UK's NCSC warns of ‘wave of patches’

Copyright TechTarget - All rights reserved ComputerWeekly’s best articles of the day https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Tue, 05 May 2026 00:14:26 GMT https://www.computerweekly.com editor@computerweekly.com <p>Whether or not Anthropic’s Claude Mythos frontier AI model is going to be a game changer for <a href="https://www.techtarget.com/searchenterpriseai/news/366642478/Claude-Mythos-Preview-and-the-new-rules-of-cybersecurity" target="_blank" rel="noopener">software vulnerability discovery</a>, or whether it is a load of hot air, remains to be seen, but the broader subject is of gathering concern to the UK’s National Cyber Security Centre (NCSC), which has warned that a tsunami of costly and time-consuming technical issues is bearing down on all organisations.</p> <p><a href="https://www.ncsc.gov.uk/blogs/prepare-for-vulnerability-patch-wave" target="_blank" rel="noopener">Writing on the NCSC’s website</a>, the agency’s chief technology officer Ollie Whitehouse said the industry has prioritised short-term gains over building resilient products and services, and that with the advent of AI-driven vulnerability discovery, their chickens are about to come home to roost.</p> <p>“Artificial intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem,” wrote Whitehouse.</p> <p>“As a result, the NCSC expect[s] there will be a ‘forced correction’ to address this technical debt across all types of software, including open source, commercial, proprietary and software as a service.”</p> <p>Added Whitehouse: “This is why we are encouraging all organisations to prepare now for when a ‘patch wave’ arrives; a rush of software updates that will need to be applied across the technology stack to address the disclosure of new vulnerabilities.”</p> <p>Considering how chief information security officers (CISOs), security leaders and teams should respond to this sea-change, the NCSC has publicised guidance centred on three core pillars.</p> <section class="section main-article-chapter" data-menu-title="Prioritise external surfaces"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prioritise external surfaces</h2> <p>The first of these pillars is the prioritisation of external attack surfaces. Security teams should work to identify any attack surfaces that are exposed to the public internet as soon as possible. Teams should start with technology on the perimeter of the network, and then work their way inwards, via cloud instances, to on-prem environments.</p> <p>When vulnerabilities come to light, in instances where updates cannot be applied across the entire environment, security teams should prioritise external attack surfaces, and where capacity extends beyond external surfaces, they should lead with critical security systems.</p> <p>This said it is important to remember that patching by itself will not always be enough. There may – indeed there very probably is – still technical debt in end-of-life or legacy systems that can’t be patched. If these cannot be brought back within support then they need to be replaced.</p> </section> <section class="section main-article-chapter" data-menu-title="Prepare to patch faster and more regularly"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prepare to patch faster and more regularly </h2> <p>The second pillar concerns patch management. Here, organisations should plan to deploy vital software updates quicker, more often, and at scale, including within their supply chains. The NCSC said it is expecting an influx of updates to address flaws at varying levels of severity – many of them are likely to be critical.</p> <p>The agency recommends organisations priorities activating supplier-provided automatic, secure hot-patching features that don’t involve service disruption – this will have the pleasant side-effect of reducing the security team’s workload.</p> <p>But if automated patching is not available, security leaders will need to plan to ensure processes and risk appetites support frequent, scaled updates, accounting for the inevitable trade-offs around disruption. Risk-based approaches, such as the <a target="_blank" href="https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc" rel="noopener">Stakeholder Specific Vulnerability Categorisation (SSVC) system</a> can be used to prioritise installing the updates.</p> <p>Of course, this assumes that critical flaws aren’t under active exploitation – those that do present as zero-days, especially those affecting external-facing systems, will need to have their update schedules brought forward.</p> </section> <section class="section main-article-chapter" data-menu-title="Prioritise the basics"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prioritise the basics</h2> <p>The third and final pillar is to look beyond simply updating vulnerable software. Patching alone won’t address the systemic cyber security problems faced by the overwhelming majority of organisations.</p> <p>The NCSC renewed its appeal to technology firms to ensure systemic technical debt is minimised through memory safety and containment technologies where appropriate.</p> <p>At end-user organisations, CISOs should keep focus on the fundamentals of cyber security to improve their overall resilience and reduce the impact of breaches through whatever means they originate – whether that be through a vulnerable product or something else. Such an approach should include seeking <a href="https://www.ncsc.gov.uk/cyberessentials/overview" target="_blank" rel="noopener">Cyber Essentials</a> certification, or running  the <a href="https://www.ncsc.gov.uk/collection/cyber-assessment-framework" target="_blank" rel="noopener">Cyber Assessment Framework</a> for essential services operators.</p> <p>“[The] NCSC advise[s] all organisations, irrespective of size, to plan and prepare for the vulnerability patch wave. A good place to start is by reading the NCSC’s updated <a href="https://www.ncsc.gov.uk/collection/vulnerability-management" target="_blank" rel="noopener">Vulnerability Management guidance</a>,” said Whitehouse.</p> <p>“For larger organisations, we also recommend working to <a href="https://www.ncsc.gov.uk/collection/assess-supply-chain-cyber-security" target="_blank" rel="noopener">gain assurance from your supply chains</a> both commercial and open source, so that they are prepared to navigate any required response.”</p> <p>Lionel Litty, CISO at <a href="https://www.menlosecurity.com/" target="_blank" rel="noopener">Menlo Security</a>, said: “This is a timely update from the NCSC. It makes two important points: the external attack surface needs to be prioritised and we need to go beyond software updates and look at containment technologies to reduce the impact of breaches.</p> <p>“For the majority of users, the web browser is where most of the external attack surface exists. To make this more concrete: just last week, Mozilla announced that it fixed 271 vulnerabilities in the Firefox browser. These vulnerabilities were found using Claude Mythos, Anthropic's latest AI model. This is up from 22 vulnerabilities found by the previous iteration of Claude.</p> <p>“This highlights the need not only to ensure that your organisation can rapidly and comprehensively deploy browser updates, but also to fundamentally reduce the risk,” said Litty. “Technology such as remote browser isolation can move the attack surface off the user's endpoint, minimising the damage if a user is exposed before their browser is patched.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Anthropic's Claude Mythos model</h3> <ul class="default-list"> <li>During the annual CETaS showcase in London, experts discussed the potential cyber risk of tools <a href="https://www.computerweekly.com/news/366642508/Cyber-experts-take-an-optimistic-view-of-AI-powered-hacking" target="_blank" rel="noopener">such as Claude Mythos</a>.</li> <li>Technology secretary Liz Kendall urges Britain’s business community to sit up and pay attention to emerging AI threats, following the debut of <a href="https://www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government" target="_blank" rel="noopener">Anthropic’s new frontier model, Mythos.</a></li> <li>Letting probabilistic AI models autonomously operate inside production networks creates real safety and auditability issues, and that core security validation still needs deterministic guardrails. <a href="https://www.computerweekly.com/opinion/Anthropics-Mythos-raises-the-stakes-for-security-validation" target="_blank" rel="noopener">And Anthropic just raised the stakes</a>.</li> </ul> </div> </div> </section> Vulnerability discovery and mitigation continues to exercise the top minds at Britain’s NCSC as cyber experts continue to debate the impact of frontier AI models like Mythos. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/software-code-developer-adobe.jpeg https://www.computerweekly.com/news/366642625/UKs-NCSC-warns-of-wave-of-patches Mon, 04 May 2026 12:09:00 GMT UK's NCSC warns of ‘wave of patches’ <p>Cloud-native, or containerised, applications are now mainstream. As many as 82% of enterprises now have Kubernetes in production, according to the <a href="https://www.computerweekly.com/blog/Open-Source-Insider/CNCF-Kubernetes-now-de-facto-operating-system-for-AI">Cloud Native Computing Forum (CNCF)</a>. That is up from 66% in 2023. And a full 98% of organisations have at least some cloud-native applications, the industry body says.</p> <p>But moving applications to cloud-native environments does not just mean creating new code. It also means adapting infrastructure. Compute, networking and data storage all need to work with container environments. By no means can all systems do this out of the box, especially when it comes to on-premise hardware.</p> <p>At the same time, enterprise IT architects need to consider the requirements of legacy applications and virtual machines (VMs) that are not being updated.  And enterprises will want to make the most efficient use of their storage hardware, regardless of their application environments.</p> <p>Moving to containers means adapting a technology that was <a href="https://www.computerweekly.com/news/366633394/Container-storage-Five-key-things-you-need-to-know">not designed for persistent storage</a> to handle business-critical data. </p> <section class="section main-article-chapter" data-menu-title="Stateless states"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Stateless states</h2> <p>Containerised applications started out as stateless, or ephemeral. The designers never intended containers to hold persistent data. They expected that microservices or containerised applications would use no non-volatile storage and discard the contents of memory, and even their settings, once they had completed their tasks. </p> <p>Instead, containerised applications rely on an external data store, usually a database or cache. </p> <p>There are advantages to this approach. These include simpler deployment, easier scaling, fault tolerance and recovery, and application portability. But most business applications, if not the majority, need persistent data. </p> <p>“Most business applications require storage. In reality, unless you’re converting Fahrenheit to Celsius and back, you’re storing something somewhere,” says Dan Ciruli, vice-president and general manager for cloud native at Nutanix. </p> <p>And the need to work with persistent data is all the more important, as enterprises look to containers as an alternative to conventional virtual machines.</p> <p>But this means rethinking the way applications work. And it requires IT architects to update their storage systems to support modernised, cloud-native applications. This can be directly, where array manufacturers support containers, or through a control plane such as Nutanix or Everpure’s Portworx.</p> <p>Almost inevitably, changes are being driven by AI, as enterprises look to support its data-heavy workloads in modern, cloud-native environments. But there are other drivers, too, including a trend to move virtualised applications to containers and the need for cost controls.</p> <p>“Kubernetes might be over a decade old, but it’s continuing to evolve as AI transforms the way we handle data. Already, Kubernetes has moved beyond the days when it was built only for ephemeral, stateless applications,” says Michael Cade, global field chief technology officer at Veeam Software.</p> <p>“Today, stateful applications such as databases, machine learning pipelines and streaming systems are now being treated as first-class citizens [in containerised environments] and have been given the specialised tools they need to thrive.” </p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about persistent storage</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/Container-storage-in-the-AI-age-Block-vs-object-and-CSI-vs-container-native">Container storage in the AI age</a> – block vs object and CSI vs container-native: Key choices when it comes to providing storage for containerised applications and whether to choose block, file or object storage.</li> <li>Storage implications of a <a href="https://www.computerweekly.com/feature/Storage-implications-of-a-modern-IT-architecture">modern IT architecture</a>: One of the challenges when migrating older applications to a cloud-native, modern IT architecture is how to provide persistent storage.</li> </ul> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="Storage connections"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Storage connections</h2> <p>Connecting storage to Kubernetes, though, relies on support from both application developers and hardware suppliers. </p> <p>The main way to connect storage to container environments is through the <a href="https://www.techtarget.com/searchitoperations/tip/Manage-application-storage-with-Kubernetes-and-CSI-drivers">container storage interface (CSI)</a>. CSI needs to be supported directly by the storage provider, be that the hardware manufacturer, a cloud service, or a software-defined storage (SDS) supplier. </p> <p>As the CNCF’s Kubernetes page notes: “CSI was developed as a standard for exposing arbitrary block and file storage systems to containerised workloads on container orchestration systems like Kubernetes.” CSI allows third-party storage providers to write, and deploy, plug-ins for storage without changing the core Kubernetes code. </p> <p>SDS technologies, for their part, also use CSI drivers, but run on commodity hardware rather than dedicated storage arrays, as well as hyper-converged infrastructure. It also includes open source options, such as OpenEBS, Longhorn and Ceph. </p> <p>“Every environment needs a storage back end, with a CSI driver that connects it to Kubernetes. It’s up to the storage provider to provide the CSI driver,” says Nigel Poulton, an author and independent expert in Kubernetes and containers. </p> <p>“Most CSI drivers create at least one StorageClass that maps to a tier of storage and its capabilities. For example, a CSI driver might create a StorageClass called ‘fast-replicated’ that maps to high-speed flash storage automatically replication to a remote location. Any application using this class automatically gets that tier and set of capabilities,” he adds. </p> <p>This level of abstraction is highly useful for application developers, as they no longer have to worry about the physical capabilities of the storage system. That is handled by the CSI drivers. </p> <p>“The CSI drivers enable us to give access to storage from the containerised application, but [for firms to] still administer the storage the way they do the storage that’s running under their VMs,” says Nutanix’s Ciruli. “And that’s a big advantage.” He also sees customers installing Kubernetes on bare metal clusters. </p> <p>This also maintains separation between the Kubernetes workloads and the underlying storage hardware. On paper at least, enterprises can move their containerised applications to a different platform or supplier, or new storage hardware, without rewriting code and with minimal disruption. </p> <p>In practice, large-scale moves of Kubernetes applications between platforms are still relatively rare. Enterprises tend to develop applications to run on <a href="https://www.computerweekly.com/news/366627572/AWS-bolsters-security-tools-to-help-customers-manage-AI-risks">Amazon Web Services (AWS)</a>, Google Cloud Platform (GCP), Microsoft Azure, or <a href="https://www.computerweekly.com/news/366637421/Sovereign-and-edge-AI-drive-return-to-on-premise-Kubernetes">local hardware</a>, depending on their business requirements.  </p> <p>Application portability, supported by CSI, is a useful insurance, even if there are enough differences between platforms to suggest caution.</p> <p>“We really don’t need to become an expert in how EBS [Elastic Block Store] works versus Azure disk, or local SSD [solid-state drives] and how that works,” says Greg Muscarella, general manager for Portworx at Everpure. “If you have to manage those things, it becomes somewhat complex. Companies tend to focus on a single cloud environment.”</p> <p>Few organisations, he suggests, have code where they could “push a button and move it to a different cloud”, not least because of differences between storage architectures from both hardware suppliers and cloud providers. However, enterprises are moving more applications to <a href="https://www.techtarget.com/searchcloudcomputing/opinion/Decipher-the-true-meaning-of-cloud-native">cloud-native environments</a>. And this increasingly includes databases and applications that previously ran in conventional virtual machines.