Archive for July, 2019

“Disbursements & Reimbursements’: U.A.E. – VAT clarification

July 31st, 2019

The Federal Tax Authority (‘FTA’) has released a Public Clarification on “Disbursements & Reimbursements” which addresses how to distinguish reimbursements and disbursements, and to clarify the applicable VAT treatment.

U.A.E. businesses incur expenses and subsequently recover such expenses from another party. The VAT treatment of the subsequent recovery of expenses depends on whether the recovery is a “disbursement” or a “reimbursement”.

The first step to determine whether a recovery is a disbursement or reimbursement is to establish whether you have acted as a principal or an agent in purchasing the goods or services

General principles to determine the VAT treatment of such recoveries:
Where a taxable person acts in the capacity of an agent, the recovery would generally amount to a disbursement.
A disbursement does not constitute a supply and is,therefore, not subject to VAT

Where a taxable person acts in the capacity of a principal, the recovery would generally amount to a reimbursement.
A reimbursement is part of consideration for the supply and follows the same VAT treatment as the main supply.

Principles

* The other party (from who you are recovering such expenses) should be the recipient of the goods or services;

* The other party should be responsible for making the payment to the supplier;

* The other party should have received an invoice or tax invoice in their own name from the supplier;

* The other party should have authorized you to make the payment on his behalf;

* The goods or services paid for should clearly be additional to the supplies you make to the other party;

* he payment should separately be shown on the invoice and you should recover the exact amount paid to the supplier, without a mark-up.

* You should have contracted for the supply of goods or services in your own name and capacity;

* You should have received the goods or services from the supplier;

* The supplier should have issued the invoice in your name;

* You have the legal obligation to make payment to the supplier;

* In case of goods, you should own the goods prior to making any onward supply.

Examples

Company A procured group medical insurance from a local insurance company and received an invoice directly from the insurance company.

* Company A requested Company B to make the payment on its behalf.

* The subsequent recovery of the amount by Company B from Company A will amount to a disbursement, and would not be subject to VAT.

* Company A should ensure that the Tax Invoice is addressed to it from the insurance company and should recover the input tax through its UAE VAT return, subject to the normal input tax recovery rules.

Company A entered into a contract with Company B to provide marketing services.

* The contract stipulated that Company A would be eligible to reimburse the expenses from Company B.

* Company A incurred the expenses in its own name and subsequently recovered the amounts from Company B as per the terms of the contract.

* The recovery of expenses from Company B would follow the same VAT treatment as that of the main supply.

We recommend;

* Identify the nature of your contract and agent/principal relationships (if any) based on the above principles;
* Ensure that all disbursements have proper authorizations (contracts); and
* Re-view all inter-company disbursements/ reimbursements (cross-charges).

SQL Server 2014 Sp3 mainstream support ended on July 9 – CU4 just released

July 31st, 2019

However Cumulative Update 4 for SQL Server 2014 SP3 has just been released.

https://support.microsoft.com/en-us/help/4500181/cumulative-update-4-for-sql-server-2014-sp3

Office 365 will retire TLS 1.0 and 1.1 starting June 1st, 2020

July 24th, 2019

To provide best-in-class encryption, and to ensure the service is more secure by default, Microsoft is moving all of its online services to Transport Layer Security (TLS) 1.2+

Office 365 will be retiring TLS 1.0 and 1.1 starting June 1, 2020. This means that all connections to Office 365 using the protocols TLS 1.0 and TLS 1.1 will not work so prior to June 1, 2020.

Plan to replace clients and devices that rely on TLS 1.0 and 1.1 to connect to Office 365.

The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery. Transport Layer Security (TLS), and the deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communications security over a computer network and the protocols find are uses in applications such as: web browsing, email, instant messaging, and voice over IP (VoIP). Websites use TLS to secure all communications between their servers and web browsers. The latest version – TLS 1.3 – is an overhaul that strengthens and streamlines the crypto protocol.

