Archive for July, 2016
Inforum 2016- Interview with Charles Phillips
July 31st, 2016Azure SQL Data Warehouse
July 23rd, 2016Yesterday, Microsoft announced the general availability of Azure SQL Data Warehouse.
There are incompatibilities between the on-premises version and the cloud version, and new technologies like PolyBase which makes the move form on premise SQL less than trivial.
Redgate have released a new Data Platform Studio Azure SQL Data Warehouse to reduce the task to hours rather than days – Data Platform Studio is free to use for one-off migration.
Always Encrypted in Azure SQL Database – now available to all
July 23rd, 2016Always Encrypted in Azure SQL Database is Generally Available
Always Encrypted is a feature designed to ensure sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. With Always Encrypted enabled, a SQL client driver encrypts and decrypts sensitive data inside client applications or application servers, by using keys stored in a trusted key store, such as Azure Key Vault or Windows Certificate Store on a client machine. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database, cannot access the data.
•To ensure the data is protected from malicious cloud database admins, co-tenants, or/and malware in Azure SQL Database. Always Encrypted can guarantee full isolation of data from the cloud provider when client applications or middle tier services are hosted on premises, but even for all-Azure apps, Always Encrypted substantially reduces attack the surface area, by removing the database from it.
•To prevent the disclosure of sensitive data within customer’s organization. With Always Encrypted, DBAs, who do not have access to the keys, can administer the database without having access to sensitive data in plaintext.
see https://azure.microsoft.com/en-us/documentation/articles/sql-database-always-encrypted-azure-key-vault/ for more information and a tutorial
Microsoft wins Data privacy battle
July 23rd, 2016Tech giant Microsoft scored a major legal victory yesterday with a unanimous decision by an appeals court that ruled warrants issued by U.S. authorities do not extend to data stored in other countries. The ruling by the Second U.S. Circuit Court of Appeals was applauded by the vast majority of the tech industry, which had strongly supported Microsoft’s case against the government.
“The decision is important for three reasons: it ensures that people’s privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs,” Microsoft president and chief legal officer Brad Smith said in a statement about the decision.
Territorial Limitations
The case centered around a previous decision by the U.S. District Court for the Southern District of New York, which had ruled against Microsoft’s efforts to quash a warrant issued under the Stored Communications Act (SCA). The SCA is part of the broader Electronic Communications Privacy Act passed in 1986 designed to protect the privacy of users interacting with an electronic communications service provider.
The warrant directed Microsoft to seize and produce the contents of an email account that it maintained for a customer who used the company’s electronic communications services. The government stated that it believed the emails contained information about narcotics trafficking.
But the information the government requested was stored on servers in Ireland, and Microsoft refused to transfer the data to the U.S. In explaining its decision in favor of the company, the appeals court explained that “warrants traditionally carry territorial limitations: United States law enforcement officers may be directed by a court-issued warrant to seize items at locations in the United States and in United States-controlled areas . . . but their authority generally does not extend further.”
A Ruling for Privacy
The decision was hailed by technology companies, business groups, and privacy advocates. “This ruling is a major affirmation that the rights we enjoy in the physical world continue to apply in the digital world,” said Greg Nojeim, director of the Freedom, Security and Technology Project for the Center for Democracy and Technology. “By declaring that a U.S. warrant cannot reach communications content stored abroad, the court ruled strongly in favor of privacy and national rule of law.”
Amicus briefs supporting the company had been signed by the Chamber of Commerce, AT&T, Verizon, Apple, Cisco, and the National Association of Manufacturers. The Republic of Ireland also supported Microsoft’s case, arguing that the warrant represented an assault on the nation’s sovereignty.
While the decision is certainly a win for Microsoft, the government may yet appeal. The case could eventually end up before the U.S. Supreme Court. The U.S. is also likely to push for new laws requiring companies to store customer data within the U.S. if it decides it can’t legally compel organizations to surrender data stored overseas.
SQL updates July 2016
July 23rd, 2016The 13th cumulative update release for SQL Server 2012 SP2 is now available for download at the Microsoft Support site.
