the bus’.