</p> </section> <section class="section main-article-chapter" data-menu-title="New platforms"> <h2 class="section-title"><i class="icon" data-icon="1"></i>New platforms </h2> <p>One of the most significant trends in application modernisation is to move both virtual machines and database-driven applications to containers. Cost, avoiding supplier lock-in and the need to consolidate on fewer platforms are all drivers. </p> <p>“The line between ‘containerised’ and ‘virtualised’ is blurring,” suggests Veeam’s Cade. “For a long time, containers and VMs were seen as two separate siloes. But as stateful applications have developed, and since VMs are essentially a typical stateful workload, we’re seeing a significant rise in businesses running them directly within Kubernetes using platforms such as Red Hat OpenShift Virtualization.” </p> <p>Poulton agrees. He sees more organisations moving virtualised workloads to containers, via tools such as KubeVirt. But, although organisations are porting over virtualised applications, and databases, IT architects need to be sure that all the application’s requirements are met by the storage layer. </p> <p>“Databases have much more demanding requirements, including ordered startup, replication, automated failover and backup,” he cautions. “The two biggest changes are ensuring a CSI driver exists for the storage system and potentially deploying an operator.” </p> <p>A Kubernetes operator provides details about a database’s specific requirements, and sometimes storage, too. Operator support is essential to allow databases to deliver enterprise workloads over Kubernetes. Again, the operator supports the modern application goal of separating the code from the storage array or cloud storage service. </p> <p>Percona, for example, provides operators for MySQL, PostgreSQL and MongoDB, as well as Everest. “The operators are basically the game changers,” says Kate Obiidykhata, the company’s general manager for cloud native. “They encode the human DBA knowledge into the software, and you have all those most important resilience components, backup, failover, replication and upgrades automated.”</p> <p>Operators, she adds, help enterprises to adopt hybrid architectures or multicloud strategies, allowing data portability without the need to rewrite applications. But workloads that operate on VMs will not automatically run on containers, she says. Firms will need to plan, and test, their deployments with care. </p> <p>“There are specific playbooks that you should apply and methodologies that are obviously different from the classic database setup on VMs,” says Obiidykhata. “But it’s all doable, and many companies are now running those databases on Kubernetes. They just have a different playbook to mitigate those issues.”</p> <p>Firms also need to factor in how they run their ported applications in production. Development, understandably, attracts much of the attention. But how systems run from “day two” onwards is critical. This includes storage provisioning and tiering, as well as backup, recovery and security.</p> <p>The CSI drivers take care of much of the hard work, but enterprises are likely to look to invest in new hardware, or even storage from suppliers focused on cloud-native environments, to ease the migration to containers.</p> <p>“This is usually by deploying new storage architectures, either via new storage products from existing vendors, but increasingly by engaging with new vendors,” says Poulton. Enterprises, he adds, might still be running older hardware systems, but they are unlikely to use them for Kubernetes. </p> </section> A detailed understanding of how containerised applications work with data storage is needed to migrate enterprise IT to a cloud-native architecture https://cdn.ttgtmedia.com/visuals/German/article/container-illustration-adobe.jpg https://www.computerweekly.com/feature/How-a-cloud-native-architecture-handles-persistent-storage Mon, 04 May 2026 04:00:00 GMT How a cloud-native architecture handles persistent storage <p>As countless case studies published on Computer Weekly have shown through the years, every minute and every penny that a Formula 1 team is spending on <a href="https://www.computerweekly.com/feature/How-Oracle-Red-Bull-Racing-is-driving-Formula-1-into-the-future-with-cloud-AI-and-data" target="_blank" rel="noopener">research, development and testing</a> is precious and only grudgingly wasted.</p> <p>In a cost-capped sport that is as much an engineering competition as it is one of driver skill, victory – whether in the drivers’ or constructors’ championships – often comes down to the finest of margins.</p> <p>This season, the world of F1 is also dealing with a once-in-a-decade overhaul of the sporting regulations that have essentially forced a ground-up redesign of its cars. For some, like <a href="https://www.computerweekly.com/news/366635192/Mercedes-AMG-Petronas-F1-revs-up-testing-with-augmented-reality" target="_blank" rel="noopener">Mercedes-AMG Petronas</a>, this has paid off big time. But for <a href="https://www.redbullracing.com/int-en" target="_blank" rel="noopener">Oracle Red Bull Racing</a>, the past few weeks have been rough ones.</p> <p>The team’s drivers, former world champ Max Verstappen and his new partner Isack Hadjar, may not have much to show for it as they head to Miami for the fourth round of the season, but at HQ in Milton Keynes, its engineers are working flat out and morale is good.</p> <p>When it comes to testing parts and components in its wind tunnel, a recent engagement with identity and access management specialist 1Password is paying dividends, with the team’s technicians now able to work much more efficiently.</p> <p>In a world like cyber security, success can be hard to quantify. Sometimes it can even be dangerous to say too much, lest you speak candidly and give a watching threat actor something to go on. But in this instance, Oracle Red Bull Racing can definitively state that after adopting <a href="https://1password.com/" target="_blank" rel="noopener">1Password</a>, it has slashed its wind tunnel recovery time from an hour to two minutes – that’s a cut of 97%  – during the test and development process.</p> <p>But why is that the statistic we’re running with? And how does identity and access management (IAM) technology apply to wind tunnels? It seems an unlikely link on the surface, but Matt Cadieux, team CIO, explains why it matters.</p> <p>“The guys who are developing and improving the tunnel and its software push boundaries. The models are bigger, the complexity is bigger, and sometimes when you’re running that load for the first time, the infrastructure is not capable enough,” says Cadieux. “Probably once a every few months we have an outage, and it’s largely due to pushing boundaries with our tools and methods.”</p> <section class="section main-article-chapter" data-menu-title="A challenging customer"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A challenging customer</h2> <p>Ian Brunton heads up software development at Oracle Red Bull Racing’s Aerodynamics team. He takes up the story.</p> <p>“The people I work with are essentially responsible for writing the software used across the teams of engineers that design the car. We plug into commercial <a href="https://www.techtarget.com/searcherp/podcast/Cloud-CAD-software-helps-usher-in-digital-manufacturing-era" target="_blank" rel="noopener">CAD</a> [Computer Aided Design] packages and tie them up to the <a href="https://www.sciencedirect.com/topics/materials-science/computational-fluid-dynamics" target="_blank" rel="noopener">CFD</a> [Computational Fluid Dynamics] estate so that we can iterate quickly in those early stages,” he says.</p> <p>“We also support the wind tunnel … We’re currently building a new wind tunnel here which is a significantly challenging project, but I think will pay a dividend in helping us build, ultimately, the fastest car on the planet.”</p> <p>Brunton describes his team as challenging customers when it comes to IT. He sets high standards and expectations, and by his own admission is harsh in their application. “We’re aiming to provide high uptime,” he says, “and the last thing we need is any system, regardless of what it is, not operating as it is expected to.”</p> <p>The need for uptime becomes even more important because the wind tunnel environment is a highly regulated one in terms of the number of hours the team is allowed to do testing, as well as the number of experiments that it can run.</p> <p>“We basically have an eight-week period in which we have to audit what we’ve done in that period, and we have a budget to use in that period,” says Brunton. “To some extent, the pressure is on – it’s almost worse in the wind tunnel than it is at the track … Generally, at the track, you have components that are well manufactured, you know they’re going to fit together and you have a limited number of options in which to configure and build the car.</p> <p>“But when you’re at the tunnel, it’s effectively an experiment in what we think is going to add performance. There might be parts that maybe don’t completely fit; engineers are discovering, as they’re going, how to design that part.</p> <p>“[With] the pressure that those guys are under to build the car in that timeframe, they can’t afford any downtime – [we don’t want to waste] time, or waste runs in terms of that experiment. Losing that budget is criminal in the sense that it has a direct impact on the performance of the car on the track.”</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> It’s about trying to optimise the amount of time that the people working at the tunnel can focus on just working at the tunnel </figure> <figcaption> <strong>Ian Brunton Oracle Red Bull Racing</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>From Brunton’s perspective, a failure in an inherently complex system – with close to 20 services running across multiple clusters using multiple <a href="https://kafka.apache.org/intro/" target="_blank" rel="noopener">Kafka topics</a> and different databases, that has caused the tunnel to shut down before completion, wasting time and slows development – is a big problem.</p> <p>“If something happens and the system needs to be reset, it relies on someone at the tunnel realising there’s a problem and getting on the phone to someone like me – and that can be in the middle of the night because the tunnel runs 24 hours a day – I’ve got to take the call, get onto my machine, figure out the problem and start bringing that system back online,” says Brunton.</p> <p>In essence, what 1Password enables him to do is to automate returning the systems to a known steady state, so that someone who is technical in terms of car design and engineering but may not know what Kubernetes is or what a SQL database does can effectively hit a big red button and get things moving again.</p> <p>With 1Password, service restoration is fully automated with <a href="https://www.techtarget.com/searchitoperations/definition/Ansible" target="_blank" rel="noopener">Ansible</a> and RunDeck, and a complete redeploy can be triggered in around two minutes with the playbook authenticating via a dedicated, rotatable token to retrieve the secrets it needs at runtime.</p> <p>“It’s about trying to optimise the amount of time that the people working at the tunnel can focus on just working at the tunnel,” says Brunton.</p> </section> <section class="section main-article-chapter" data-menu-title="ID control plane"> <h2 class="section-title"><i class="icon" data-icon="1"></i>ID control plane</h2> <p>But the engagement doesn’t begin and end with wind tunnel uptime; the efficiencies go much deeper.</p> <p>In moving its secrets into 1Password, Oracle Red Bull Racing has created a single, trusted control plane for credentials spanning <a href="https://www.techtarget.com/searchitoperations/tip/Strategies-for-Kubernetes-multi-cluster-management" target="_blank" rel="noopener">Kubernetes clusters</a>, environments, namespaces, factory, wind tunnel and simulation workloads.</p> <p>Developers now access shared vaults with clear ownership and repeatable patterns to make sure that they can retain predictable access during redeployments or workflow changes, while human and automation access are segregated into dedicated vaults with limited user access for critical Kubernetes workloads – this includes Aero clusters and Kubernetes deployments.</p> <p>The team is now using 1Password’s Kubernetes Operator, authenticated via 1Password Connect Server, to pull values from 1Password items and create Kubernetes secrets for workloads. If items change, the operator can update the secret and trigger a roll-out to allow workloads to pick up the new values.</p> <p>In Brunton’s Aerodynamics unit alone, for example, five vaults hold almost 100 entries for cluster credentials, SQL passwords, client secrets, access tokens and Windows Virtual Machine (VM) logins. Meanwhile, his colleagues in Vehicle Performance and Powertrains maintain more than 150 entries. Now that new deployments default to 1Password, the two teams can reduce the time they spend coordinating access, limit potentially dangerous ad hoc sharing, and understand what credentials are current when developers are in the process of modifying (or restoring) workloads.</p> <p>For simulation workflows, Oracle Red Bull Racing is using the 1Password command line interface (CLI) to retrieve SQL connection strings and <a href="https://www.techtarget.com/searchwindowsserver/tip/Test-conditional-access-with-Microsoft-Entra-ID-What-If-tool" target="_blank" rel="noopener">Microsoft Entra ID</a> credentials to access their needed services. Now that these secrets are centralised, they can replace plaintext credentials with secret references from a shared and governed source instead of having to embed secrets in code or configuration files – another risk.</p> <p>Since their applications now rely on secret references, this means users can safely change out their credentials and support both safer automation and earlier application programming interface (API) adoption. The results are improved fidelity and capability much earlier in the simulation process, when changes are much easier to manage – and more affordable – than doing it outside of simulation.</p> </section> <section class="section main-article-chapter" data-menu-title="Going trackside"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Going trackside</h2> <p>“We’re always trying to raise the bar with our cyber posture and credential management,” says Cadieux. “Everyone here is part of a team and tries to do the right thing – and if you tap someone on the shoulder, it usually corrects the behaviour quite quickly – so having early visibility and being able to nip problems in the bud with a simple tap is helpful.”</p> <p>Having standardised secrets and access across engineering, Oracle Red Bull Racing is now looking to take 1Password trackside. On a given race weekend, it runs multiple advanced Monte Carlo (<a href="https://en.wikipedia.org/wiki/Monte_Carlo_method">the mathematical model</a>, not the Grand Prix) simulations to evaluate different scenarios and support on-the-fly strategy decisions.</p> <p>It is now exploring the application of these same patterns to its Oracle Cloud Infrastructure (OCI)-based trackside systems – including credential and certificate management – through which it can achieve consistent automation at race-day pressure.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about technology in F1</h3> <ul class="default-list"> <li>Vistance Networks-owned communications technology provider becomes official networking partner of the TGR Haas F1 Team, delivering purpose‑driven, AI‑enhanced connectivity <a href="https://www.computerweekly.com/news/366637618/Ruckus-gears-up-for-networking-partnership-with-TGR-Haas-F1-Team" target="_blank" rel="noopener">across team headquarters, trackside operations and hospitality</a>.</li> <li>Mercedes-AMG Petronas switches from paper guides to incorporate AR designs into its workflow and see quickly how parts form car assemblies resulting in gains in team’s operations that add up to <a href="https://www.computerweekly.com/news/366635192/Mercedes-AMG-Petronas-F1-revs-up-testing-with-augmented-reality" target="_blank" rel="noopener">improved performance on the racetrack</a>.</li> <li>Learn how the technical teams behind Formula One are using Salesforce’s tools to enhance fan activation and engagement at 24 races across the world, and how they are bringing AI into play <a href="https://www.computerweekly.com/news/366616475/F1-heightens-fan-experiences-with-the-power-of-Salesforce" target="_blank" rel="noopener">with Agentforce capabilities</a>.