•CU#13 KB Article: https://support.microsoft.com/en-us/kb/3165266
•Understanding IncrementalServicingModel for SQL Server
•SQL Server Support Information: http://support.microsoft.com/ph/2855
•Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx
The 4th cumulative update release for SQL Server 2012 SP3 is now available for download at the Microsoft Support site.
•CU#4 KB Article: https://support.microsoft.com/en-us/kb/3165264
•Understanding Incremental Servicing Model for SQL Server
•SQL Server Support Information: http://support.microsoft.com/ph/2855
•Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx
SQL Server 2014 Service Pack 2 (SP2). This service pack is available on the Microsoft Download Center, MSDN, Eval Center, MBS/Partner Source and VLSC. SQL Server 2014 SP2 includes a rollup of released hotfixes as well as more than twenty improvements centered around performance, scalability and diagnostics . These improvements enable SQL Server 2014 to perform faster and scale out of the box on modern hardware design,
SQL Server 2014 SP2 now includes:
•All fixes and CUs for SQL 2014 released to date.
•Performance, scale and supportability improvements.
•New improvements based on connect feedback items filed by the SQL community.
•Improvements originally introduced in SQL 2012 SP3, after SQL 2014 SP1 was released.
see https://blogs.msdn.microsoft.com/sqlreleaseservices/sql-2014-service-pack-2-is-now-available/
Ransomware on the increase
July 21st, 2016We have helped several companies recover from ransomware attacks this year.
The business segment is becoming an increasingly attractive target for cipher-malware developers, Kaspersky Lab says in a new study. According to the report based on Kaspersky Security Network (KSN) data, the number of attacks against the corporate sector 2015-2016, compared with 2014-2015 has grown six fold (from 27,000 to 158,000). Thus, ransomware tried to encrypt the data of every tenth B2B user.
Cyber-criminals using ransomware now attack businesses frequently, particularly small and medium-sized companies. This trend is confirmed by the IT Security Risks 2016 study from Kaspersky Lab and B2B International, during which 42% of respondents from small and medium-sized businesses agreed that cryptomalware was one of the most serious threats they faced last year.
For s companies, any data unavailability – however brief – can lead to significant losses, or bring their entire operations to a halt. If a company has not been taking due measures to ensure the safety of its important information, purchasing the decryption key from cyber-criminals can be the only way to recover data.
However, this does not guarantee complete data recovery. The best way to protect your company from malware is to prevent the attack in the first place.
Kaspersky Lab experts recommend several simple safety rules:
-Make regular backup copies of all important files. Companies should have two backups: one in the cloud (for example Dropbox, Google Drive, etc.), and another on an additional server or on removable media if the data volume is not too big.
Synergy’s guide is the 3-2-1 rule
– 3 copies
– on at least 2 media
– 1 of which is held remotely i.e. offsite
1. Compromised servers selling for $6 in IT underground market
2. Kaspersky: 35% of people in UAE are likely to accidentally share confidential data
3. USB charging creates mobile security risk, says Kaspersky
Trust well-known and respectful service providers who invest into security. Usually you can find security recommendations on their web-sites, they publish 3rd part security audits on cloud infrastructure. Don’t assume cloud provider can’t have security, availability or data leakage problems. Raise a question what do you do if security provider losses your data. There should be transparent data backup and restore processes together with data protection and access control.
Avoid using only free security and anti-malware software: small businesses expect the basic security tools offered within free solutions to be sufficient. Free tools do provide basic protection, but they fail to provide multi-layered security support. Instead, take a look at dedicated solutions: they do not require a large financial outlay, but deliver a higher level of protection. Some ‘free tools’ may be provided by the hackers.
Regularly update your OS, browser, antivirus, and other applications. Criminals use vulnerabilities in most popular software to infect user’s devices.
Prevent IT emergencies – configure security solution for your company. Small businesses usually don’t have an IT department or full-time dedicated administrator, they simply rely on the techiest person in the office to take care of the computers, in addition to his regular duties. Don’t wait until something breaks, use IT support from an IT service provider to review your software and security configuration in advance.
