Index Insider: Scope of Microsoft Exchange mass-hack becoming clear

Friday, March 12, 2021

Share: Print

Was this email forwarded to you? Sign up here to get the Index Insider every Friday.
 
Here’s what’s important in IT and business services this week:

  • Scope of Microsoft Exchange mass-hack becoming clear
  • Manufacturing managed services bounces back in Q4
  • Apple M1 chip is a game-changer for workplace services
  • Drobox, Box and Microsoft vie for enterprise file sync and share market
  • IBM NewCo announces new roles

CYBERSECURITY

The scope of the Microsoft Exchange mass-hack is becoming clear. And it’s massive. Krebs on Security is reporting at least 30,000 victims in the U.S. alone. A former national security official said, “We’re talking thousands of exchange servers compromised per hour, globally.”
 
What happened: A Chinese cyber espionage unit (dubbed Hafnium by Microsoft) exploited a vulnerability in multiple versions of Exchange Server. It installed a web shell backdoor to control compromised servers remotely and is actively siphoning email communications.
 
What’s being done: On March 2, Microsoft released emergency patches for Exchange Server 2013 through 2019. It also released a “defense in depth” exception patch for the no-longer-supported Exchange 2010. This means these vulnerabilities have been around for more than 10 years. On March 3, the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive requiring all federal civilian departments to apply the updates or “disconnect the products from their networks until updated with the Microsoft patch.”
 
Impact: The vulnerabilities are limited to on-premises versions of Exchange Server, not Microsoft’s cloud-based Office 365. However, because Microsoft has enabled organizations to run in “hybrid mode” for many years to provide a smoother on-ramp to the cloud, organizations that run 365 and have on-premises versions of Exchange are likely already compromised.
 
Among the targets in the U.S. are police departments, hospitals, credit unions and city and state governments. It also appears the vulnerability information was leaked and is now being exploited by at least 10 additional threat actors. There is serious concern that massive-scale ransomware attacks are next.
 
Our POV: As we discussed a couple weeks ago, application portfolio rationalization and modernization is becoming the new tip of the spear for IT sourcing decisions. This is not just about reducing technical debt to build products faster. Modernized systems running on large-scale, multi-tenant platforms can be orders of magnitude more secure and reliable than on-premises alternatives.


MANUFACTURING

 

Demand for consumer durable goods is surging, so much so that manufacturers can’t keep up with demand. The bullwhip effect is wreaking havoc with supply chains as manufacturers scramble to recover from COVID-induced factory wind downs a few months ago to unprecedented demand for everything from appliances to furniture to tools today.
 
As we discussed late last year, smart manufacturing initiatives were seeing strong growth prior to the pandemic. However, as the virus took hold, manufacturing divisions shut down and investments declined significantly worldwide, leading to a tepid 1.5 percent growth for the overall industry in 2020.
 
This may be starting to change. Broader market managed services annual contract value (ACV) bounced back in a big way in Q4 of last year, growing 163 percent sequentially over Q3 (see Data Watch). This growth correlates well with our POV from last year in which we indicated that we may see a stronger post-COVID recovery in manufacturing than anticipated.
 
We’re forecasting 7 percent growth for this sector in 2021 with choppy growth across subsectors. Auto manufacturers, for example, are likely to feel the impact of the semiconductor shortage for months or even years to come.


DATA WATCH

Quarterly ACV for managed services in the manufacturing sector rose 163% between Q3 and Q4 2020


INQUIRY SPOTLIGHT

 

Does the longer refresh cycle for a Mac justify a higher price? In general, yes. We have seen several examples of large enterprises rolling out Macs to their employees over the past several years. When a large retailer moved to MacOS, its software licensing costs went down by more than 30 percent. For another client in Europe soliciting workplace services bids, run costs for Macs were around 15 percent lower than those for Windows PCs due to better reliability from the Mac platform.
 
And these examples are prior to the release of Apple’s new M1 chip. The current low-end models equipped with M1 are seeing exceptionally high performance per watt for the cost compared with previous higher-end Macs. Battery performance has also improved. This should allow companies to buy cheaper models with similar performance and potentially higher productivity levels.
 
Also important is the fact that Apple now has its own mobile device management (MDM) solution in Fleetsmith, which it acquired last year. Before this, it relied on third-party MDM solutions to help enterprises manage devices – which was messy. All these factors should combine to drive down the total cost of ownership for Macs over the long run.
 
The M1 chip has benefits that have not yet been fully exploited. For example, Macs with the new chips will be able to run iOS mobile applications natively, which could reduce application development time as well as the pain of device-swapping. We’re also seeing clients use the M1 chip for human-machine interface development (primarily in the auto industry) because these devices can run the ARM code natively, making development faster.
 
That said, the change management component of introducing a new computing platform into a workplace can’t be overlooked. Employee demographics (read: age) will play a big role here. But don’t underestimate the knock-on effects that can amplify satisfaction with your future workplace. A well-known sports car manufacturer believes in this idea so much it keeps Macs in their original packaging to provide a corporate-sponsored “unboxing experience.”


M&A

  • Dropbox acquires DocSend: Enterprise file sync and share leader expands into document tracking and workflow; EFSS market consolidates around Dropbox, Box and MSFT. Link
  • Globant buys CloudShift: Luxembourg-based product engineering firm extends into European Salesforce market. Link
  • Accenture acquires Future State, Cirrus and fable+: Three acquisitions over six weeks for its Talent & Organization / Human Potential practice. LinkLink and Link

NOTEWORTHY

  • IBM announces NewCo roles. Elly Keinan named Group President; Maria Bartolome to be CMO. Link
  • CompuCom malware incident. Customer services were impacted. Link
  • Equinix extends in France. First carrier-neutral data center in Nouvelle-Aquitaine region. Link
Share:

About the author

Stanton Jones

Stanton Jones

Stanton leads ISG's Index research, helping providers, investors and ISG clients make sense of the global IT services sector. Stanton’s weekly newsletter, the Index Insider, is read by thousands of market stakeholders each week. An ISG Digital Fellow, Stanton has been quoted in Fast Company, Forbes and CIO.com, and has appeared on national cable news.