The ITAM Roundup: 12/1/24
đ° News
Microsoft faces wide-ranging US antitrust probe
The U.S. Federal Trade Commission (FTC) has opened a broad antitrust investigation into Microsoft, focusing on its software licensing and cloud computing practices, including allegations of anti-competitive behavior in Azure. Competitors, including Amazon and Google, have criticized Microsoft for locking customers into its cloud service through punitive licensing terms, and the FTC is also examining Microsoft's role in the AI market. The future of the investigation is uncertain, as FTC leadership is expected to change under the incoming Trump administration, which may adopt a different approach to antitrust enforcement.
https://www.reuters.com/technology/microsoft-faces-wide-ranging-us-antitrust-probe-2024-11-27/
Microsoft preps big guns to shift Copilot software and PCs
Microsoft is investing heavily in AI, with $13 billion sunk into OpenAI and significant spending on data centers, but it faces challenges in getting immediate returns from its AI initiatives like Copilot. The company is focusing on the channelâ13,000 partnersâto drive adoption of its Copilot software and AI-enhanced PCs, but it has faced slow customer uptake due to unclear use cases and high prices for AI PCs. Despite enthusiasm among early users, broader deployment is slow, and investors remain skeptical, with AI's financial impact still uncertain.
Paul Kunert
AWS bends to Broadcom's will with VMware Cloud Foundation as-a-service
Amazon Web Services (AWS) has introduced the Amazon Elastic VMware Service (EVS), which allows customers to run Broadcom's VMware Cloud Foundation (VCF) private cloud stack in AWS's cloud. This service follows Broadcom's new licensing and pricing schemes for VCF, which offers bundled per-core subscriptions with support. While the service marks a win for Broadcom, AWS emphasizes the ability to modernize workloads by leveraging other native AWS capabilities, as VMware's Tanzu Kubernetes platform remains less popular among developers.
Simon Sharwood
IBM and AWS Accelerate Partnership to Scale Responsible Generative AI
IBM and AWS are deepening their partnership to help businesses adopt responsible AI by integrating IBMâs generative AI models with AWS services like Amazon SageMaker and Amazon Bedrock. Their collaboration includes new AI governance, security, and observability tools such as IBM watsonx.governance, IBM Guardium AI Security, and IBM Instana, which enhance transparency and operational efficiency. Additionally, IBMâs consulting services, combined with AWS Marketplace offerings, aim to provide customers with tailored solutions to accelerate AI adoption across various industries.
How CIOs are honing generative AI strategies
Two years after ChatGPT's public launch, CIOs are still navigating the complex landscape of generative AI, focusing on finding tangible business value from their investments. Many enterprises have reshaped their spending priorities, with a significant portion of IT budgets now directed towards AI, particularly OpenAI's offerings, despite some vendors overpromising and underdelivering. As organizations adjust to new regulatory requirements and evolving best practices, technology leaders are continuously adapting their strategies to mitigate risks and identify scalable use cases for AI.
Lindsey Wilkinson
US Finalizes $11B for Intel as Time Runs Out on Bidenâs Chip Plan
The U.S. is granting Intel nearly $11 billion through the Chips and Science Act to expand domestic semiconductor manufacturing as part of a broader effort to reduce reliance on Asian suppliers and bolster national security. The funding includes $7.86 billion for Intelâs core facilities and $3 billion for defense-related projects, with Intel expected to invest $90 billion of its own funds by the end of the decade. This initiative underscores the bipartisan urgency to build U.S. chipmaking capacity amid geopolitical tensions with China, although critics like Donald Trump argue for tariffs instead of direct subsidies.
Gerrit De Vynck
Cybersecurity Legislation Driving SBOMs
Cybersecurity legislation, including the U.S. Executive Order 14028, the EU Cyber Resilience Act, and the U.K.'s PSTI Act, is driving the adoption of Software Bill of Materials (SBOMs) to enhance transparency, manage vulnerabilities, and secure supply chains across software and hardware ecosystems. SBOMs, living repositories detailing software components, must be regularly updated, shared, and analyzed, with emerging tools and standards like CycloneDX and SPDX aiding their creation and distribution. While still evolving, SBOMs are essential for compliance, cybersecurity, and broader use cases like software licensing audits, especially in embedded systems and IoT devices.
https://www.eetimes.eu/cybersecurity-legislation-driving-sboms/
đ Tips
Common Reasons for Non-Compliance with SAP Licensing
Managing SAP licenses involves challenges like misassigned developer licenses, failure to conduct regular audits, and overlooking SAP policy updates, leading to compliance risks and increased costs. Hybrid environments and indirect access licensing add complexity, requiring careful documentation, specialized tools, and expertise to navigate effectively. Organizations can mitigate risks by conducting audits, staying informed about licensing changes, fostering collaboration between IT and procurement, and maintaining a centralized license management system.