The work on TLS1.3 started in April 2014, and it took four years and 28 drafts before it was approved in March of 2018. Version 1.3 makes the handshake process faster by speeding up the encryption process. This has a security benefit, and will also improve performance of secure web applications. With TLS 1.2, the handshake process involved several round trips, whereas with 1.3 only one round is required, and all the information is passed at that time. In addition to security improvements, TLS 1.3 eliminated a number of older algorithms that did nothing other than create vulnerabilities.The updated protocol added a function called “0-RTT resumption” that enables the client and server to remember if they have communicated before.

The PCI compliance standards require that any site accepting credit card payments uses TLS 1.2 after June 30, 2018 Services such as PayPal, Authorize.net, Stripe, UPS, FedEx, and many others already support TLS1.2, and have announced that they will eventually refuse TLS 1.0 connections. This means your safest action is to upgrade to TLS 1.2+/3 sooner than later to avoid disruption. It also likely to be a consideration for GDPR compliance in the event of a breach if using an older protocol.

Dynamics 365 license changes – from 1 October 2019

July 22nd, 2019

There was a lot of exciting product and technology news form Microsoft’s Inspire event in Las Vegas this month.
Not so inspiring for many of the audience was the announcement of changes in licensing to take effect as early as 1 October this year.

if you are an existing Dynamics 365 customer on the cloud for any app then you are affected, as are those intending to buy.

For now there is no change to on-premise licenses (some D365 apps are only available on the cloud).

Effective October 1 , 2019, Customer Engagement Plan, Unified Operations Plan, and Dynamics 365 Plan
SKUs will be removed from all price lists. Finance and Operations will be split into individual applications – one for Supply Chain Management, and one for Finance. This change will enable customers to purchase suitable core workload application(s) for individual user
needs going forward.

Core workload Business Applications are Sales, Customer Service, Field Service, Project Service Automation, Supply Chain Management, Finance, Retail, and Talent. The current plan offerings for :Customer Engagement Plan, Unified Operations Plan, and Dynamics 365 Plan be removed from all channels and for all licensing segments.

The new ‘ la carte’ approach is user license (USL) based.

Base license: the first Business Application purchased at the standard price.
Attach licenses are the additional USL application(s) at a flat price of:
$20 per Customer Engagement application
or
$30 per Unified Operations application.

• Each Attach license can only be assigned to a user with the prerequisite Base license.
• When purchasing multiple Business Applications, the Base license must be the higher priced license.
• Each user may only have one Base license.
• Attach license:USL application(s) incrementally purchased after the Base license. Users may have
as many Attach licenses as needed.
• Base and Attach licenses are identical in their core capabilities and are only differentiated in price. .

Business Applications that can’t be purchased as Attach licenses:
Core workload Business Applications:
• Project Service Automation
• Marketing
• Talent
Non-core workload applications:
• Customer Insights
• Microsoft Relationship Sales solution
• Sales Insights
• Marketing Additional Application
Customer Service Chat
• Resource Scheduling Optimization
• comprehensive hiring
• Order Lines
• Forms Pro
• All capacity add-ons

Customers seeking one Business Application per user should only purchase a Base license per user.
Single Business Applications priced between $50-$180 are less expensive than Customer Engagement Plan ($115) or Unified Operations Plan ($190) today.

For existing customers there is no immediate change to customers’ existing agreement. They can true up seats at the renewal anniversary as required. At renewal (after the beginning October 2019), customers must renew on the new Attach construct. They must have a qualified Base license for each user and assign the additional Attach licenses to their multiple application users as required. Its possible that someone will be able to use lower cost licenses.

Supply Chain Management, Finance, and Retail apps have a 20-user minimum purchase requirement. There is a difference between CE and CSA licensing in this respect..

There is no change in dual use rights. Dual use rights vary by application.

Calorie counts on menus in Dubai deferred.

July 22nd, 2019

Khalid Mohammad Sherif Al Awadhi, CEO of the environment, health and safety control sector at Dubai Municipality recently said that displaying calories in menus will be optional for next two years and that the Municipality decided to postpone the implementation of the rule,, “to allow enough time for the industry to prepare itself.”The Food Safety Department will continue to encourage food establishments to declare calorie content.

(In May it was announced that restaurants, cafeterias and cafes with more than five branches were expected to mandatorily display the caloric value of each and every food item from November this year. All other restaurants, catering establishments and hotels were given the deadline of January 2020 to implement the rule).