“Crypto-malware is becoming more and more serious threat, not only an organization losses money for ransoms but business can be paralyzed during files recovery. There is wide attack vector including web, mail, software exploits, USB devices, and others. To avoid infection, you personnel should explain where attacks come from and that employees should not open email attachments, visit untrusted web resources or plug USB devices into unprotected computers. Anti-malware solution is an essential measure to avoid majority security incidents”, noted Konstantin Voronkov, Head of Endpoint Product Management Kaspersky Lab.
The Microsoft Dynamics Modern Store – Fashion Retail
July 21st, 2016Historically, Microsoft’s ERP product, Dynamics AX, had very little functionality focused in the retail space.During the annual Microsoft Convergence event in Atlanta 2011, this all changed and it became clear that Microsoft was becoming far more au fait with the retail industry, with brand new functionality being pushed with the release of AX2012. From the first release of AX2012 it was clear they had done some major modifications on the product, specifically focusing within retail.
The release of AX2012 R2 was a big turning point for the product. This is when the functionality was finally seen as truly valuable for retailers. It became compatible with scanners in store and for the first time retailers could see their full transactional history across all channels, including eCommerce and retail stores, in a single commerce run-time engine.
With the release of new functionality, big name retailers saw the real benefits Microsoft Dynamics AX could bring to their business and early adopters included Crew Clothing, Fortnum & Mason and Mole Valley Farmers.
It was with the release of AX2012 R3 in May 2013 that it became evident that Microsoft now has a deeper understanding of the industry, more types of payment systems were included with the realisation that there are many channels that customers use to purchase goods other than the web and till systems and this made it a much more viable platform.
AX2012 R3 also offers much better capability for handling the challenges of product lifecycle associated with the fashion industry. The large range of enhancements included functionality for customers to buy online and collect in-store, retail channel integration to allow more customer interaction and feedback and the ability to implement promotional discounts and coupons.
Now big name brands like Ted Baker and Hunter Boots are adopting the Microsoft solution. The next big challenge for Microsoft Dynamics AX is the breadth and depth of retail-specific functionality to match growing retailer demand brought on by the raising of consumer expectations.
Peter Ward, AX Retail Solution Architect at Microsoft suggested that they are addressing these challenges: “Today’s retailer needs to know its consumer and engage with them personally. They need to differentiate and offer a seamless, complete experience in an omni-channel environment. Microsoft Dynamics AX is focusing on today’s retailer demands to offer true omni-channel retail, innovative marketing and end-to-end customer care with advanced supply chain and financials – offering real-time, actionable insight across all channels of the business. Continued investment in global, deep industry SCM and Retail functionality, modern apps and private and public cloud make being part of the delivery team at Microsoft Dynamics AX very exciting and energizing”.
Sarah is a shopper in the Generation Y/Z demographic. She likes to be connected at all time, and opts in to share her location and to receive notifications. This video shows how Microsoft solutions based on Microsoft Dynamics help the retailer to engage their customer consistently, enjoyably, and profitably.
Products facilitating this scenario are: Microsoft Dynamics AX, Dynamics CRM, Dynamics Marketing, Dynamics Partner Solutions, Dynamics AX Modern Point of Sale, and Microsoft Social Engagement
BI4Dynamics Ax v5 – faster by far, and a new FA cube – ask Synergy Software Systems, Dubai
July 20th, 2016BI4Dynamics AX v5
At least 50-75% speed improvement
FRAMEWORK
1. Rewritten data warehouse facts for faster execution (50% improvement in processing time) and faster development (less code):
• New incremental update logic for facts (faster execution)
• Redesigned load procedures include views and work with temp tables (no temporary views) to load large tables which means (faster execution and less code).
• Create/drop constraints and indexes are managed automatically by framework (less code).
2. SSIS implementation option: when using SSIS option, stored procedures are automatically transformed and send to SSIS as packages for parallel execution. Another 50% improvement in processing time.
3. Filter staging tables: add column filter on staging tables to select only needed records.
4. Azure ready. BI4Dynamics AX can be installed in Azure environment.
CONTENT
• Added “Fixed Assets” cube
• Added “General Type” dimension to “Sales Invoice” and “Purchase Invoice” facts (Sales cube, Purchase cube).