</li> </ul> </div> </div> </section> Oracle Red Bull Racing massively improved the efficiency of its aerodynamics testing procedures after implementing new identity technology from 1Password. Learn more about this unlikely link https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/Oracle-Red-Bull-Racing-car-hero.jpg https://www.computerweekly.com/news/366642593/IAM-tools-help-Oracle-Red-Bull-Racing-keep-pace-with-strict-F1-regs Fri, 01 May 2026 11:54:00 GMT IAM tools help Oracle Red Bull Racing keep pace with strict F1 regulations <p>The annual showcase at the Centre for Emerging Technology and Security (CETaS) kicked off with a discussion on the implications of <a href="https://www.techtarget.com/searchenterpriseai/news/366642478/Claude-Mythos-Preview-and-the-new-rules-of-cybersecurity">Claude Mythos</a>. </p> <p>Opening the conference, Alexander (Sacha) Babuta, director of CETaS at the Alan Turing Institute, said that Anthropic’s latest frontier model, Claude Mythos Preview, demonstrates major improvements in mathematics, cyber security, software engineering and automated vulnerability detection.</p> <p>While the model can identify and autonomously exploit previously undiscovered vulnerabilities in real-world systems, he described an optimistic outlook of how Claude Mythos Preview could be used to secure enterprise IT. “Companies can use models like Anthropic Mythos to rapidly discover vulnerabilities in their own systems and patch them to strengthen digital security for everyone,” said Babuta. </p> <p>A <a href="https://cetas.turing.ac.uk/publications/cybercrime-vibercrime-assessing-generative-ai-adoption-criminal-underground#:~:text=In%20this%20article%2C%20we%20discuss%20the%20results,communities%20understand%20generative%20AI%20technologies%2C%20and%20their">study of the cyber crime community</a> between the release of ChatGPT in 2022 and the end of 2025 revealed that cyber crime forums played host to a number of “dark AI” products.</p> <p>These are claimed by their owners to be homegrown or extensively retrained and jailbroken large language models (LLMs) customised and tailored for cyber crime. But despite generating some early enthusiasm on the forums, these have made little impact to date, Ben Collier, senior lecturer at the University of Edinburgh, said in a presentation discussing the findings.</p> <p>When the researchers looked at enterprise-grade, legitimate products designed explicitly to turn a novice developer into a competent coder, they found many aspiring cyber criminals experimenting with tools like ChatGPT and Claude, which the researchers said “excitedly report back on their discoveries”. However, Collier noted that a deeper exploration of these discussions found that, in most cases, forum members lacked the basic technical skills needed to use AI tools effectively for committing cyber crime.</p> <p>“They’re using vibe coding tools for hobby projects, but particularly for the basic logistics of cyber crime operations,” he said. “Most of the coding involved in cyber crime isn’t hacking. It’s the same administration and basic engineering works that you’d need for any small startup, which means a lot of them don’t actually need to jailbreak Claude to get real utility out of it.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Claude Mythos</h3> <ul class="default-list"> <li>UK financial regulators rush to assess risks of <a href="https://www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model">Anthropic AI model</a>: Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities.</li> <li>A tsunami of flaws: When <a href="https://www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide">frontier AI and Patch Tuesday</a> collide: Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. </li> </ul> </div> </div> <p>The pessimistic view is that as these tools evolve, they will be able to be used for sophisticated cyber attacks. Adam Beaumont, interim director at the AI Security Institute (ASI), discussed the pessimist view. Beaumont, the former chief AI officer at GCHQ, said the ASI recently demonstrated how a frontier AI model executed a 32-step cyber attack against a simulated corporate environment from initial reconnaissance through to full network takeover.</p> <p>“We estimate it would take a skilled human professional 20 hours’ worth of work, and this was the first time any model had done it, and weeks later, we tested a second model,” he said.</p> <p>Beaumont pointed out that the attack he described was not a model answering a question about hacking. “It was a system that hacked,” he said. “We still don’t fully know how to ensure these systems act as we intend, or how to guarantee they remain under meaningful human control as they grow more capable.”</p> <p>Beaumont called the ASI demonstration an “honest starting point”. “The uncertainty is real and the discomfort is appropriate,” he said.</p> <p>For Beaumont, it represents something that can be built up to enable government, industry and the research community to make decisions based on what these systems can actually do built on evidence.</p> During the annual CETaS showcase in London, experts discussed the potential cyber risk of tools such as Claude Mythos https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/cyber-security-laptop-adobe.jpeg https://www.computerweekly.com/news/366642508/Cyber-experts-take-an-optimistic-view-of-AI-powered-hacking Fri, 01 May 2026 05:30:00 GMT Cyber experts take an optimistic view of AI-powered hacking <p>Meta is continuing to invest aggressively to meet its <a href="https://www.computerweekly.com/news/366628070/Meta-prepares-for-gigawatt-datacentres-to-power-superintelligence">technology infrastructure requirements</a>, involving datacentre expansion and supply chain deals to secure components for future capacity. The company’s latest quarterly earnings filing shows Meta has embarked on a strategy to sign up for multi-year cloud contracts driving $107bn in contractual commitments for Q1 2026.</p> <p>For the quarter that ended in March 2026, Meta posted revenue of $56.3bn, a 33% increase from the same quarter in 2025.</p> <p>The company has forecast that its capital expenditures, including principal payments on finance leases, has increased by $10bn due to <a href="https://www.computerweekly.com/news/366637952/Metas-latest-results-show-diversification-of-datacentre-capacity-strategy">component price increases</a> and additional datacentre costs, putting CapEx in the range of $125bn to $145bn.</p> <p>Chief financial officer Susan Li said: “Our investments will support our training needs for future models, and most importantly, provide us with the inference capacity necessary to deliver personal and business agents to billions of people around the world, along with several other AI product experiences we’re developing.”</p> <p>Responding to a question during the earnings call about balancing model training versus product launches and the potential impact on Meta’s 2027 capital expenditure, CEO Mark Zuckerberg said the company is moving towards greater capabilities and scaling of AI models. “We have the research team, which is focused on scaling increasingly intelligent models with capabilities for the specific things that we’re focused on, which are business and personal agents,” he said.</p> <p>Beyond model development, Zuckerberg said: “We have our next set of more advanced models in training now. And that work will continue. I don’t think we’re going to be done with that anytime soon.”</p> <p>He emphasised the significance of Meta AI models in product development. “The product team is really unlocked to be able to build things on top of our models because we now have a very strong model,” said Zuckerberg.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more stories about Meta</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366640518/US-lawmakers-quiz-Meta-over-dangerous-facial-recognition-plans-for-smart-glasses">US lawmakers quiz Meta</a> over ‘dangerous’ facial recognition plans for smart glasses: Democratic senators warn that Meta’s plans to introduce facial recognition technology into smart glasses could lead to normalisation of mass surveillance and breach citizens’ rights.</li> <li>What CIOs need to know about <a href="https://www.techtarget.com/searchcio/feature/What-CIOs-need-to-know-about-Metas-proposed-CEO-AI-agent">Meta's proposed CEO AI agent</a>: Meta’s CEO AI agent prototype marks the rise of executive-level autonomous AI, opening governance, accountability, data access and compliance gaps CIOs must proactively address.</li> </ul> </div> </div> <p>When Li was asked how the company uses large language models in its ad business to direct adverts to users, she said: “The size and complexity would make them too cost-prohibitive.”</p> <p>Instead, Li said the way Meta uses <a href="https://www.techtarget.com/whatis/definition/large-language-model-LLM">large language models</a> is to transfer knowledge to smaller, more lightweight models. “The inference models are bound by strict latency requirements since they need to find the right ad within milliseconds, and that has, again, historically prevented us from meaningfully sizing up – to scale up their size and complexity,” she added.</p> <p>Li said Meta plans to tackle this scaling issue with the introduction of an adaptive ranking model later this year, using the model complexity of a trillion parameters. “We made advances in the model architecture and co-design the system with the underlying silicon, so it maintains the sub-second speed that is required to serve ads at scale,” she added.</p> <p>Commenting on Meta’s strategy, Forrester vice-president research director Mike Proulx said: “Meta’s future‑facing AI ambitions are being underwritten almost entirely by the company’s legacy business: advertising inside social media apps. There’s no material AI revenue yet.</p> <p>“The question is whether Meta’s core can continue to act as a cash cow while the company reduces headcount and diverts focus toward AI,” he said. “If Meta’s ad engine slows, the market’s margin for patience shrinks fast. Meta’s slight dip in daily active users is already beginning to raise eyebrows. Q2 will tell us if it’s really just a blip or the start of a trend.”</p> The owner of Facebook, WhatsApp and Instagram needs to monetise its AI research and development. Expect breakthroughs later this year, it says https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/LLM-language-models-adobe.jpg https://www.computerweekly.com/news/366642489/Meta-ramps-up-AI-spend-as-it-pushes-advanced-models Thu, 30 Apr 2026 09:45:00 GMT Meta ramps up AI spend as it pushes advanced models <p>Data privacy and hallucinations are the biggest risks to the financial services sector brought by artificial intelligence (AI), while half of global regulators are just catching up on the technology, according to a global study.</p> <p>The <a href="https://www.fii.international/news/report-ai-in-financial-services-2026">University of Cambridge’s Judge Business School study</a> found that 80% of regulators see data privacy and protection as a top risk, while 70% believe the same to be true for AI hallucinations and unreliable AI outputs.</p> <p>The UK Foreign, Commonwealth and Development Office, which supported the study, questioned 628 global finance organisations, including a roughly equal share of central banks, financial services businesses and tech suppliers.</p> <p>Operational resilience, model opacity and lack of explainability, loss of human oversight, adversarial AI-related cyber threats, and algorithmic bias and fairness were the next most serious risks, according to regulators.</p> <p>The Bank for International Settlements, the International Monetry Fund and the World Economic Forum, were also involved in the research, which was completed in collaboration with Financial Innovation for Impact.</p> <p>The research found that 80% of financial services firms are adopting AI to some level, with its use in software development the most mature, with 42% of respondents fully deployed and 33% in development.</p> <p>But the survey found that nearly half (48%) of the 130 regulatory authorities surveyed said they are “still in the ‘exploring’ stage for AI adoption or not engaged with AI at all”.</p> <p>Regulators are, however, “generally optimistic about AI’s role”, according to the study report, with 78% citing AI as “significant or transformative for supporting their objectives by 2030”.</p> <p>Almost a third (29%) rate AI as potentially transformative, with 49% expecting it to support financial inclusion, as compared to 12% that see it as challenging. Some 42% believe the technology will help fight financial crime, versus 18% that said it will make it more challenging.</p> <p>Bryan Zhang, executive director of the Cambridge Centre for Alternative Finance and executive chair of Financial Innovation for Impact, said the scale and pace of AI adoption in financial services is “genuinely remarkable”.</p> <p>“Four in five firms are already deploying AI at some level, agentic systems have crossed into the mainstream, and real productivity and profitability gains are being felt across the industry, although unevenly.”</p> <p>But he added: “Our data also reveals a sector navigating a very fluid and complex landscape, with fragmented views expressed by the industry, regulators and Al vendors on issues such as where accountability lies when things go wrong, and risks such as cyber vulnerabilities are compounding faster than they can be humanly overseen. The opportunity is enormous – and so is the responsibility to get the governance right and strengthen trust.”</p> <p>In January, a <a href="https://publications.parliament.uk/pa/cm5901/cmselect/cmtreasy/684/report.html">Treasury Committee report</a> said the UK public and the country’s finance system are “exposed to potential serious harm” because regulators in the financial sector are <a href="https://www.computerweekly.com/news/366637516/Financial-regulators-exposing-public-to-potential-serious-harm-due-to-AI-positions">“not doing enough” to manage risks</a> introduced by AI.</p> <p>The MPs reported that the risks come as a result of the positions adopted by the Bank of England and the Financial Conduct Authority (FCA), which the committee described as a “wait-and-see approach”.</p> <p>“The major public financial institutions, which are responsible for protecting consumers and maintaining stability in the UK economy, are not doing enough to manage the risks presented by the increased use of AI in the financial services sector,” said the committee of MPs. </p> <p>Meanwhile, senior leaders across financial services have warned of a critical gap in AI governance standards, according to research from AI compliance firm Zango. </p> <p>Timothy Clement-Jones, Liberal Democrat spokesperson for Science, Innovation and Technology in the House of Lords and co-chair of the All-Party Parliamentary Group on AI, wrote in the report: “What is immediately missing is the translation of high-level regulatory principles into day-to-day operational practice. We cannot simply wait for the aftermath of the first major AI-fuelled financial scandal to force us into action.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI regulation in banking</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366641563/UK-financial-regulators-rush-to-assess-risks-of-Anthropic-AI-model">Banks called in by regulators as latest artificial intelligence model identifies thousands of software vulnerabilities</a>.</li> <li><a href="https://www.computerweekly.com/news/366637579/UK-government-appoints-banking-tech-bosses-as-AI-champions">Appointment of artificial intelligence champions from banking sector comes as MPs make stern warning about AI risks in financial services</a>.</li> <li><a href="https://www.computerweekly.com/news/366641830/More-finance-firms-join-FCAs-AI-testing-initiative">Barclays, Experian and UBS are among the latest finance firms to join the Financial Conduct Authority’s AI testing initiative</a>.</li> </ul> </div> </div> University of Cambridge study reveals the risks facing the finance sector as it adopts artificial intelligence https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/AI-artificial-intelligence-virtual-mind-fotolia.jpg https://www.computerweekly.com/news/366642346/Global-study-reveals-biggest-risks-of-AI-in-finance-sector Thu, 30 Apr 2026 07:56:00 GMT Global study reveals biggest risks of AI in finance sector <p><i>Inside FDP is an exclusive series of articles written by the former deputy director of data engineering at NHS England, Tom Bartlett, who led the 150-person team that built the <a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">Federated Data Platform</a> (FDP), the <a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">controversial Palantir-supplied system</a> linking data across the health and care service. His insights into the challenges facing NHS data, and the solutions available to resolve them, make essential reading for anyone who wishes to understand what’s really happening with FDP in the NHS.</i></p> <p>Since I left NHS England in March I have been speaking publicly about the NHS Federated Data Platform (FDP). The response has been striking. Senior analysts, clinical leaders, healthtech founders and journalists keep asking variations of the same questions.</p> <p>Why is the <a href="https://www.computerweekly.com/news/366560657/Palantir-awarded-NHS-FDP-data-contract">software platform from Palantir</a> uniquely suited to this? What does FDP do that existing platforms cannot? Why can't the NHS – or a UK-based software company - just build one itself? Why aren't we using our existing investments? Is it really just an expensive data warehouse?</p> <p>And underneath all of them, the question that matters most - what problem is FDP actually trying to solve?