A similar postponement happened in the USA ( part of the 2010 Affordable Care Act) due to industry lobbying. For example grocery store and convenience store industries argued that the rules didn’t take into consideration the vast differences between how the various types of affected establishments operate (think fast-food restaurants versus pizza delivery chains versus gas stations). They protested the legislation would place unfair burdens on businesses that sell food and drinks that aren’t displayed on a centralized menu board, such as gas stations that may have multiple drink stations where customers can get self-serve sodas, frozen drinks, or coffee.

A number of chains, including McDonald’s and Starbucks, had already put menu labeling into effect in recent years in anticipation of the new guidelines.

Arguably one reason a lot of restaurant food tastes so good is because it’s full of fat and salt — and no restaurant wants to broadcast to its diners that they’re serving 2,000 calorie salads or 1,200 calorie milkshakes. However, In light of the global epidemics of obesity and diabetes, some believe it’s simply irresponsible for restaurants to serve burgers with more calories than an average adult human needs in a day, or lattes that have more sugar than a chocolate bar.

Whether displaying nutritional information on menus actually causes consumers to make healthier choices or not is still up for debate: Some studies indicated that calorie counts on menus don’t ahave much of an effect on what people order — but they may be somewhat effective in encouraging the restaurants themselves to offer lower-calorie foods. However, many worry about nutritional data, like eating the ‘right calories’, not eating gluten products etc.

Food establishments are free to choose the services of qualified professionals or compute the caloric value of ingredients by using third-party software. It is likely there will be a future requirement to add additional nutritional information to help customers to make informed, healthy eating choices.

If you are seeking a specialist solution to provide and manage and compute nutritional information then contact us on 097143365589

Power Bi new installers – be ready to change your upgrade scripts

July 20th, 2019

Currently, Microsoft builds and publish 84 different .msi files for installing Power BI – a 32-bit and a 64-bit one for each of the 42 languages it supports/

They have just completed work to wrap these into two installers (32- and 64-bit), which will give users the ability to change the language of the UI and model without having to install a new version.

An enterprise administrator who manages the rollout of Power BI Desktop to users in multiple languages will find this much easier.

You can get the new single installer at https://aka.ms/pbiSingleInstaller, and you still find the separate MSIs for each language at https://www.microsoft.com/download/details.aspx?id=45331.

The MSIs will continue to be available (and updated each month) until the September update, after which only the new single installer will be available.

If you have scripts that pull new versions of Power BI Desktop from the Microsoft Download Center, need to be update to point to the new location before October 1st

Windows 7 exploit- critical fix July 2019

July 16th, 2019

Microsoft’s latest SSU helps fix a bug in Secure Boot that interferes with Windows’ BitLocker encryption system. The updates are available from the Microsoft Update Catalog or through Windows Server Update Services (WSUS).

Microsoft said it “strongly recommends” that users and admins install this latest SSU before installing the latest cumulative update, which was released along with this month’s Patch Tuesday updates. This month’s updates brings a fix for a Win32k zero-day, marked as CVE-2019-1132, which was part of an attack used by Kremlin-backed hackers. The researcher at ESET, Anton Cherepanov, found the exploit for the flaw which doesn’t affect Windows 10 or Windows 8 but it does impact older versions including Windows 7 SP1, Windows Server 2008 SP2, and Windows Server R2 SP1. Cherepanov noted that the technique used in the current exploit is “very similar” to one used before 2017 by the advanced hacking group called Sednit, aka Fancy Bear, APT28, STRONTIUM, and Sofacy. Windows 8 and later block a key component of the exploit chain, which is why the flaw only affects earlier versions of supported Windows versions. He notes that Microsoft back-ported the Windows 8 mitigation to Windows 7 for x64-based systems.

Bugs like this are one reason Windows 7 users should follow Microsoft’s advice to upgrade. Those who still use Windows 7 for 32-bit systems Service Pack 1 should update to newer operating systems, since extended support of Windows 7 Service Pack 1 ends on January 14, 2020. Which means that Windows 7 users will then no longer receive critical security updates. Thus, vulnerabilities like this one will stay unpatched forever.