Fredrik Filipsson
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?
An IT professional passionate about green IT is frustrated as sustainability projects are sidelined in favor of short-term operational needs at their company. To advocate for green IT, they are advised to frame their arguments around cost savings and efficiency, using data to show the financial benefits of sustainability. By sharing their findings through appropriate channels and aligning their message with leadership priorities, they can increase the likelihood of their concerns being addressed while deciding whether to stay in a company that may not align with their values in the long term.
Danielle Meinert
Security-FinOps collaboration can reap hidden cloud benefits: 11 tips
Collaboration between FinOps and security teams can unlock hidden synergies in managing cloud costs and security, despite traditional silos and differences in tooling and processes. Key strategies include integrating reporting, monitoring tools, and automation, standardizing tagging and terminology, and fostering cross-training and shared goals through a cross-functional Cloud Center of Excellence (CoE). Executive sponsorship is essential to drive culture change and ensure these teams align on data and priorities, ultimately balancing cloud costs with robust security measures for greater enterprise efficiency.
Hardware Refresh: What is it And When to do it?
A hardware refresh is the process of replacing outdated IT devices with newer systems to maintain efficiency, security, and productivity, supported by a structured hardware refresh cycle. This cycle involves stages like assessment, procurement, deployment, decommissioning, and ongoing monitoring to align with business goals and minimize disruptions. Regular refreshes, tailored to specific equipment lifecycles, help organizations future-proof their infrastructure, reduce downtime, and stay competitive in a technology-driven world.
Ignacio Graglia
Navigating Microsoftâs new licensing changes: What ITAM professionals need to know
Microsoft is introducing significant licensing changes starting January 2025, including the transition from Enterprise Agreements (EA) to Microsoft Customer Agreements for Enterprise (MCA-E) and new pricing structures for Microsoft 365 products. These changes emphasize AI advancements, flexible billing options, and increased partner incentives, particularly for small and medium-sized customers, with adjustments like a 5% price increase on monthly licenses and AI-focused discounts. Flexera offers tools to help organizations navigate these shifts effectively, ensuring compliance, cost optimization, and strategic alignment with Microsoftâs evolving model.
Phil Perfetti
Practical Protection: Getting Ready for MFA Enforcement in Microsoft 365
Starting February 2025, Microsoft will enforce multi-factor authentication (MFA) for all access to the Microsoft 365 admin center, requiring accounts to have at least one authentication method set. This change aims to combat credential theft and other security breaches, with non-compliant accounts losing administrative functionality and user-facing features like downloading Office 365. To prepare, administrators should configure MFA, preferably through conditional access policies, and ensure break-glass accounts adopt secure authentication methods, as postponements will be limited.
Paul Robichaux
Meeting DORA and NIS2 Requirements: An Integrated Solution for Compliance
The Digital Operational Resilience Act (DORA) and Network and Information Systems Directive (NIS2) set strict cybersecurity and operational resilience standards for organizations, with non-compliance leading to severe penalties. Many struggle to meet these requirements due to IT complexity and lack of visibility, but the integrated Valiantys-HYCU-Appfire-Lansweeper solution offers an end-to-end approach with tools for asset discovery, data protection, workflow automation, and IT service management. This solution not only simplifies compliance but also enhances operational efficiency and resilience, helping organizations proactively address risks and avoid legal or reputational damage.
Clemence Segaud
The Key to Visibility for ITOps and CloudOps Teams
ITOps and CloudOps teams face challenges with visibility, including data silos, alert fatigue, and fragmented tools, which hinder their ability to maintain system performance and security in increasingly complex environments. SolarWinds Observability offers a unified solution with real-time alerts, AI-driven insights, and comprehensive monitoring for both on-premises and cloud infrastructures, including AWS, Azure, and Kubernetes. This single-pane-of-glass approach improves collaboration, accelerates problem resolution, and optimizes resource management, empowering teams to meet operational demands effectively in hybrid environments.
Peter Di Stefano
đBugs & Exploits
Hackers Update Tactics to Bypass Multifactor Authentication
Microsoft reports a 146% surge in adversary-in-the-middle (AiTM) attacks in its Digital Defense Report, highlighting how hackers increasingly bypass multifactor authentication (MFA) using phishing kits sold under the ONNX brand by a cybercrime group in Egypt. The rise of "quishing" (QR code phishing) now accounts for nearly 25% of phishing emails, exploiting unsuspecting users with fake login pages. Microsoftâs Digital Crime Unit is taking legal action against 240 fraudulent websites to disrupt the phishing-as-a-service supply chain and protect customers from escalating threats like financial fraud, data theft, and ransomware.