• Added “Sales Opportunity” fact with related dimensions (Sales cube).
• Added attributes to “Project” dimension.
• Added attributes to “Document Sales Order” dimension.
• Added “Procurement Category” attribute to Item dimension
• Added “Invent WMS Location Code” attribute to “Location” dimension.
• Added “Charges” dimension to “Purchase Invoice” fact (Purchase cube).
• Added “Opening Balance” measure into “GL” fact (GL cube).
Contact us for a demo – let us show you how Power BI can further extend the reporting and analysis features.
The pre-built data warehouse with the extensive report packs is fast to implement and lets you create new reports and drilldown into data with minimal training.
Synergy Software Systems , Dubai : 009714 3365589
Qatar to implement data privacy law -watch out for the fines
July 20th, 2016Qatar’s Advisory (Shura) Council unanimously approved the draft of a landmark new data privacy law, requiring companies to increase their level of data security and protection against cyber threats. The law was originally drafted in 2011, but has recently gained importance in the wake of the alleged cyber attack on Qatar National Bank. During the attack, hackers gained access to the bank’s customer records and leaked them online in a massive 1.4 GB file. The file contained sensitive information on more than 1,200 individuals, including Al Jazeera journalists and members of Qatar’s ruling Al Thani family.
Creating a regulatory framework for cyber security has become an urgent priority to prevent similar attacks from occurring in the future. In the near future, these laws will place the burden and responsibility of protecting sensitive information on the leadership of every organisation in the country. Organisations that fail to comply with the new laws will face heavy fines of up to 1.37 million USD.
Qatar is not the first country in the GCC to implement such laws. Oman, for example, has been one of the most proactive countries in the GCC in terms of adopting legislation to help promote cyber security and protect the country’s virtual borders. Under the new law, companies are obliged to protect sensitive information from being leaked or hacked. Failure to do so could result in hefty fines (5 million QAR).
According to the Qatari Ministry for Transport and Communication, the new law seeks to create “established standards of data protection as determined by the state”. The third chapter of the law outlines basic data protection responsibilities will become mandatory for all organisations in the country. These responsibilities include properly training data handlers to detect and to mitigate cyber security threats, by using “the necessary precautions to prevent personal data against loss, damage or disclosure”.
Organisations will be required to ensure that their networks and systems are adequately protected. They will be expected to rely on effective, up-to-date cyber security measures, and test these measures on a regular basis. In Qatar CEOs may need to urgently look into authorising budgets for cyber security – to pay for technology rather than to pay fines.
Security ramblings
July 18th, 2016I ran across a piece last week that noted 10mm Android phones have malware that has rooted their operating system. For the most part this malware is designed to show ads and install apps. Mobile devices are becoming ubiquitous, for everyone. It’s not just technical people that now have access to internal systems from mobile systems as everyone from low level marketing people to high level executives is becoming comfortable with accessing information regularly, from anywhere, at any time. This means that our security is inherently weaker because we allow access and with BYOD spreading this problem looks to get worse before it gets better..
One of the constant challenges with the spread of data breaches is establishing what is indeed data hacked out of an organisation versus data from another source. Many recent cases where representations of a data breach were made turned out subsequently to be wrong. For example, the recent case where it was claimed that 272 million accounts had been stolen from Hotmail, Yahoo, Gmail and Mail.ru. The mail providers subsequently confirmed that this was not the case. Same again for recent claims that there were 32 million Twitter accounts on the loose. Twitter quickly debunked this and speculation that they were obtained via malware has never been substantiated.
The basics of security are still woefully weak. Many sites only allow you to create limited length passwords or to enter weak passwords such as pwrod123, or ******, etc. This implies they’re trying to fit the password into that varchar(10) column in the database thus implying no cryptographic storage, and it fundamentally weakens the choice of passwords available to the user. E.g. see the Etihad site, or KLM flying blue. Other airlines are equally lackadaisical and there many other security flaws easy to find. PayPal will also truncate long passwords but without telling you – so you might find yourself locked out because your entered password is too long
A recent data back up mantra I heard that is worth repeating is the 3-2-1 approach:
3 copies of data
on at least two media
one copy held remotely
.