This is not the only fix – the Microsoft patches address 77 security flaws, including 15 rated “critical.”
In May this year patches were also released for BlueKeep’s – the ability to automatically spread from one vulnerable machine to another – could be exploited in an attack on the same global scale as WannaCry, whose worm capabilities were enabled by EternalBlue, the leaked NSA exploit for the SMBv1 file-sharing protocol. The NSA urged admins to patch the flaw and change configurations to prevent potential attacks. Its warning followed research that found that at least one million Windows computers were still vulnerable to BlueKeep. The NSA said it was “likely only a matter of time” before attacks emerged.

Windows 7 updates July 2019

July 16th, 2019

Last week there were Windows Updateof security and reliability fixes for Windows 7 as part of the normal Patch Tuesday delivery cycle for every version of Windows. icrosoft split its monthly update packages for Windows 7 and Windows 8.1 into two distinct offerings: a monthly rollup of updates and fixes and, for those who are want only those patches that are absolutely essential, a Security-only update package. Under Microsoft’s rules, what it calls “Security-only updates” are supposed to include,only security updates, not quality fixes or diagnostic tools. However, this month’s Security-only update, the “July 9, 2019—KB4507456 (Security-only update),” bundled in the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

The concern is that these components are being used to prepare either for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some it seems to be a short step from innocuous data collection to spyware. Microsoft appeared to be surreptitiously adding telemetry functionality to most of its solutions. Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates). So this is not a security-only update.

The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed. Given the headaches users faced over unwanted upgrades back in Windows 10′s first year why is Microsoft reluctant to talk about security issues except in formal settings like release notes and support bulletins.

This has already been an exhausting week thanks to a pair of Windows 10 zero-day exploits being used in the wild, by Kremlin-backed hackers.

Windows 10 19H2 release

July 16th, 2019

The 19H2 release of Windows 10, which will probably be called the Windows 10 October 2019 Update, will not include a list of new user-facing features. Instead, it will deliver “select performance improvements, enterprise features and quality enhancements.”

This update “will install like a monthly update” on PCs that are running the latest Windows 10 release, version 1903. In other words its what we would call a service pack even if Microsoft no longer does. Devices on any currently supported version of Windows 10 will only need to reboot once to update them to 19H2. The 19H2 release will be fully supported for 30 months. While still n aggressive update schedule for some IT departments that is a lot easier to live with than 6 monthly updates. (The update is the last Windows 10 release before the end of free support for Windows 7 on January 14, 2020. )

For OEM and retail Windows editions, even Windows 10 Home, feature updates are no longer immediately mandatory. The twice-yearly feature updates are offered on PCs that Microsoft’s algorithms deem suitable; but the feature update is to be offered as an optional update that the PC’s owner has to approve manually. You’re can ignore that prompt for as long as the current version is supported, or a maximum of 18 months.

For businesses with PCs running Windows 10 Pro, the updates are delivered with the same 18-month support cycle. The difference is that administrators can defer monthly cumulative updates by up to 30 days and can defer feature updates by up to 365 days. On a PC with Windows 10 Settings app or applied Group Policy to defer feature updates, the option to update to the next release doesn’t appear at all until the deferral period ends or the current version reaches its end-of-support. Companies that run Windows 10 Pro should plan for an annual Windows 10 feature update – any .than 12 months, but and you may hit an end-of-support date and a forced feature update.

Customers running Windows 10 Enterprise and Education get the longest support calendar, \. The March updates will have an 18-month support cycle for all editions, whereas the September release will get the longer, 3 install version 1903 late in 2019 and plan to install the 19H2 release as a lightweight update when it’s ready. With that “service pack” in place, they can leave those PCs alone for two full years, until the second half of 2021.0-month support cycle for Enterprise and Education editions. (All Windows 10 Pro releases are supported for 18 months.)

To ensure updates don’t happen at the wrong time see this post:

https://www.techrepublic.com/article/how-to-control-updates-in-windows-10/?ftag=CMG-01-10aaa1b

P.S. Dark mode to reduce eye strain MacOS got dark mode last year in Mojave, . Android also got a dark mode setting last year, and the upcoming Android Q will make it easy to turn on. You can similarly dim the lights in Windows 10 = Go to Settings, tap Personalization, tap Colors and then under Choose your default app mode, choose Dark.

