The ITAM Roundup: 11/12/23

roundup Nov 12, 2023

📰

News

Microsoft extends Windows Server 2012 ESUs to October 2026

"You can now get three additional years of Extended Security Updates (ESUs) if you need more time to upgrade and modernize your Windows Server 2012, Windows Server R2, or Windows Embedded Server 2012 R2 on Azure," Microsoft said.

Flexera's 2023 Tech Spend Pulse:

The Flexera 2023 Tech Spend Pulse reveals that 90% of enterprises are challenged by vendor price hikes and inflation, affecting their technology budgets and investment priorities. There's a shift towards spend efficiency, with a move from on-premises to cloud-based services to ensure cost-effective growth. Investments in artificial intelligence (AI) and machine learning (ML) are increasing, with 44% of IT decision-makers expecting a slight increase and 32% a substantial increase in expenditure on these technologies.

Deep dive on "Kyndryl" - AKA the former IBM Global Technology Services:

IBM spun off its managed infrastructure services unit as Kyndryl to concentrate on AI and cloud services. Kyndryl, now independent, focuses on managing IT infrastructure for enterprises, offering services such as automation and hybrid infrastructure solutions. Despite a decline in revenue since its separation from IBM, Kyndryl is developing new services and forming strategic partnerships to tap into a growing market opportunity, particularly in areas like security and public cloud managed services.

📖

Tips

5 Benefits of OT and IT Integration:

Operational Technology (OT) is essential in industrial settings, managing and controlling physical assets. Its convergence with Information Technology (IT) into the Industrial Internet of Things (IIoT) is expected to see substantial growth, with the market projected to reach $280.66 billion by 2030. This integration, facilitated by IoT sensors and actuators, enables advanced monitoring and autonomous operation of industrial processes.

A guide to the Microsoft Customer Agreement (MCA):

MCAs, EAs, SCEs... WTF? License EQ has a great writeup of the Microsoft Customer Agreement and what it entails.

The Microsoft Customer Agreement (MCA) is a streamlined, digital contract for purchasing Microsoft's cloud products and services directly. It's evergreen, meaning it doesn't expire, and replaces previous agreements like MOSA and MPSA, offering a modular approach for customers to see only the terms relevant to their services. Benefits of the MCA include streamlined purchasing, flexibility in procurement sources, simplified billing, and automatic updates.

Pros & Cons for Bringing Your Own Key (BYOK) in the Cloud:

Bring Your Own Key (BYOK) is a security model where organizations generate and manage their own encryption keys for cloud services, aiming to enhance data protection and regulatory compliance. While BYOK offers increased control and supports data portability, it does not guarantee full control once keys are transferred to the cloud provider's environment.

🐛

Bugs & Exploits

The Confluence vulnerability is running wild:

A critical vulnerability in Atlassian’s Confluence server app, identified as CVE-2023-22518, is being actively exploited by attackers to install ransomware. The vulnerability allows for authentication bypass and can lead to significant data loss. Attacks have been observed where the attackers use this exploit to gain administrative access and move laterally within networks. Atlassian has urged customers to patch the vulnerability immediately, as it poses a serious risk to on-premises Confluence servers exposed to the internet.