Microsoft to security pros: J/k

Microsoft has begun undoing one of its biggest recent moves for improving the cybersecurity of its products and customers — though the company promises that it's only "temporary."

Visual Basic for Applications (VBA) macros in Microsoft Office applications have been exploited by cyberattackers to deliver malware for decades. In February, a measure to block those macros by default was widely applauded by security professionals.

• But many of those same security practitioners questioned Microsoft's decision this week to quietly reverse course on blocking Office macros.
• "The single most impactful change Microsoft could have made to radically improve a real world cybersecurity issue in their own back garden (that they directly profit from) was rolled back without even being communicated," well-known security professional Kevin Beaumont said on Twitter.

Microsoft said that “following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability,” according to a statement posted as an update to a previous blog post.

• “This is a temporary change, and we are fully committed to making the default change for all users,” Microsoft said in the update.
• The company said it will provide “additional details on timeline in the upcoming weeks.”
• Microsoft has been blocking VBA macros by default in five Office apps: the three most widely used apps — Word, PowerPoint and Excel — as well as Visio and Access.

Still, questions remain as to why Microsoft chose not to communicate the rollback prior to doing it.

• A comment from an admin on the Microsoft blog post suggests the rollback had taken effect at least as early as Wednesday.
• But Microsoft didn’t disclose it to administrators until Thursday, according to Bleeping Computer, which first reported the decision.
• Lots of companies use Office macros to automate parts of their business processes, and blocking those macros could have broken customer workflows.

• Malicious macros in Office documents account for nearly half of all malware delivery, according to previous estimates.

"Looks like Microsoft has blessed us all with more job security," security researcher Marcus Hutchins said on Twitter in response to the rollback.

— Kyle Alspach (email | twitter)

SPONSORED CONTENT FROM SAP

The competitive edge of digital solutions: For the last 50 years, SAP has worked closely with our customers to solve some of the world’s most intricate problems. We have also seen, and have been a part of, rapid accelerations in technology in response. Across industries, certain paths have emerged to help businesses manage the unexpected challenges over the last few years.

Read more from SAP

Sony AI ethics chief: Synthetic data = real problems

Synthetic data suppliers promise that the fake data they provide can reduce AI data privacy and bias concerns. But after testing synthetic data as a replacement for real images, Sony’s AI team isn’t convinced it’s ready for prime time.

“Based on our preliminary research, we have a lot of concerns about that direction, because the current state of synthetic data is not necessarily sufficient and can create additional fairness issues,” said Alice Xiang, senior research scientist at Sony AI and head of Sony Group’s AI Ethics Office in an interview this week.

Synthetic data companies including Datagen, Mindtech and Synthesis AI produce synthetic data used by big tech giants, automakers, gaming companies and mobile phone makers to build software, features in apps or systems used in vehicles.

But because synthetic data may rely on just a few original real images, it might not produce genuinely diverse fake data sets, Xiang said: “A lot of the synthetic images are basically extrapolations of a relatively small number of people. So even if a vendor says that they supposedly are globally diverse, maybe they only have scans of one person representing a billion people.”

Xiang said computer vision scientists should temper their excitement about synthetic data. “People will feel comfortable that they've resolved all of the privacy issues associated with real data, but they might create new issues around the fairness front by going straight to synthetic.”

Moar servers

Some interesting data points about cloud infrastructure spending and how data centers are being funded have emerged from new reports from IDC and Synergy Research Group.

IDC expects cloud infrastructure spending on compute and storage products to increase 22% to $90.2 billion this year from 2021 — the highest annual growth rate since 2018 — while non-cloud infrastructure spending is forecast to grow only 1.8% to $60.7 billion. But it’s not all good news: The growth will be fueled in part by inflationary pressure, expected higher prices for systems and second-half supply chain improvements, according to IDC.

Spending on shared cloud infrastructure, which includes public cloud services, jumped 15.7% year over year to $12.5 billion in the first quarter, and IDC forecasts that it will eclipse non-cloud infrastructure spending this year for the first time. Spending on dedicated cloud infrastructure rose 20.5% year over year to $5.9 billion, of which 47.8% was deployed on premises, according to IDC’s report.

Turning to data centers, private equity has been a driving force behind an increase in mergers and acquisitions (M&A) this year that likely will match 2021’s record-breaking 209 deals valued at more than $48 billion in aggregate, a 41% year-over-year increase, according to Synergy.

Eighty-seven data center-related M&A deals with a combined value of $24 billion closed in the first half of the year, and the bulk of another $18 billion in already-agreed-upon pipeline deals is expected to close by year’s end.

Private equity buyers are playing a much bigger role. Private equity accounted for 42% of the total M&A deal value from 2015 to 2018 and 65% from 2019 to 2021, but its share ballooned to more than 90% in the first half of this year.

“There is an ever-increasing demand for data center capacity, driven by rapidly growing cloud markets, aggressive expansion of hyperscale operator networks and continued growth of data-rich digital services,” John Dinsdale, Synergy’s chief analyst, said in a statement. “The trouble is that building and operating large fleets of data centers is highly capital-intensive. Even the biggest data center operators have had to seek external funding to allow them to meet growth targets while protecting their balance sheets. As the level of resulting M&A activity has shot through the roof, virtually all of the incremental investment has come from private equity.”

— Donna Goodison (email | twitter)

Around the enterprise

Rogers, Canada’s largest internet service provider, acknowledged a widespread outage Friday that took down banking and other key services for an extended period of time.

Tata Consultancy Services missed expectations for profit, sparking concern that enterprise technology spending could start to fall amid the threat of a recession.

Coupa gave employees an out-of-cycle pay raise as it copes with the fallout from the plunge in SaaS stocks this year, Protocol reported.

Oracle Chief Marketing Officer Ariel Kelman, a former AWS executive hired two years ago to lift Oracle’s fledgling cloud infrastructure business, is leaving the company, according to the Information.

SPONSORED CONTENT FROM SAP

The competitive edge of digital solutions: When companies invest in maintaining their “green ledger” with the same commitment they have to their financial ledgers, they will be able to connect their environmental, social, and financial data holistically so they can steer their business towards sustainability. At the end of the day, what gets measured, gets managed.

Read more from SAP