GDPR enforcement be aware of what it means to you

July 15th, 2019

http://www.enforcementtracker.com/

Reports that in Germany there have already been 101 fines made public worth 484.900 EUR. As well as recent high profile fines recently covered in this blog there many other actions reported on this site.

Some examples

France: SERGIC, a company specialized in real estate development, purchase, sale, rental and property management
The two key reasons were lack of basic security measures and excessive data storage Sensitive user documents uploaded by rental candidates (including ID cards, health cards, tax notices, certificates issued by the family allowance fund, divorce judgments, account statements) were accessible online without any authentication procedure in place.
Although the vulnerability was known to the company since March 2018, it was not finally resolved until September 2018. In addition, the company stored the documentation provided by candidates for longer than necessary. The CNIL took into account. the seriousness of the breach (lack of due care in addressing vulnerability and the fact that the documents revealed very intimate aspects of users’ lives), the size of the company and its financial standing.

Google – The fine was imposed on the basis of complaints from both: the Austrian organisation “None Of Your Business” , and the French NGO “La Quadrature du Net” that concerned the creation of a Google account during the configuration of a mobile phone using the Android operating system. The CNIL imposed a fine of 50 million euros for lack of transparency (Art. 5 GDPR), insufficient information (Art. 13 / 14 GDPR) and lack of legal basis (Art. 6 GDPR)

UNIONTRAD COMPANY – Complaints were made by several employees of the company who were filmed at their workstation. This was in breach of rules to be observed when installing cameras in the workplace, in particular, that employees should not be filmed continuously and that information about the data processing has to be provided. In the absence of satisfactory measures at the end of the deadline set in the formal notice, the CNIL carried out a second audit in October 2018 which confirmed that the employer was still breaching data protection laws when recording employees with CCTV.

Austria – A fine was imposed against a private person who was using CCTV at his home. The video surveillance covered areas intended for the general use of the residents of the multi-party residential complex: parking lots, sidewalks, courtyard, garden and access areas to the residential complex; and the video surveillance covered garden areas of an adjacent property. The video surveillance subject of the proceedings was therefore not limited to areas which are under the exclusive power of control of the controller. Video surveillance is therefore not proportionate to the purpose and not limited to what is necessary. The video surveillance records the hallway of the house and films residents entering and leaving the surrounding apartments, thereby intervening in their highly personal areas of life without the consent to record their image data.

Romania – WORLD TRADE CENTER BUCHAREST SA - A printed paper list used to check breakfast customers, contained personal data of 46 clients who stayed at the hotel’s WORLD TRADE CENTER BUCHAREST SA and was photographed people outside the company, which led to the disclosure of the personal data of some clients through online publication. The operator of WORLD TRADE CENTER BUCHAREST SA was sanctioned because it has not taken steps to ensure that data was not disclosed to unauthorized parties.

Hungary a fine was imposed on an unnamed financial institution for unlawfully rejecting a customer’s request to have his phone number erased after arguing that it was in the company’s legitimate interest to process this data in order to enforce a debt claim against the customer. In its decision, the NAIH emphasised that the customer’s phone number is not necessary for the purpose of debt collection because the creditor can also communicate with the debtor by post. Consequently, keeping the phone number of the debtor was against the principles of data minimisation and purpose limitation. As per the law, the assessed fine was based on 0.025% of the company’s annual net revenue.

Several countries issues fines related to misuses of data in elections.
Several countries issued fines to companies who did not respond to a request by an employee or customer about data that was held about them.

PwC’s own UK Privacy & Security Enforcement Tracker found that fines in the UK alone over data protection law violations totalled £6.5 million in 2018.

SQL Server 2008 and SQL Server 2008 R2 -OUT OF SUPPORT today

July 13th, 2019

SQL Server 2008 and 2008 R2, both of these versions of SQL server go out of extended support with Microsoft today 9th July 2019

Many companies and businesses are still SQL Server 2008 R2 and below. There can be a number of reasons for this, maybe the applications the databases support require an older version of SQL Server, maybe the applications are also coming to the end of life, but the end dates do not match up with the data platform end of support dates.