</p> <p>The more I have these conversations, the more I realise that the answer has never been clearly stated in public.</p> <p>The programme's own communications have described FDP in terms of connecting vital health information across the NHS, helping staff deliver better care for patients and work more efficiently.</p> <p>Critics have focused on the supplier and its controversial reputation. Commentators have discussed the procurement.</p> <p>Almost nobody has named the underlying problem that the platform was designed to address, or the architectural vision that some of the most senior data leaders in NHS England have been working toward but have rarely articulated publicly.</p> <p>This series of articles is an attempt to fill that gap.</p> <p>The argument rests on a concept I call a "frontline-first" approach to data. The idea is not new. Elements of it exist in pockets across the NHS and in the thinking of people who have been working on this for years. But as a named concept with a clear definition, it has not been part of the public discourse. I think it should be.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> FDP is the first attempt to build the integrated foundation that the NHS has been accumulating workarounds in the absence of, for 30 years </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The series has five parts. This first post defines the problem. Part 2 defines the Frontline-First concept and what it looks like in practice, including how FDP delivers it. Part 3 describes the architectural choice that makes FDP structurally different - the ontology, object types, and actions. Part 4 explains why the Canonical Data Model is the most important asset in the programme. Part 5 addresses the objections I hear most often, including whether the NHS needs a single platform at all.</p> <section class="section main-article-chapter" data-menu-title="How we got here"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How we got here</h2> <p>The current NHS data architecture was not designed. It accumulated.</p> <p>When I started my first job in the NHS I worked at the Royal Cornwall Hospital in Treliske, in a massive warehouse office called the megashed. Elsewhere in the warehouse were thousands of paper patient notes, and if I looked out of the window at any time of day I would see porters carrying red waterproof satchels containing those notes between departments. Accessing a record was extremely slow and resource intensive. You literally had to go and get the paper from the warehouse.</p> <p>Electronic patient records (EPR) improved on this by making notes available at the click of a mouse. That was the primary purpose - replace paper. The analytical use case crept in slowly afterwards, driven by NHS initiatives like Referral to Treatment targets, Payment by Results, and the national targets originally linked to achievement of Foundation Trust status. Each new national requirement added another reason to extract data from the EPR, but the EPR was never designed to support this. Analytics was retrofitted onto a system built for a different purpose.</p> <p>Shared care records were a further retrofit. They allowed individual records held in one EPR to surface in view of a clinician working in a different organisation. This was the digital equivalent of the red waterproof satchel - one record, carried from one place to another. Useful, but still a point-to-point solution rather than an integrated system.</p> <p>At no point did anyone design an NHS-wide integration of all NHS data across all care settings, all organisations, and all use cases. The ambition to do so stunned me when I heard it for the first time, and I knew I had to be a part of it.</p> <p>That ambition is what FDP represents. It is not another retrofit. It is the first attempt to build the integrated foundation that the NHS has been accumulating workarounds in the absence of, for 30 years.</p> <p>Understanding this history matters because it explains how the following problems came to exist, and why they have persisted despite decades of investment in NHS data infrastructure.</p> </section> <section class="section main-article-chapter" data-menu-title="The problems that Frontline-First is designed to solve"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The problems that Frontline-First is designed to solve</h2> <p>The NHS has several interconnected data problems that have persisted for decades. They are well known individually but rarely discussed as a connected picture. Before explaining what Frontline-First means, it is worth naming them together, because the case for FDP only makes sense once you can see how they reinforce each other. FDP was designed to address all of these problems. But the argument for how it does so, which begins in Part 2 of this series, only lands if the problems are understood first.</p> <h3>The feedback gap</h3> <p>Every patient interaction generates structured records that are used directly in the clinical process and also flow upward through NHS Trust data warehouses, through national submissions, and into the analytical infrastructure the centre uses to monitor performance.</p> <p>A large proportion of what clinicians are asked to record, particularly items captured for national returns, performance metrics, coding for Payment by Results and secondary uses, gives them little in return that is locally useful.</p> <p>The data leaves the point of care and the person who recorded it never sees what happened to it. Often they are asked by a performance manager to correct a record for reasons that seem low priority to the clinician. The consequence is that when workloads are pressured, clinicians will not prioritise low-value recording. Where they see local value in recording well, they do - medication prescribing, for instance, where accuracy has immediate clinical consequences.</p> <p>But for items recorded primarily for downstream consumption, where the system gives no useful feedback, recording quality varies. The incentive to get it right is weak when the recording feels like an administrative overhead rather than a clinically useful act. This creates gaps and inconsistencies in the data that compound through every downstream use.</p> <h3>The shadow IT problem</h3> <p>Where formal systems fall short of the operational workflow a team actually follows, staff build something that does. Spreadsheets tracking waiting lists. Whiteboards in nurse stations. Word documents containing discharge proposals. Emails coordinating theatre schedules. Printed patient lists updated with biro on ward rounds. Daily phone calls from a ward coordination administrator to wards establishing bed state, recorded on a spreadsheet.</p> <p>This is not laziness or poor governance. It is staff putting in place a workable, efficient solution to a gap the formal system left. The work has to happen, the EPR does not support it, so the team builds a tool that does.</p> <p>Some years ago I did an audit at one Trust with the Caldicott Guardian – the person responsible for protecting patient confidentiality in health and care organisations - and we found over a thousand non-approved data sources of exactly this kind.</p> <p>No information governance official could eliminate shadow IT without bringing the clinical service that depends on it to a halt. Few individual items of shadow IT are prioritised for investment to promote it to a formal system.</p> <p>On the other side of the same gap, the clinical transformation team in IT who could change the EPR configuration to capture what the frontline actually needs are largely bypassed. Clinical teams would rather build a spreadsheet that fits their process now than wait months for a configuration change that may not match what they need. This is one reason shadow IT persists even in Trusts that have invested heavily in EPR.</p> <p>The consequence is that the real operational data - the data that reflects what is actually happening on the ward - stays locked in these local tools and never enters the formal data estate. It is not linkable to the data warehouse, to national submissions, to the research environment, or to any other Trust. Data becomes more valuable as it connects to other data. Shadow IT severs that connection at the source.</p> <h3>The inaccessible record</h3> <p>Some of the most clinically meaningful data in the NHS is recorded diligently inside the formal system but is functionally lost to everyone, including the team that recorded it.</p> <p>In one clinical team I observed, outcome scores in mental health from DIALOG (a set of questions where patients are asked to rate their satisfaction) were recorded as free text in generic progress note fields, buried in a mountain of clinical notes, never accessible to the Trust's data warehouse, difficult for the clinical team to resurface at the next multi-disciplinary team (MDT) meeting, and invisible to national returns like the Mental Health Services Data Set (MHSDS).</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Frontline users suffer detriment from problems that would be addressable if information was better integrated. Data recorded at the point of care is not enriched by data from elsewhere in the system before decisions are made </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Discharge letters from a mental health consultant to a GP contain clinical reasoning, risk assessments, medication rationale and follow-up intentions that are more clinically useful than anything in the structured record. But they sit as free text or PDF attachments, inaccessible to any downstream analytical process.</p> <p>The data exists. A clinician thought it mattered enough to write down. But because it was entered as narrative rather than structured data, it is invisible to every downstream process. This is not shadow IT. It is data that is technically inside the formal system but recorded in a form that no other part of the system can use.</p> <h3>The timeliness problem</h3> <p>Clinicians often do not record their data on formal systems in real time. I have seen queues in a care team's office for the only operational PC on a Friday afternoon. Occasionally, clinicians leave the queue to end their shift before they've had the chance to input their week.</p> <p>When data is sent up the line, national data lands months after the clinical event. By the time a metric is published, the Trust has already lived through the period and moved on. Changes to the scope of national collections take months or sometimes years to implement, so if a new clinical pathway emerges or a coding practice changes, or if a new question comes up, the national data model is still measuring the old world long after the frontline has moved on.</p> <p>Worse, national returns generally do not allow retrospective revision. Data quality issues discovered after submission, corrections, late entries, updated coding, are rarely corrected in the published datasets. When the clinician who went home on the Friday manages to get their data into the system the following week it is too late to be included in the national figures, because the data has already been sent. The month’s submission with the coding error becomes the permanent version used for planning, funding allocation and research. The error is baked in.</p> <h3>The integration gap</h3> <p>Frontline users suffer detriment from problems that would be addressable if information was better integrated. Data recorded at the point of care is not enriched by data from elsewhere in the system before decisions are made.</p> <p>The clinician makes the next decision based on what they personally know and what is in front of them, not on what the system knows. The A&E clinician does not see the mental health history. The consultant does not see how their outcomes compare to peers. The discharge coordinator does not see what community services have arranged. In every case, the problem is the same - data exists somewhere in the system that would improve the decision being made, but it does not reach the person making the decision at the time they need it.</p> <h3>Insights without context</h3> <p>When national or regional analysis does reach the frontline, it often arrives without the operational context that would make it accurate.</p> <p>NHS England's productivity tools send Trusts headline figures identifying financial opportunities based on national benchmarks. One Trust I am aware of received a figure of £89m. When the financial turnaround team started working through it, they found that £7.8m of an apparent £8m opportunity in women and children's health was clinical negligence insurance premiums, a cost the Trust has no ability to influence. The headline looked actionable. The reality required hours of decomposition by people with operational knowledge before anyone could distinguish genuine opportunity from noise.</p> <p>The analysis was produced centrally, without the context that would have filtered out the irrelevant before it reached the Trust. The frontline becomes a validation function for centrally produced insight, rather than a recipient of useful intelligence.</p> <h3>The technology barrier</h3> <p>Where clinical leadership teams have had embedded analysts - people who sit with the clinical team and understand the context - the work is far superior. These analysts contribute directly in the meeting rather than the service manager having to note the question, go back to the data team, wait for a response, and return two weeks later with a spreadsheet nobody has time to interpret.</p> <p>But even embedded analysts are tethered to the back office. They still have to return to the data warehouse and business intelligence (BI) stack to get their answers, because the technology sits behind them rather than in front of the clinical team.</p> <p>For this reason many Trusts centralise their analyst teams. The staffing model follows the technology architecture even if the outcomes are better with embedded analysts.</p> <h3>The invisible error</h3> <p>The data does not announce that it is wrong. The numbers look plausible. The dashboard is green. Nothing in the Integrated Care Board’s (ICB's) dataset or the national submission flags the coding quirk that double-counted three urology cases, or the rota model that was never updated after two consultants left.</p> <p>These problems do not show up as errors. They show up as slightly different numbers within the range of normal variation. An analyst at ICB or national level, querying data extracted weeks ago from a system they have never used, has no context for what the values mean operationally and no way to distinguish a genuine outlier from a local recording practice. The data is passing validation while being wrong in ways that only someone at the point of care would recognise.</p> <p>This is what makes the other problems so hard to fix - the people with the authority to invest in solutions cannot see the problems from where they sit.</p> </section> <section class="section main-article-chapter" data-menu-title="How these problems connect"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How these problems connect</h2> <p>These are not eight separate problems. They reinforce each other in ways that make each one harder to fix in isolation.</p> <p>Two things happen in parallel. Clinicians record inconsistently because the data they are asked to capture gives them little back. And staff build shadow IT because the formal systems do not support their workflows. Both have the same effect - the analytical layer works from an incomplete picture.</p> <p>Because the picture is incomplete and late, national and ICB-level decisions are based on data that does not reflect reality. Because nobody at those levels knows the data is wrong, no corrective signal flows back to the source.</p> <p>The damage to the reliability of data used for decisions does not stop at Trust level. At ICB level, commissioning decisions are based on data that is months old and semantically inconsistent across Trusts, because each Trust codes and submits differently.</p> <p>Population health management - the work of identifying at-risk patients before they become expensive acute admissions - is built on linked datasets assembled from extracts that arrived at different times with different definitions. The frail elderly patient known to community services, mental health and the GP may not appear as a single coherent person in the ICB's linked data because the linking is probabilistic and the extracts were taken on different days. The intervention that would have prevented the A&E attendance never happens.</p> <p>At national level, policy is made on data that does not reflect reality. Cohorts of patients to be shielded are incomplete. Elective recovery targets are set on Referral to Treatment data that is months old. Funding formulae that allocate resources to ICBs depend on activity data with enough coding variation across regions that some areas are systematically overfunded and others underfunded. National programmes launch without accurate baselines, so progress gets claimed or denied on numbers that do not reliably reflect what patients are experiencing. Research is slower than it should be because researchers spend months cleaning and validating data before they can begin analysis.</p> <p>All of this is downstream of the same root cause. If the data were right at source, because the clinician had the means and a reason to record it carefully, every downstream use would improve as a side effect.