Sometimes applications are critical to the business and everything works just fine. The business doesn’t want to disrupt the application or introduce any risk by performing a migration to a new version so why change it?

In this situation your data platform is out of support completely. Out of support system attract hackers. Note the previous articles about fines for loss of privacy data to realise how serious this can be

So you should be making plans to migrate your legacy SQL Servers off the unsupported versions. It is likely if you are still on an old database that you are also on an old server and on an old version of Windows. That gives additional risk of failed hard disks, other system vulnerabilities – Meltdown, Spectre? Phishing…….
Investors and insurers are not likely to be sympathetic in such circumstances.

There are many performance and security benefits of upgrade.

If you decide to run on out support software and take the risk associated with running on out of support software. The main advantage of this approach is there is nothing immediate to do. The longer you run on the platform the greater the chances of you encountering a security vulnerability or failing a compliance test.
If anything does go wrong you’ll have no support from Microsoft.
Other software vendors support contracts may also require that you be on a currently supported database

Modernise and upgrade is one of the options that you have available.

You can upgrade your on premises SQL Server or migrate the databases to Azure either as IaaS solution where you run the VM in Azure or even the PaaS Azure SQL database offering

There are number of advantages to upgrading your data platform. You’ll be running your database workloads on an in support data platform, with a long support window. There will likely by new features in the latest and greatest version of SQL Server that you can use to add business value to your application – Availability Groups for example. Also you will likely find people with skills in the later technology, those skills will be more readily available in the jobs market.

There will likely be a different licensing model – the licensing model changed between SQL Server 2008 R2 and SQL Server 2012 – it possible you will have to pay more for you SQL Server licences.

The third option is instead of doing nothing you pay for a custom support agreement. The main advantage here is you can continue to get security updates and therefore potentially remaining compliant. The main disadvantage of this approach is the cost involved, which is typically 75% of the full license costs of the latest version of SQL Server and Windows Server.

Migrate workload to Azure. Microsoft allow SQL Server 2008 and SQL Server R2 VMs running in Azure to have the security updates for free for a further 3 years. So you can migrate your database server to azure and continue to get security updates for free until 2022.

The main advantage of this is you get to keep running the same version of the OS and Data platform, the security updates are free so the cost is minimal \. The disadvantages is you would need to move off premises, if this is not an option for you then you can’t exercise this option and there will still be work in involved in ‘lifting and shifting’ the VM to the cloud.

Whatever you do when support ends for SQL Server 2008 and SQL Server 2008 R2 have a plan

GDPR shows its teeth -Marriot, British Airways bothto be fined heavily

July 11th, 2019

The U.K. data protection authority said it will serve hotel giant Marriott with a £99 million / $123 millionfine under EU GDPR laws for a data breach that exposed personal details of over 339 million guests. The incident concerns a 2014 data breach of hotel company Starwood, which was acquired by Marriott in 2016. The breach, however, wasn’t detected until November 2018.

Information Commissioner Elizabeth Denham said companies collecting personal data have a legal duty to protect them, and that ICO will not hesitate to take strong action if that doesn’t happen. “The GDPR makes it clear that organisations must be accountable for the personal data they hold, This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

The latest ICO fine came a day after UK airline British Airways was hit with an even larger penalty of £183 million ($229 million). The BA fine was the biggest ever issued by the ICO, and the first under the EU General Data Protection Regulation (GDPR) laws. The updated regulations, which went into effect last year, state that the ICO can seek a fine of up to 4 percent of a company’s worldwide annual revenue in the prior financial year. This marks a significant increase on the maximum fine of up to £500,000 it could levy under the UK‘s previous data protection guidelines.

The fines for BA and Marriott both represented 1.5% of their respective turnover, and the commission said both companies cooperated fully with their respective investigations.

Meanwhile, Facebook, Google and Apple remain under investigation by the Irish Data Protection Commission, which enforces the GDPR.Google could face a fine of up to $5 billion, and Facebook up to $2.2 billion, based on both companies’ annual revenue in 2018.
Earlier this year, the ICO indicated it would investigate Google over leaking of customer data from its advertising platform. Google has faced scrutiny and fines under the GDPR from France’s regulator, with a $57 million penalty levied in January for “lack of transparency” and valid consent controls for users, among other issues.