</p> <p>The ICB's linked dataset would be more reliable. The national submission would be more timely. The funding formula would be less distorted. The research would be faster.</p> <p>You do not fix commissioning data by building a better ICB warehouse. You fix it by giving the clinician a reason to record well at the point of care. Everything downstream follows.</p> <p>These problems are addressable. Not with better dashboards, not with another warehouse, and not by asking clinicians to try harder. The next article describes what a Frontline-First approach to data looks like, and why FDP is the first platform designed to deliver one.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about NHS data challenges</h3> <p><a href="https://www.computerweekly.com/feature/Electronic-health-records-are-still-creating-issues-for-patients">Electronic health records are still creating issues for patients</a> - Almost every NHS trust will have moved onto a digital system by this spring. Experts have cautioned many patients are still struggling to access their own health data.</p> <p><a href="https://www.computerweekly.com/news/366639993/Child-rapist-could-have-profiled-victims-through-unaudited-access-to-NHS-databases">Child rapist could have profiled victims through unaudited access to NHS databases</a> - NHS analyst’s conviction for child sexual abuse offences raises concerns over unaudited access to patient data.</p> <p><a href="https://www.computerweekly.com/news/366574914/Women-In-Data-panel-NHS-needs-to-get-data-basics-right-before-rushing-into-AI">NHS needs to get data basics right before rushing into AI</a> - During a panel discussion at a Women in Data event, speakers from across the public healthcare sector outlined the groundwork that has to be laid for artificial intelligence to take the NHS by storm.</p> <p><a href="https://www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data">NHS investigating how API flaw exposed patient data</a> - NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer.</p> <p><a href="https://www.computerweekly.com/news/366641178/NHS-digital-drive-hit-by-usability-gaps-despite-progress-national-survey-finds">NHS digital drive hit by usability gaps despite progress, national survey finds</a> - The shift from analogue to digital across the NHS is hindered by usability issues in electronic patient record (EPR), but the newly launched frontline productivity programme could be the answer.</p> </div> </div> </section> In the first of an exclusive series of articles by the former deputy director of data engineering at NHS England, we examine the real story behind the NHS's controversial Palantir software project, the Federated Data Platform https://cdn.ttgtmedia.com/visuals/German/article/healthcare-doctor-health-data-IoT-adobe.jpg https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data Thu, 30 Apr 2026 07:00:00 GMT Inside FDP – part 1: Understanding the problems facing NHS data <p>The <a href="https://www.techtarget.com/searchitoperations/news/366639980/Microsoft-365-E7-adds-AI-governance-prices-draw-critiques">Microsoft 365 E7 licensing model</a> was among the big focus areas during the earnings call for the company’s latest quarterly results.</p> <p>Microsoft reported revenue of $82.9bn, an increase of 18% over last year’s third-quarter results.</p> <p>Microsoft 365 Commercial cloud revenue increased 19%, and its Productivity and Business Processes business posted revenue of $35bn, an increase of 17% over the same period last year.</p> <p>While the headline figure is its growth in cloud revenue, the company is attempting to shift to a <a href="https://www.computerweekly.com/opinion/Welcome-to-agentic-AI-Welcome-to-per-agent-licensing">value-based software licensing</a> model, tied to a user-based licence base, with usage-based pricing to cover additional usage.</p> <p>This additional usage is positioned by Microsoft executives as a way to show that the greater use of the software is generating additional business value for the customer.</p> <p>The Microsoft 365 E7 licence becomes generally available on 1 May. The licensing model has been introduced to help fund the investments Microsoft is making to support artificial intelligence (AI) and the broader use of agentic AI across its product portfolio.</p> <p>The E7 plan bundles base usage rights into seat-based pricing. According to Microsoft, it offers customers a convenient way to purchase consumption packs tied to seats or agents. Beyond the base usage covered by the user licence, customers are charged on pure consumption-based pricing, tied to token usage and consumption.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about software licensing</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/podcast/Value-based-contracts-A-Computer-Weekly-Downtime-Upload-podcast">Value-based contracts</a>: We speak to Accenture partner, Prem Ananthakrishnan about the evolution of software licensing in the age of AI and agentic AI.</li> <li><a href="https://www.computerweekly.com/podcast/Software-Billing-gap-A-Computer-Weekly-Downtime-Upload-podcast">Software billing gap</a>: We speak to Griff Parry, CEO and co-founder of m3ter, about why billing based on consumption sometimes fails.</li> </ul> </div> </div> <p>Over the next three to five years, Microsoft’s mix of consumption versus traditional seat-based models will evolve. It anticipates that customers will increasingly adopt hybrid models like E7, balancing predictability with the flexibility of consumption-based pricing. It expects IT budgets to adapt to this new model, driven by business outcomes and the value derived from token usage.</p> <p>When asked about the shift in licensing, chief financial officer Amy Hood said: “As we go through using a model that’s been historically thought of as a per-seat business, suddenly, if you think about getting work done and being more productive, it’s thinking about being a seat or a worker plus an agent.”</p> <p>She described the shift as a “licence business plus a consumption business”. “It’ll still have that per-seat licence logic, but it’ll also have a meter, just like you see in Azure.”</p> <p>What this means for IT departments is that they will procure E7 licenses, but will also need to account for usage costs on top.</p> <p>CEO Satya Nadella said this model will be rolled out to all software that is licensed on a per-user basis. “Any per-user business of ours, whether it’s productivity, coding, security, will become a per-user and usage business,” he said.</p> <p>Given the intensity of usage the company has experienced, his response to the question on licensing changes implies that Microsoft needs to somehow fund investment in infrastructure. “Where are these dollars going to come from,” said Nadella. </p> <p>He argued that Microsoft business customers, who see their costs decrease or revenue increase as they <a href="https://www.techtarget.com/searchenterpriseai/feature/Businesses-gear-up-for-AI-agents-in-the-enterprise">roll out AI agents</a>, will drive greater usage. “It may not be, by the way, pure seat coverage-type of motions, like in the past,” said Nadella. “This is more about getting intense users and intense usage, and that’s what we’re focused on.”</p> While the headline figure is its cloud growth, the company is making big changes to software licensing https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/bills-debt-cost-of-living-crisis-RomoloTavani-adobe.jpg https://www.computerweekly.com/news/366642583/Microsoft-explains-value-of-E7-usage-based-pricing Thu, 30 Apr 2026 06:30:00 GMT Microsoft explains value of E7 usage-based pricing <p><a href="https://www.computerweekly.com/resources/Cloud-computing-services">Cloud service provider</a> revenues worldwide for the first quarter of 2026 were up by $35bn year-on-year (YoY) and reached $129bn, according to data from US-based datacentre and cloud market analysts <a href="https://www.srgresearch.com/">Synergy Research Group</a>, which takes into account the hyperscalers – Amazon Webs Services (AWS), Google Cloud and Microsoft – plus tier two providers that include artificial intelligence (AI-)focused neoclouds, as well as more general cloud providers.</p> <p>The market is accelerating quickly – possibly <a href="https://www.computerweekly.com/news/366638605/Gartner-AI-and-datacentre-spending-ramps">driven by AI deployments</a> – when comparing run rate with actual trailing 12-month revenues. Q1 2026 was the ninth successive quarter in which YoY growth increased, attaining 35%.</p> <p>According to the Synergy data, cloud service revenues have hit their highest growth rate since the fourth quarter of 2021, when the market was 40% of its current size. That swelling of revenues could be down to AI driving major changes in the cloud market.</p> <p><a href="https://www.computerweekly.com/feature/Breaking-the-stranglehold-Responses-to-data-sovereignty-risk">The hyperscalers maintain a strong lead</a> in the market, with Amazon in top position – however, Microsoft and Google achieved substantially higher growth rates, with their Q1 worldwide market shares 28%, 21% and 14% respectively. </p> <p>Among tier two cloud providers, those with the highest growth rates include CoreWeave, OpenAI, Oracle, Crusoe, Nebius, Anthropic and ByteDance. Based on cloud infrastructure service revenues, five <a href="https://www.computerweekly.com/feature/Weighing-up-the-enterprise-risks-of-neocloud-providers">neocloud companies</a> are now among the top 30 cloud providers.</p> <p>Synergy estimates that – with the majority of major cloud providers having now released earnings data for Q1 – quarterly cloud infrastructure service revenues were $128.6bn, with trailing 12-month revenues reaching $455bn. Those include IaaS, PaaS and hosted private cloud services.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.computerweekly.com/rms/computerweekly/SynergyResearchGroup-Q1-rev-GrowthRate.png"> <img data-src="https://www.computerweekly.com/rms/computerweekly/SynergyResearchGroup-Q1-rev-GrowthRate_mobile.png" class="lazy" data-srcset="https://www.computerweekly.com/rms/computerweekly/SynergyResearchGroup-Q1-rev-GrowthRate_mobile.png 960w,https://www.computerweekly.com/rms/computerweekly/SynergyResearchGroup-Q1-rev-GrowthRate.png 1280w" alt="Graph entitled 'Cloud infrastructure services market growth', showing cloud revenue ($ billion) with year-on-year growth rate, tracked against financial quarters from 2020 to 2026. The growth rate shows gradual growth since Q3 2023. " data-credit="Synergy Research Group" height="419" width="559"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>With historical – i.e. trailing 12-month revenues of $455bn – and a run rate of $514.4bn calculated from this year’s Q1, the $59.4bn difference shows how quickly the market is accelerating, equating to an acceleration delta of 13%.</p> <p>“The Q1 market is now fifteen times larger than it was a decade ago and continues to expand at 35% annually,” said John Dinsdale, chief analyst at Synergy Research Group. “Reaching a half-trillion-dollar run rate underscores the far-reaching impact of cloud computing and AI on the IT landscape.</p> <p>“Our forecasts point to sustained strong growth in the years ahead, with AI continuing to drive usage, unlock new use cases and boost cloud provider revenues. At the same time, the competitive landscape is evolving, with neoclouds playing an increasingly significant role and already accounting for 5% of the total cloud market and a substantially larger share of AI-focused segments.”</p> <section class="section main-article-chapter" data-menu-title="US fastest growing region"> <h2 class="section-title"><i class="icon" data-icon="1"></i>US fastest growing region</h2> <p>Public IaaS and PaaS services account for the bulk of the market, according to Synergy, and those grew by 38% in Q1. The leadership of the major cloud providers is even more pronounced in public cloud, where the top three account for 67% of the market. </p> <p>Geographically, the cloud market continues to grow strongly in all regions of the world. When measured in local currencies, the major countries with the strongest growth included India, Indonesia, Ireland, Taiwan, Thailand and Malaysia, where growth rates were all well above the worldwide average. </p> <p>The US remains by far the largest cloud market, with its scale far surpassing the whole APAC region. The US market grew by 37% in Q1. In Europe, the largest cloud markets are the UK and Germany, but the markets with the highest growth rates were Ireland, Norway and Poland.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the cloud market</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366636876/Global-cloud-infrastructure-spending-hits-1026bn-in-Q3-2025">Global cloud infrastructure spending hits $102.6bn in Q3 2025</a>. The cloud infrastructure market grew 25% year on year, driven by enterprises moving from AI experimentation to scaled deployment, according to research from Omdia. </li> <li><a href="https://www.computerweekly.com/opinion/Why-the-CMA-must-act-now-on-cloud-before-the-UK-loses-its-digital-future">Why the CMA must act now on cloud before the UK loses its digital future</a>. The UK competition watchdog is prevaricating over tackling the dominance of AWS and Microsoft in the cloud market – it needs to enforce change soon or UK businesses will suffer.</li> </ul> </div> </div> </section> Synergy Research figures put Q1 cloud revenues at $129bn. Meanwhile, AWS, Microsoft and Google have 63% of the world market, which shows an acceleration delta of 13% https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/performance-fotolia.jpg https://www.computerweekly.com/news/366642488/Cloud-revenues-up-35-YoY-in-a-hot-market-thats-accelerating Thu, 30 Apr 2026 06:20:00 GMT Cloud revenues up 35% YoY in a hot market that’s accelerating <p>A survey, commissioned and published by SolarWinds, reveals 71% of IT workers say artificial intelligence (AI) is making their jobs more demanding, leading to a worrying pattern of increased mental fatigue.</p> <p>Back in February, Francesco Bonacci – the CEO of AI agent-building company Cua – posted <a target="_blank" href="https://x.com/francedot/status/2017858253439345092" rel="noopener">an essay on X</a> about the effect of AI on his mental fatigue. “I end each day exhausted – not from the work itself, but from the managing of the work,” he wrote. “It’s not burnout in the traditional sense. It’s something weirder – a kind of cognitive overload masked as productivity.”</p> <p>In March 2026, the <a target="_blank" href="https://hbr.org/2026/03/when-using-ai-leads-to-brain-fry" rel="noopener"><em>Harvard Business Review</em></a> found a word for the workflow phenomenon: “AI brain-fry”. The study defined it as “mental fatigue from excessive use or oversight of AI tools beyond one’s cognitive capacity”.</p> <p>This brain-fry was made worse when employees had to directly monitor AI, and indicated a higher risk of quitting.</p> <p>Between added responsibility, trust issues and oversight, the study shows how AI brain-fry impacts IT workers. More than a thousand IT professionals across the UK, US and India answered <a href="https://www.computerweekly.com/news/252507279/The-Security-Interviews-How-SolarWinds-came-through-its-darkest-hour">SolarWinds</a>’ IT trends survey, <em>The human side of autonomous IT</em>.</p> <p>While two-thirds of respondents claim AI led to less manual work, such as figuring out root causes faster, only 19% said AI reduced their cognitive load.</p> <p>Instead, introducing AI into companies is creating more work for professionals.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the human and social impact of AI</h3> <ul class="default-list"> <li>How AI is <a href="https://www.computerweekly.com/feature/AI-drives-software-productivity-and-challenges-for-Motorway">increasing productivity – and challenges – for Motorway</a>.</li> <li>The UK government is <a href="https://www.computerweekly.com/news/366641842/UK-government-seeks-collaborators-for-AI-tutoring-tools-for-schools">seeking collaborators to bring AI into schools</a>.</li> <li>Why <a href="https://www.computerweekly.com/feature/Why-IT-leaders-need-to-consider-AIs-energy-footprint">IT leaders need to consider AI’s energy footprint</a>.</li> </ul> </div> </div> <p>As many as seven out of 10 IT staffers still have to check AI’s work, while four in 10 claim data privacy and security anxiety stops them from using tools effectively. Trust issues are prevalent in the field, with about half of those surveyed also concerned about a lack of “clear ownership or guardrails”.</p> <p>Alongside these challenges, IT professionals are being tasked with keeping updated on AI progress and educating co-workers on the tools.</p> <p>In Britain, only 17% of respondents hadn’t seen added friction or stress to their jobs because of AI, with two-fifths claiming their cognitive load increased.</p> <p>Over the past six years, IT teams have had to spend more time strategising, analysing their system data and performance, preventing issues, managing tools and platforms, coordinating across teams and responding to unplanned issues. Even those who believe IT will become primarily or mostly automated in the next few years still expect challenges in accuracy, employee training and higher work expectations without increased resources.</p> <p>The risks associated with AI are unevenly distributed within companies. Nearly half of C-suite executives say their IT teams are prepared for AI, but only 13% of technical contributors agree.</p> <p>“While the wider workforce is embracing a growing number of AI tools, IT is left to manage and secure them, as well as extract value from data that often lacks context,” said Cullen Childress, chief product officer at SolarWinds.</p> <p>He highlighted the “additional cognitive load” faced by IT workers. “Without proper planning, AI can introduce more risk through gaps in security and governance, while adding more fragmentation, reviews and sanity checks for teams that don’t have the capacity to absorb it,” said Childress.</p> As workflows adapt to a shifting technological landscape, IT professionals risk being overwhelmed by ‘AI brain-fry’ https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/IT-failure-downtime-error-stress-1-adobe.jpeg https://www.computerweekly.com/news/366642578/IT-workers-say-AI-is-making-their-jobs-more-demanding Wed, 29 Apr 2026 11:30:00 GMT IT workers say AI is making their jobs more demanding <p>The Public Accounts Committee (PAC) has called on the UK government to <a href="https://www.computerweekly.com/news/366640719/Bank-of-England-IT-project-offers-lessons-for-wider-government">learn from the Bank of England’s nine-year core system replacement project</a>.</p> <p>In a break from the norm, the PAC is making recommendations to the government following a hearing with the Bank of England, rather than to the central bank.</p> <p>MPs on the committee explained, during a hearing in March, that they were <a href="https://www.computerweekly.com/news/366640719/Bank-of-England-IT-project-offers-lessons-for-wider-government">not used to investigating successful government IT projects</a>. As a consequence, their recommendations are normally targeted at the government department being quizzed.</p> <p>During the PAC hearing, the UK central bank’s <a href="https://www.computerweekly.com/news/252457929/Bank-of-England-to-migrate-from-core-system-with-a-one-off-big-bang">nine-year IT transformation project</a> to replace its Real Time Gross Settlement (RTGS) system was likened to an archaeological discovery that could serve as a blueprint for future government IT initiatives.</p> <p>The PAC said its findings offered lessons in leadership, setting objectives and procurement, as well as good examples of early modernisations, adaptability and encouraging staff to openly raise concerns.</p> <p>“There is much that government can learn from the Bank of England’s successful modernisation of a critical part of the UK’s payment infrastructure,” said the PAC.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the Bank of England’s RTGS replacement</h3> <ul style="list-style-type: square;" class="default-list"> <li>Bank of England IT project success story offers <a href="https://www.computerweekly.com/news/366640719/Bank-of-England-IT-project-offers-lessons-for-wider-government">lessons for wider government digital projects</a></li> <li>The Bank of England has completed its <a href="https://www.computerweekly.com/news/366627942/The-Bank-of-Englands-quiet-Big-Bang">generational project</a> to replace part of the UK’s critical infrastructure.</li> <li>The National Audit Office says the Bank of England’s core system replacement project offers <a href="https://www.computerweekly.com/news/366636265/National-Audit-Office-praises-Bank-of-England-after-complex-mega-project">lessons to other government departments</a>.</li> <li>Bank of England’s <a href="https://www.computerweekly.com/news/366545493/Bank-of-Englands-project-to-replace-beating-heart-is-foundation-for-continuous-development">project to replace ‘beating heart’</a> is a foundation for continuous development</li> <li>Accenture will be <a href="https://www.computerweekly.com/news/252486914/Accenture-selected-for-key-role-in-Bank-of-England-core-settlement-system">technology delivery partner</a> in the project to replace the core system used to settle payments between banks.</li> <li>The Bank of England will migrate from its current core settlement system with a <a href="https://www.computerweekly.com/news/252457929/Bank-of-England-to-migrate-from-core-system-with-a-one-off-big-bang">‘big bang’ migration</a> before the end of 2025.</li> </ul> <ul type="square" class="default-list"></ul> </div> </div> <p>“Given the modernisation of this system represents an all-too-rare positive example of public sector digital transformation, the PAC is taking the unusual step in its report of making recommendations based on its findings for government, rather than the Bank of England, so that lessons can be learned from it.”</p> <p>The £431m RTGS project achieved value for money and demonstrated good digital transformation practice, according to the National Audit Office (NAO). The spending watchdog said the overall cost increased by 15% from the £375m budget, set in 2020.</p> <p>The RTGS system settles £800bn in payments a day, through systems including the Clearing House Automated Payments System (Chaps) and Bankers’ Automated Clearing Services (Bacs). It has been in use since 1996 and is a part of the UK’s critical national infrastructure that ensures money flows in the economy.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Our scrutiny over many years could give the public the impression that public sector digital reform and transformation is an endless litany of failure. Our report today demonstrates that success is possible </figure> <figcaption> <strong>Geoffrey Clifton-Brown, PAC</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Geoffrey Clifton-Brown MP, chair of the PAC, said:<b> </b>“For the government, we simply say: this is how you do it. Our scrutiny over many years could give the public the impression that public sector digital reform and transformation is an endless litany of failure. Our report today demonstrates to the government and the taxpayer that success is possible.”</p> <p>He added: “We have provided here for the government a guide informed by the bank’s success to avoid a repetition of the failures of the past.” Clifton-Brown cited, as an example of a failure, the handling of the <a href="https://www.computerweekly.com/opinion/NSIs-modernisation-programme-A-3bn-lesson-in-how-to-lose-public-trust">National Savings & Investments (NS&I) transformation programme</a>, which he said exposed taxpayers to unacceptable risk.</p> <p>As reported by Computer Weekly, during the PAC hearing looking at the Bank of England project, the bank’s deputy chair, Dave Ramsden, said the <a href="https://www.computerweekly.com/news/366639656/NSI-seeks-Bank-of-England-counsel-over-project-disaster">NS&I is closely engaging with the central bank’s CIO</a> as it seeks support to rectify its ongoing IT transformation disaster.</p> <p>The PAC said the government needs to work to learn these lessons. “For the Bank of England, it must make good on its plans for maintenance and further enhancement of this foundational system. Delivering long-term value from the RTGS depends on the [bank] sustaining and adapting the system as the payment landscape evolves.”</p> <hr> <ul class="default-list"> <li><em><a href="https://publications.parliament.uk/pa/cm5901/cmselect/cmpubacc/1732/report.html">Read the full PAC report into the Bank of England’s Real-Time Gross Settlement renewal programme here</a></em></li> </ul> Members of a parliamentary committee want the wider government to learn from success of Bank of England project https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/London-Westminster-Houses-of-Parliament-exflow-adobe.jpg https://www.computerweekly.com/news/366642486/MPs-call-on-UK-government-to-learn-from-central-banks-IT-project-success-story Wed, 29 Apr 2026 11:08:00 GMT MPs call on UK government to learn from central bank’s IT project success story <p>HSBC has collaborated with quantum middleware developer Haiqu and a team of academic researchers on an efficient way to run financial models on commercially available quantum computing hardware. The publication of joint research in <em><a href="https://journals.aps.org/prresearch/abstract/10.1103/yyvr-dtsb">Physical Review Research</a></em> discussed an approach to encoding real-world probability distributions into quantum circuits.</p> <p><a href="https://www.computerweekly.com/news/366623986/How-close-is-quantum-computing-to-commercial-reality">HSBC is among the financial institutes</a> looking at how to secure financial transactions as quantum computing evolves into commercially viable products, such as protecting financial systems using post quantum cryptography. Quantum computers also offer banks such as HSBC a way to run more powerful financial market simulations.</p> <p>The research team – which included experts from HSBC, Haiku, Czech Technical University, University of Zurich, the Akhiezer Institute for Theoretical Physics and Karazin Kharkiv National University in Ukraine, and Greece’s Athena Research Center – looked at Lévy distributions, which are used when modelling extreme variations of stock markets indexes worldwide.</p> <p>“By developing methods to efficiently work with Lévy distributions on a quantum computer, we pave the way for more precise modeling of market behaviours, particularly in capturing heavy tails, skewness and volatility clustering,” the researchers stated in the paper.</p> <p>According to Haiqu, while quantum computing can be used in derivative pricing, portfolio optimisation, fraud detection and machine learning, these applications need realistic financial distributions. This means data must first be loaded into a quantum computer. The process of encoding classical data into quantum states is widely recognised as a major bottleneck when implementing many quantum algorithms on hardware. The challenge is particularly relevant for applications such as financial risk modelling and simulation, where complex probability distributions must be loaded onto quantum devices.</p> <p>Haiqu said that the number of required quantum operations in conventional algorithms can scale exponentially with the number of qubits, making it a significant bottleneck on today’s noisy, depth-limited hardware. To address this problem, the company has developed compact quantum circuits with linear, rather than exponential, scaling.</p> <p>“One of the biggest practical barriers is getting realistic financial data onto today’s quantum hardware,” said Mykola Maksymenko, co-founder and CTO of Haiqu. “This work shows a scalable path around that barrier and helps move quantum finance workflows from theory toward execution.”</p> <p>The researcher uses matrix product state (MPS) methods to construct shallow quantum circuits that encode smooth functions, including probability distributions, directly into quantum states.</p> <p>Using a 25 qubit <a href="https://www.computerweekly.com/news/366625832/IBM-updates-path-to-fault-tolerant-quantum-computing">IBM quantum computer</a>, the research paper stated that accuracy of the machine was sufficient to pass quantitative statistical tests, even on current noisy quantum computing devices. “The results on distribution loading may have importance to various domains of financial risk analysis, risk management and decision-making that include series of financial data,” the researchers noted.</p> <p>They used a sampling-based workflow, running on 64-qubit hardware, which they said demonstrates the feasibility of their approach when running at larger scales. In the paper, they stated that similar behaviour was observed in simulations up to 156 qubits, which they claimed means the approach could extend to substantially larger problem sizes.</p> <p>“Preparing complex probability distributions efficiently is a key step in many quantum algorithms,” said <a href="https://www.computerweekly.com/news/366611375/HSBC-tests-post-quantum-VPN-tunnel-for-digital-ledgers">Philip Intallura</a>, group head of quantum technologies at HSBC. “This work shows how they can be implemented with much shallower quantum circuits, bringing practical applications such as financial risk modelling closer.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more quantum computing stories</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366640720/Interview-Researching-quantum-algorithms-for-todays-devices">Researching quantum algorithms</a> for today’s devices: The world of quantum computing is a noisy place, where error correction is needed to ensure quantum devices run correctly.</li> <li>European Union deep tech plan too late for <a href="https://www.computerweekly.com/news/366641257/European-Union-deep-tech-plan-too-late-for-quantum-champions-IQM-and-Pasqal">quantum champions</a> IQM and Pasqal: European quantum computing firms hurry to get US stock exchange listings so they can be predator not prey in a coming wave of consolidation.</li> </ul> </div> </div> Researchers have demonstrated that usable results for financial modelling are achievable even on current noisy quantum computers https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/ibm-qubit.jpg https://www.computerweekly.com/news/366642575/HSBC-collaborates-on-noisy-qubit-real-world-application Wed, 29 Apr 2026 08:17:00 GMT HSBC collaborates on noisy qubit real-world application <p>We understand many organisations are still in the early stages of <a href="https://www.techtarget.com/searcherp/feature/5-conditions-for-durable-enterprise-AI" target="_blank" rel="noopener">AI maturity</a>, focusing on governance and basic controls around new technologies. One of the biggest challenges in this journey is integrating automation and AI securely into existing enterprise systems. As AI-driven attack surfaces expand, identity becomes a foundational control for securing automation and, critically, for limiting blast radius when things go wrong. Mistakes will happen; the goal of modern identity design is to ensure the impact is contained and recoverable.</p> <p><a href="https://www.computerweekly.com/opinion/Is-AI-our-agent-or-are-our-governments-becoming-agents-for-AI" target="_blank" rel="noopener">The rapid rise of AI agents</a> is pushing identity controls away from a “bouncer at the door” analogy and toward continuous, context‑aware evaluation, throughout your systems and processes. Traditionally, once a user or service authenticated and received a token, that token could be replayed freely until expiry, sometimes for hours or days, without the platform rechecking whether anything important had changed about the subject's standing. This model no longer holds.</p> <p>AI is not just adding a new user type to <a href="https://www.techtarget.com/searchsecurity/tip/Best-practices-for-a-bulletproof-IAM-strategy" target="_blank" rel="noopener">identity and access management</a> (IAM), it is forcing organisations to redesign identity as a continuous control plane for humans, workloads, and agents alike.</p> <p>In a continuous evaluation model, a valid token is still necessary but not sufficient alone. When a token is presented, centrally defined policies should confirm that the subject and its context still meet all the requirements at that moment. These checks can include whether the identity is still active, it has been flagged as high risk, the IP or location has changed unexpectedly, whether device posture has degraded, or whether new threat intelligence suggests compromise. Evaluating these signals at the edge can significantly reduce the window of identity abuse. This approach applies equally to human users, machine workloads, and these emerging hybrid identities created by agentic AI acting either autonomously or on behalf of a user (human in the loop).</p> <p>To address this, enterprises need to treat users, machine workloads, and large language model (LLM)‑driven agents as first‑class identities, governed under a unified zero‑trust model. That means least privilege by default, short lived credentials, explicit delegation, and end‑to‑end auditability rather than allowing agents to become convenient but ungoverned circumventions around established controls.</p> <p>So, what does evolving world of identity look like in practice?</p> <p>Centralised identity remains the starting point, think your Entra tenant. The next step is edge verification and continuous validation throughout the lifetime of a session or workflow. This becomes especially important for long‑running agentic processes: if an agent runs a large task for hours, or continuously, what happens if the underlying account is locked, its risk posture changes, or its permissions should be reduced mid‑execution?</p> <p>Currently emerging concepts separates claims, authentication, authorisation, and ongoing assurance. We already see this pattern in federated standards. For non‑human identity, it means explicit workload identities instead of long lived static secrets. For authorisation, it means externalising fine‑grained policy from applications into policy‑as‑code, because classic <a href="https://www.techtarget.com/searchsecurity/definition/role-based-access-control-RBAC" target="_blank" rel="noopener">role-based access control</a> (RBAC) alone does not scale to modern Software-as-a-Service (SaaS) sprawl, complex resource graphs, and dynamic entitlements. Identity is treated as a living entity with continuously monitored “vital signs,” rather than a directory entry revisited only during periodic reviews.