Facebook received modest penalties of $644,000 for the Cambridge Analytica scandal, in which users weren’t given proper notice that a survey was being used for political research and advertising. it is currently under investigation for a breach of usernames and passwords on its Facebook and Instagram platforms that could be far more costly.

The European Data Protection Board questioned how well Marriott had vetted and protected data when it acquired Starwood in a $13.6 billion deal that closed in 2016.The decisions used punitive language uncommon in the privacy enforcement arena, particularly in the U.S., where companies are traditionally treated as victims of cybercrime first, rather than perpetrators of data loss. In a statement, filed with the Securities and Exchange Commission by Marriott CEO Arne Sorenson said: “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database. ”

Integration as a Service – ask Synergy Software Systems, Dubai about Snap Logic

July 2nd, 2019

Why do companies like Adobe, AstraZeneca, Box, GameStop, OSN, Verizon, and Wendy’s choose SnapLogic?

They have a problem that many other companies are facing today. On one side, business managers rely more and more on SaaS applications and big data for daily tasks yet IT is responsible for integrating the applications. These business managers need daily access to accurate information but can’t always wait for IT. On the other side, IT is managing multiple projects, including integration requests and is working with far fewer resources. Requests can take weeks or even months to complete and business leaders can’t wait that long, so end up making decisions based on less than perfect data.

The Snaplogic Enterprise Integration Cloud comes with Iris Artificial Intelligence built in. Take away he complexity of dealing with multiple applications, big data, complex APIs, and IoT and abstract it into drag and drop components, all in one platform. SnapLogic’s Iris AI further democratizes the use of data by empowering users from all departments and teams to make data-driven decisions quickly and easily with higher accuracy. Business manager can now do their own analysis with minimal support from IT and make informed, data-backed decisions quickly.

IT people can spend less time building routine integrations and more time helping the business grow. SnapLogic is already helping many businesses with these challenges. GameStop reduced the amount of time it took to build integrations by 83%. Business processes cut across functions and applications. Transform business processes faster and stay focused on managing your business with data-driven insights rather than spend time on writing and maintaining code.

General Electric’s (now Suez Water) employees are 4 times more productive when it came to onboarding partners through its multiple systems.

AstraZeneca has more than 500 users around the world who are performing self-service integrations.

Box has connected 40 applications and is processing more than 15M transactions daily with only 1.5 full-time developers needed to support this volume.

Corporate performance management or Big data analytics from multiple, disparate corporate erp and finance systems, hybrid cloud and on premise integration, migrating to the cloud or to new software versions, IoT, T@A, EAM systems, WMS systems, Payroll systems, there are many integration challenges.

To support your digital transformation call us on 0097143365589

Excel vulnerable

July 1st, 2019

Security researchers uncovered a serious vulnerability in Microsoft Corp.’s Excel that exposes around 120 million users to attack. Mimecast Services Ltd., identified that the vulnerability relates to how Power Query, a feature in Excel that is able to pull data from other sources, can be abused. A hacker is able to use Power Query to dynamically launch a remote Dynamic Data Exchange attack into an Excel spreadsheet to actively control the payload. The vulnerability can be exploited to launch hard-to-detect attacks that combine several attack surfaces, embed malicious content in a separate data source and even load the content into the spreadsheet when it is opened to compromise the user’s machine.

In November 2017 Microsoft published an advisory that included workarounds, including recommending users disable the DDE feature where it is not needed in order to block external data connections. The same advisory did note, however, that users would have to click through a number of security prompts for malicious code to be installed. There is legitimate concern over the vulnerability as the feature is turned on by default. It’s unclear whether organizations are following Microsoft’s earlier advice, and it seems unlikely that many organizations have disabled it.

There are currently no known cases of the vulnerability being exploited in the wild, although that could change now its details have been published. Microsoft has not published a fix for the vulnerability nor has it indicated that it is working on one, but with 120 million users at risk and now widespread attention, we strongly recommend all Microsoft Excel customers implement the workarounds suggested by Microsoft.