</p> <p>AI agents make this shift inevitable. When an agent acts, organisations need clear answers to fundamental questions: did the agent act autonomously, or was it instructed by a human? If a human initiated the action, is the agent operating with its own service identity or with explicitly delegated user permissions (on behalf of)? What happens when an agent holds broader permissions than the requesting user to complete a workflow, and how do you prevent that from becoming a persistent privilege escalation path?</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">The Computer Weekly Security Think Tank on AI identity</h3> <ul style="list-style-type: square;" class="default-list"> <li>Mike Gillespie, Advent IM: <a href="https://www.computerweekly.com/opinion/The-impact-of-AI-driven-ID-solutions-on-enterprise-environments" target="_blank" rel="noopener">AI-driven identity must exist in a robust compliance framework</a>.</li> <li>Ellie Hurst. Advent IM: <a href="https://www.computerweekly.com/opinion/Identity-and-AI-Questions-of-data-security-trust-and-control" target="_blank" rel="noopener">Identity and AI: Questions of data security, trust and control</a>.</li> <li>Ted Ernst, Gartner: <a href="https://www.computerweekly.com/opinion/Why-AI-is-forcing-a-reset-of-the-identity-stack" target="_blank" rel="noopener">Why AI is forcing a reset of the identity stack</a>.</li> </ul> </div> </div> <p>A cleaner architectural pattern is to treat the human user, the agent runtime, the downstream tool or application programming interface (API), and any delegated token as separate but linked identities <b>–</b> a chain of identity. The LLM itself is typically a component in that chain, not the final authority. This model allows organisations to express who initiated an action, what runtime executed it, what permissions were delegated, what resource the token was intended for, and whether access can be evaluated and revoked while any workflow is still running.</p> <p>In this model, RBAC still has a place, but it is no longer enough on its own. Modern authorisation increasingly relies on context, attributes, relationships, and external policy engines. Clear distinctions between delegation and impersonation ensure agents act with explicit, time‑bound authority rather than implicit trust.</p> <p>Ultimately, AI agents are pushing that turn in identity from a onetime checkpoint into a continuous control loop. This evolution aligns closely with zero‑trust principles and newer identity standards designed to propagate changes across users, workloads, devices, sessions, and applications in near real time. Organisations that adopt this model will be better positioned to scale AI safely, without sacrificing security, compliance, or user experience.</p> <p><em>Jacob Connell is AI and automation engineer at <a href="https://www.quorumcyber.com/" target="_blank" rel="noopener">Quorum Cyber.</a></em></p> The Computer Weekly Security Think Tank considers the intersection of AI and IAM. In this article, we look at the specific impacts of agentic AI on the security stack. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Security-Think-Tank-hero.jpg https://www.computerweekly.com/opinion/Why-AI-agents-are-triggering-a-rethink-of-enterprise-identity Tue, 28 Apr 2026 14:46:00 GMT Why AI agents are triggering a rethink of enterprise identity <p>The Court of Appeal has rejected the Post Office’s request for an extension to the time in which it must respond to an appeal against convictions made based on its Capture software.</p> <p>The Post Office’s request for a two-month extension before it delivers its formal response to the appeal of former subpostmaster Steve Marston was heavily criticised by campaigners and has now been rejected by the appeals court. But the Post Office could also appeal against this decision.</p> <p>According to Marston, as it stands, the deadline is 13 May, and if the Post Office does not appeal successfully, there will be a directions hearing on 20 May for three Capture-based cases.</p> <p>Marston told Computer Weekly: “I’m over the moon that the court is following this route rather than allowing the Post Office to further delay proceedings. I’m looking forward to getting the opportunity to be exonerated. We’ve waited for nearly 30 years, so we just want to get on with it now and get the chance to put this episode in our lives to an end.”</p> <p>The Post Office had not responded when this article was published.</p> <p>The Criminal Cases Review Commission (CCRC) referred Marston’s appeal to the Court of Appeal on 27 March. Marston, who was a subpostmaster in Bury, Lancashire, used the Post Office’s faulty Capture system to do his accounts. He was convicted in 1997 for theft and false accounting, following an unexplained shortfall of nearly £80,000. Marston said he had never had any problems using the paper-based accounting system, but that changed when his branch, which he ran from 1973, began using the Capture system.</p> <p>In October 2025, an appeal against the 1998 conviction of Patricia Owen, who died in 2003, was the <a href="https://www.computerweekly.com/news/366632837/CCRC-formally-sends-Post-Office-Capture-referral-to-Court-of-Appeal">first Capture case to be referred to the Court of Appeal</a>. She pleaded not guilty to the theft of £6,000, but was convicted and sentenced to six months’ imprisonment, suspended for two years, at Canterbury Crown Court.</p> <p>Another case has been referred since Marston’s.</p> <section class="section main-article-chapter" data-menu-title="More waiting"> <h2 class="section-title"><i class="icon" data-icon="1"></i>More waiting</h2> <p>There are currently about 30 prosecutions under review by the CCRC. Unlike convictions based on the Horizon system, which were overturned <i>en masse</i> through legislation, those based on Capture have to go through the CCRC.</p> <p>The Post Office said it was treating each appeal on a case-by-case basis.</p> <p>Capture, which predates Fujitsu’s Horizon system, was used in Post Office branches in the 1990s to replace paper-based accounting. As with the controversial Horizon system at the centre of the <a href="https://www.computerweekly.com/feature/Post-Office-Horizon-scandal-explained-everything-you-need-to-know">Post Office scandal</a>, which saw subpostmasters blamed for unexplained losses, some Capture users were prosecuted for financial crimes.</p> <p>The controversy over Capture <a href="https://www.computerweekly.com/news/366568092/MP-demands-answers-from-government-minister-over-second-faulty-Post-Office-IT-system">emerged in January 2024</a>, after ITV drama <i>Mr Bates vs the Post Office</i> told the stories of subpostmasters who had suffered at the hands of the Horizon system.</p> <p>In the same month, Kevan Jones, an MP at the time who now sits in the House of Lords, <a href="https://www.computerweekly.com/news/366568092/MP-demands-answers-from-government-minister-over-second-faulty-Post-Office-IT-system">highlighted evidence of injustices</a> triggered by Capture losses.</p> <p>This led to a campaign and, by December 2024, the government <a href="https://www.computerweekly.com/news/366617280/Government-promises-redress-and-justice-to-Post-Office-Capture-system-users">promised financial redress and justice</a> for subpostmasters affected by Capture problems. This followed an independent investigation by forensic experts at Kroll, which <a href="https://www.computerweekly.com/news/366612292/Investigation-finds-reasonable-likelihood-Post-Office-Capture-software-caused-accounting-losses">found there was a “reasonable likelihood”</a> the Post Office Capture software had caused accounting losses.</p> <p>Marston has been a central figure in the campaign for justice for former Capture users.</p> <p>The controversy over Capture is part of the <a href="https://www.computerweekly.com/feature/Post-Office-Horizon-scandal-explained-everything-you-need-to-know">Post Office scandal</a>, which Computer Weekly <a href="https://www.computerweekly.com/news/2240089230/Bankruptcy-prosecution-and-disrupted-livelihoods-Postmasters-tell-their-story">first exposed in 2009</a>, revealing the stories of seven subpostmasters and the problems they suffered as a result of the Horizon system.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Timeline of how Capture controversy has unravelled since Horizon scandal dramatisation</h3> <ul type="square" class="default-list"> <li>Jan 2024: <a href="https://www.computerweekly.com/news/366568092/MP-demands-answers-from-government-minister-over-second-faulty-Post-Office-IT-system">MP demands answers from government minister over second faulty Post Office IT system</a>.</li> <li>Feb 2024: <a href="https://www.computerweekly.com/news/366569712/More-than-1000-subpostmasters-could-have-used-second-faulty-Post-Office-system">More than 1,000 subpostmasters could have used second faulty Post Office system</a>.</li> <li>Feb 2024: <a href="https://www.computerweekly.com/news/366571394/Government-wont-rush-to-include-Post-Office-Capture-convictions-in-overturning-legislation">Government won’t rush to include Post Office Capture convictions in overturning legislation</a>.</li> <li>Feb 2024: <a href="https://www.computerweekly.com/news/366571653/Post-Office-CEOs-Capture-investigation-claims-questioned">Post Office CEO’s claim to be ‘working hard’ on Capture investigation in doubt</a>.</li> <li>Mar 2024: <a href="https://www.computerweekly.com/news/366573602/Controversial-Post-Office-Capture-software-was-completely-rewritten-in-1994">Controversial Post Office Capture software was completely rewritten in 1994</a>.</li> <li>Mar 2024: <a href="https://www.computerweekly.com/news/366575033/Post-Office-Capture-users-campaign-gathers-pace">Post Office Capture users’ campaign for justice gathers pace</a>.</li> <li>Apr 2024: <a href="https://www.computerweekly.com/news/366581895/Expert-investigating-Capture-system-refuses-to-meet-untrustworthy-Post-Office">Expert investigating Capture system refuses to meet ‘untrustworthy’ Post Office</a>.</li> <li>May 2024: <a href="https://www.computerweekly.com/news/366586399/Government-appoints-investigators-to-analyse-Post-Office-Capture-software-used-before-Horizon">Government appoints investigators to analyse Post Office Capture software used before Horizon</a>.</li> <li>May 2024: <a href="https://www.computerweekly.com/news/366586399/Government-appoints-investigators-to-analyse-Post-Office-Capture-software-used-before-Horizon">Mystery Post Office software developer revealed in 1995 Horizon project document</a>.</li> <li>June 2024: <a href="https://www.computerweekly.com/news/366588592/Post-Office-Capture-software-training-deficit-echoes-systemic-Horizon-problems">Post Office Capture software training deficit echoes systemic Horizon problems</a>.</li> <li>Sept 2024: <a href="https://www.computerweekly.com/news/366611858/More-parallels-between-Post-Office-Capture-and-Horizon-scandal-revealed">More parallels between Post Office Capture and Horizon scandal revealed</a>.</li> <li>Sept 2024: <a href="https://www.computerweekly.com/news/366612292/Investigation-finds-reasonable-likelihood-Post-Office-Capture-software-caused-accounting-losses">Investigation finds 'reasonable likelihood' Post Office Capture software caused accounting losses</a>.</li> <li>Oct 2024: <a href="file:///C:/Users/kflinders/Desktop/Working%20on/Late%20evidence%20in%20Post%20Office%20Capture%20investigation%20could%20not%20be%20reviewed">Late evidence in Post Office Capture investigation could not be reviewed</a>.</li> <li>Oct 2024: <a href="https://www.computerweekly.com/news/366614193/Late-evidence-review-doesnt-change-Post-office-Capture-system-report">Review of late evidence doesn’t change Post Office Capture system report</a>.</li> <li>Oct 2024: <a href="file:///C:/Users/kflinders/Desktop/Working%20on/Government%20%E2%80%98urged%E2%80%99%20to%20overturn%20all%20convictions%20based%20on%20Post%20Office%20Capture">Government ‘urged’ to overturn all convictions based on Post Office Capture</a>.</li> <li>Nov 2024: <a href="https://www.computerweekly.com/news/366616259/Convictions-of-Post-Office-Capture-system-users-to-be-reviewed-by-statutory-body">Convictions of Post Office Capture system users to be reviewed by statutory body</a>.</li> <li>Dec 2024: <a href="https://www.computerweekly.com/news/366617280/Government-promises-redress-and-justice-to-Post-Office-Capture-system-users">Government promises redress and justice to Post Office Capture users</a>.</li> <li>Jan 2025: <a href="https://www.computerweekly.com/news/366617800/Former-subpostmasters-invited-to-take-part-in-Post-Office-Capture-compensation-scheme-development">Former subpostmasters invited to take part in Post Office Capture compensation scheme development</a>.</li> <li>Feb 2025: <a href="https://www.computerweekly.com/news/366619235/CCRC-reviewing-17-Post-Office-convictions-with-potential-Capture-software-involvement">CCRC reviewing 17 Post Office convictions with potential Capture software involvement</a>.</li> <li>April 2025: <a href="https://www.computerweekly.com/news/366621800/Post-Office-Capture-and-ECCO-users-asked-to-make-contact-with-Scottish-statutory-body">Post Office Capture and Ecco+ users asked to make contact with Scottish statutory body</a>.</li> <li>July 2025: <a href="https://www.computerweekly.com/news/366627822/First-Post-Office-Capture-conviction-referred-to-Court-of-Appeal">First Post Office Capture conviction referred to Court of Appeal</a>.</li> <li>Sept 2025: <a href="https://www.computerweekly.com/news/366631595/Post-Office-Capture-appeals-slowed-by-poor-records">Post Office Capture appeals slowed by poor records</a>.</li> <li>Oct 2025: <a href="https://www.computerweekly.com/news/366632837/CCRC-formally-sends-Post-Office-Capture-referral-to-Court-of-Appeal">CCRC formally sends Post Office Capture referral to Court of Appeal</a>.</li> <li>Oct 2025: <a href="https://www.computerweekly.com/news/366633555/Government-awards-Post-Office-2m-contract-to-search-for-its-own-Capture-records">Government awards Post Office £2m contract to search for its own Capture records</a>.</li> <li>Oct 2025: <a href="https://www.computerweekly.com/news/366633678/Post-Office-Capture-redress-scheme-went-down-like-lead-balloon-and-is-discriminatory">Post Office Capture redress scheme ‘went down like lead balloon’ and is ‘discriminatory’</a>.</li> <li>Nov 2025: <a href="https://www.computerweekly.com/news/366634214/Unearthed-report-reveals-source-of-Post-Offices-tenuous-Capture-sales-pitch">Unearthed report reveals source of Post Office’s tenuous Capture sales pitch</a>.</li> <li>January 2026: <a href="https://www.computerweekly.com/news/366638232/History-repeats-itself-in-Post-Office-Capture-redress-scheme-with-low-ball-offers-made">History repeats itself in Post Office Capture redress scheme with low-ball offers made</a>.</li> <li>February 2026: <a href="https://www.computerweekly.com/news/366638847/Minister-responds-to-criticism-of-Post-Office-Capture-redress-scheme">Minister responds to criticism of Post Office Capture redress scheme</a>.</li> <li>March 2026: <a href="https://www.computerweekly.com/news/366639931/MP-report-calls-for-legislation-to-overturn-Post-Office-Capture-convictions?_gl=1*nijjqa*_ga*MTEwNzM2MTI5My4xNzQyODE4ODQ3*_ga_TQKE4GS5P9*czE3NzM5MTk2MTMkbzI5MyRnMSR0MTc3MzkyMDk0MSRqMiRsMCRoMA..">Report from MPs warns of unknown number of unsafe subpostmasters convictions based on multiple pre-Horizon systems</a>.</li> <li>March 2026: <a href="https://www.computerweekly.com/news/366640609/Second-Post-Office-Capture-conviction-referred-to-appeal-court">Second Post Office Capture conviction referred to appeal court</a>.</li> </ul> </div> </div> </section> Three convictions based on the Capture system have reached the Court of Appeal, which has rejected the Post Office’s request to delay its response, advancing long-awaited justice for affected subpostmasters https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Court-Appeal-Royal-UK-adobe.jpg https://www.computerweekly.com/news/366642366/Court-of-Appeal-rejects-Post-Office-Capture-case-delay-request Tue, 28 Apr 2026 12:33:00 GMT Court of Appeal rejects Post Office Capture case delay request <p>In a speech at the Royal United Services Institute, UK technology secretary <a href="https://www.computerweekly.com/news/366630328/Liz-Kendall-appointed-tech-secretary">Liz Kendall</a> discussed technological disruption and Britain’s role in the tech economy.</p> <p>“<a href="https://www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government">Technology is disrupting</a> our economies and societies in ways that were unimaginable a few years ago,” she said.</p> <p>Kendall referenced geopolitical rivalry, which she said was driving nation-state investments in technology. “Why has China poured billions into the semiconductor industry? To catch up. Why does the US invest billions in drones and autonomous warfare? To stay ahead,” she said.</p> <p>“When rival countries glimpse a new technology, they rush to build it first, so they lay claim to the future,” Kendall added.</p> <p>She urged policymakers and the UK tech sector to act now to cement Britain’s place in the new technological era.</p> <p>Drawing on her non-tech background, having studied history at university, Kendall spoke about how, in the past, a nation’s ability to pull ahead was determined by the size of its navy, which, as the news headlines over the past few weeks have claimed, is now largely depleted in the UK.</p> <p>“Today, the defining currency is AI,” she said. “And the countries which harness AI will not only lead the race to cure diseases, discover new materials and create trillion-dollar companies, but also build far more powerful militaries.” </p> <p>Kendall believes artificial intelligence (AI) is the engine of both economic power and “hard power”.</p> <p>“The future is coming at us fast – not in the next few decades, but the next few years,” she warned. With the speed of AI model development, Kendall projected that by the end of next year, AI will be able to complete in hours what would currently take software engineers weeks.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> For Britain, AI sovereignty is about reducing over-dependencies and increasing resilience in key national strategic priorities </figure> <figcaption> <strong>Liz Kendall, Department for Science, Innovation and Technology</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>In what appears to be a shift away from US-led tech, Kendall spoke about building sovereign AI capabilities in the UK. She stressed this is not about isolation or trying to build everything alone, but about ensuring Britain is indispensable in the technologies that will define the future – a keystone in the global AI architecture rather than a bystander to decisions taken elsewhere.</p> <p>“For Britain, AI sovereignty is about reducing over-dependencies and increasing resilience in key national strategic priorities. We secure greater control and greater leverage over the issues that matter most. And if you want true leverage for your country, you need to be a keystone in the global tech architecture – an indispensable partner,” she said.</p> <p>On 16 April, the government opened applications to the <a href="https://www.computerweekly.com/news/366641874/UKs-Sovereign-AI-supports-supercomputing-and-drug-discovery-AI-startups">Sovereign AI Fund,</a> which is offering grants of between £1m and £9m to fund the creation of strategic AI assets and is designed to help the UK’s most promising AI startups grow, scale and succeed in Britain. The programme is initially focusing on high-value AI datasets and autonomous or automated laboratory infrastructure.</p> <p>The <a href="https://www.find-government-grants.service.gov.uk/grants/sovereign-ai-strategic-assets-grants-programme-1#eligibility">UK’s Sovereign AI</a> focus areas cover compute efficiency and sovereign architecture, next-generation AI labs, health and life sciences, AI for scientific discovery, and AI trust, integrity and assurance. Companies can also apply for funding if they are considered relevant to defence and national security.</p> <p>Along with backing UK AI startups through the <a href="https://www.computerweekly.com/news/366642362/Government-funds-self-learning-AI-company">Sovereign AI Fund</a>, Kendall said Britain needs to work more closely with international partners, especially “so-called middle power nations”. </p> <p>Discussing how the country is working with allies to develop sovereign capabilities and increase its leverage, Kendall spoke about the Strategic Science and Technology Partnership with Germany, which includes a £6m joint quantum project; the Entente Cordiale with France; the Growth and Innovation Partnership with Canada, which includes joint work on AI security; and the Digital Partnership with Japan.</p> <p>“We recently invited foreign ministers from countries including Australia, Canada and the Republic of Korea to discuss the most pressing geo-economic challenges of our age, including technology,” she said. “We are once again asserting the importance of our international alliances because we know we can achieve more together than we can do alone.”</p> <p>To strengthen the UK’s position in the race to deliver sovereign AI capabilities for the future, Kendall announced that the UK government will develop a UK AI hardware plan to secure Britain’s capability in chips and the semiconductor technologies that underpin the full AI hardware stack.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more stories about UK sovereign AI</h3> <ul class="default-list"> <li>The UK government’s <a href="https://www.computerweekly.com/news/366641874/UKs-Sovereign-AI-supports-supercomputing-and-drug-discovery-AI-startups">£500m Sovereign AI Fund</a> announces first cohort of startups backed to boost economic growth and national security.</li> <li>The UK government is launching a £500m <a href="https://www.computerweekly.com/news/366641682/UK-governments-50m-sovereign-AI-fund-bids-to-commercialise-research">Sovereign AI Unit</a> to boost artificial intelligence startups and drive economic growth through strategic and long-term investments.</li> </ul> </div> </div> The technology secretary speaks about the importance of forging alliances to make UK tech more resilient to geopolitical pressure https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/Brexit-Europe-UK-Thaut-Images-adobe.jpg https://www.computerweekly.com/news/366642532/Liz-Kendall-talks-up-work-with-middle-power-nations-on-sovereign-tech Tue, 28 Apr 2026 11:00:00 GMT Liz Kendall talks up work with ‘middle power nations’ on sovereign tech <p>Lloyds Banking Group has paid compensation to 1,625 more customers after personal data was exposed in an incident described by the Treasury Committee chair as “an alarming breach of data confidentiality”.</p> <p>As Computer Weekly has previously reported, on the morning of 12 March, a fault in the Lloyds banking app <a href="https://www.computerweekly.com/news/366639996/Lloyds-banking-app-glitch-shows-transactions-of-strangers">enabled some customers to see the transactions of other customers</a>. Customers of the group’s Halifax, Bank of Scotland and Lloyds Bank apps were affected by the security breach.</p> <p>The bank’s response to a request from the UK government’s Treasury Committee shows that a programming error was the root cause of a breach that exposed details.</p> <p>The bank has estimated that 114,182 customers clicked through to view the detail behind individual current account transactions during that time, and may have been presented with information about individual payments.</p> <p><a href="https://url.us.m.mimecastprotect.com/s/utA7CM8E9pH9vl279twfXT8WuXB?domain=urldefense.com">In its latest update</a>, the bank told MPs it has paid a further £62,000 of “goodwill payments” to an additional 1,625 customers, with 5,250 customers now in receipt of a total of £201,000.</p> <p>Lloyds originally said Nearly 450,000 customers were potentially affected during the period the vulnerability existed, and in the latest update, the bank said another 80,000 people were joint account holders with people who had their details exposed.</p> <p>In the letter to Meg Hillier, chair of the Treasury Select Committee, Jasjyot Singh, CEO for consumer relationships at the bank, said further investigation “has shown there has been no increase in average daily volumes of fraud against the 446,915 customers affected by the incident”.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Lloyds Banking Group breach</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366639996/Lloyds-banking-app-glitch-shows-transactions-of-strangers">Customers of Lloyds Banking Group experienced a glitch this morning, where details of other customers’ transactions were displayed in their online banking apps</a>.</li> <li><a href="https://www.computerweekly.com/news/366640367/MPs-asks-Lloyds-Bank-for-more-information-about-alarming-breach">Treasury Committee chair requests more information about the IT problem experienced by Lloyds Bank</a>.</li> <li><a href="https://www.computerweekly.com/news/366640568/Lloyds-admits-coding-fault-exposed-customer-transactions">The bank has responded to the Treasury Committee’s request for information on a major data breach in its banking app</a>.</li> </ul> </div> </div> <p>Singh added: “There has been no statistically significant difference in the types of fraud, including impersonation scams and card fraud, within that population.</p> <p>“We have also reviewed the cases of fraud that occurred after the incident on 12 March to establish whether there was any discernible link in those cases to the nature of the data potentially viewed. In that analysis, we have not seen any such link to the incident.”</p> <p>Following a <a href="https://www.computerweekly.com/news/366618677/Barclays-hit-by-major-IT-outage-on-HMRC-deadline-day">major outage at Barclays Bank</a> in January 2025, MPs on the Treasury Committee demanded that banks come clean about access issues.</p> <p>MPs set questions for the UK’s nine biggest banks, including Lloyds. Bank bosses were asked to provide an overview of the number of instances and the amount of time in total that services have been unavailable to customers due to IT failure over the past two years; how many customers have been affected; the amount of compensation that has been paid to their customers; and a description of the reason for the failures. You can <a target="_blank" href="https://committees.parliament.uk/publications/46590/documents/238261/default/" rel="noopener">read the letters to the bank CEOs here</a>.</p> <p>Data received from banks by MPs on the Treasury Committee revealed at least 158 banking IT failures between January 2023 and February 2025, equating to more than 800 hours of service unavailability. Barclays Bank reported the most incidents, at 33, followed by Allied Irish Bank, HSBC and Santander, with 32 each. Nationwide Building Society reported 18 outages, NatWest 13 and Lloyds Bank 12. In single figures were Allied Irish Bank, with nine, Danske, with five, and Bank of Ireland, with four.</p> Bank pays out compensation to more customers and reveals expansion of affected group https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Lloyds-Bank-hero-AdobeStock_335507737_Editorial_Use_Only.jpg https://www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach Tue, 28 Apr 2026 06:45:00 GMT Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach <p>When containers started out, they were meant to be ephemeral – stateless, disposable and data-light. But that’s all changed. As Gartner notes, use cases for <a href="https://www.techtarget.com/searchitoperations/definition/container-containerization-or-container-based-virtualization">containers</a> have evolved to include analytics and artificial intelligence (AI) processing, and by 2028, it predicts 15% of on-premise production workloads will run in containers. That’s a 300% increase since 2022.</p> <p>Now, while containers themselves retain all the benefits of ephemerality – rapidly reproducing, then dying back just as quickly to account for workload spikes – the <a href="https://www.computerweekly.com/resources/Containers-and-storage">storage attached to them</a> cannot live by the same rules.</p> <p>As enterprises move from proofs of concept to running a big chunk of production workloads in containers, the <a href="https://www.computerweekly.com/news/366633394/Container-storage-Five-key-things-you-need-to-know">storage layer</a> has become a pivot point. While the early days were focused on simple web scaling, containers have now moved into the realm of mission-critical databases, massive data science pipelines, and the power-hungry world of <a href="https://www.computerweekly.com/blog/CW-Developer-Network/Nutanix-Cloud-Analysis-The-reasons-why-AI-is-driving-container-adoption">generative AI (GenAI)</a>.</p> <p>The challenge lies in navigating key choices such as file versus block versus object storage, CSI versus container-native storage, and whether to go for a dedicated container storage platform.</p> <section class="section main-article-chapter" data-menu-title="Containerisation is lightweight virtualisation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Containerisation is lightweight virtualisation</h2> <p>Containerisation is a lightweight form of virtualisation. Unlike traditional virtual machines (VMs) that require a hypervisor and a full guest operating system (OS), containers share the host server’s OS. This makes them lighter, faster to scale and more portable. They are built on microservices principles that break monolithic applications into discrete, application programming interface (API)-linked components in a way that aligns with <a href="https://www.techtarget.com/searchitoperations/definition/DevOps">DevOps methodologies</a>.</p> <p>While several orchestrators exist (for example, Docker Swarm and OpenShift), <a href="https://www.computerweekly.com/feature/Storage-technology-explained-Kubernetes-containers-and-persistent-storage">Kubernetes is the market leader</a>. It manages the cluster of nodes, which is where pods run the containers. Clusters are groups of nodes managed by a control plane, which is where we find the API server, a scheduler for pod placement, a controller to maintain the desired state, and <a href="https://www.techtarget.com/searchitoperations/tip/How-does-Kubernetes-use-etcd">etcd</a> for storage configuration.</p> <p>As originally conceived, <a href="https://www.computerweekly.com/feature/Kubernetes-storage-101-Container-storage-basics">container storage was ephemeral</a>, and data vanished when a pod was deleted. So, to support enterprise applications, Kubernetes developed persistent volumes (PV), which are attached to a cluster and decouple storage from compute to allow applications to remain portable while maintaining access to data.</p> </section> <section class="section main-article-chapter" data-menu-title="CSI vs container-native storage"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CSI vs container-native storage</h2> <p><a href="https://www.computerweekly.com/feature/Container-storage-101-What-is-CSI-and-how-does-it-work">Container Storage Interface (CSI)</a> is a standard that allows storage suppliers – more than 130 drivers are available – to expose their systems to Kubernetes. CSI allows Kubernetes to trigger advanced data services such as snapshots, cloning and automated provisioning across block, file and object storage in on-premise and cloud environments.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Container-native storage potentially has the advantage of portability – on-premise, in the cloud, and so on, by virtue of the virtualisation inherent – while CSI is more likely to tie a deployment to deployed storage arrays </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>CSI is essentially a “broker”. It is an industry-standard API that acts as a middleman, allowing Kubernetes to talk to external storage arrays. For example, when a developer requests storage via a persistent volume claim (PVC), the CSI driver tells the external storage box to carve out a piece of capacity and plug it into the container. The advantage is that you get to use the expensive, reliable enterprise storage you already own, but the storage is still “outside” the cluster, and if you move containers to a different cloud or datacentre, that external hardware might not be there.</p> <p>Meanwhile, <a href="https://www.computerweekly.com/feature/Container-native-storage-A-definition-and-what-to-ask-suppliers">container-native storage</a> is storage that lives inside the Kubernetes cluster. It is usually deployed as a set of containers itself. It takes specified drives attached to Kubernetes nodes and pools them together into one big virtual resource.</p> <p>Container-native storage potentially has the advantage of portability – on-premise, in the cloud, and so on, by virtue of the virtualisation inherent – while CSI is more likely to tie a deployment to deployed storage arrays.</p> <p>Container-native storage is location independent, so you can run the same setup on-premise or in the cloud. But it can consume central processing unit (CPU) and random access memory (RAM) from your Kubernetes nodes to manage the data, which may be a concern. </p> </section> <section class="section main-article-chapter" data-menu-title="Do we need containers to be that portable?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Do we need containers to be that portable?</h2> <p>CSI offers connection to big-iron fully featured storage, and container-native storage holds the promise of flexible deployment, portability, and so on.  But is portability that important? Eric Phenix, who leads the engineering practice at analysts GigaOm, says not. </p> <p>“Containers offer a compute abstraction layer that allows the application to be infrastructure agnostic, rather than a solution that is designed to make applications more portable,” he says.</p> <p>Phenix argues that while containers make the code agnostic, deployment is another matter. “Unless a company is specifically a customer-facing instanced PaaS [platform as a service] where they need to run on every cloud, I don’t see the need to run the same workload on multiple clouds. Once things are deployed, they’re always messy to migrate,” he says.</p> <p>And this “messiness” is almost always a data problem, according to Phenix. While the container image can move in seconds, the multi-terabyte persistent volume attached to it cannot.</p> <p>James Brown, an analyst at GigaOm, points out that container-native storage is essentially software-defined storage and brings its own lock-ins. “Heavily integrated, container-native supplier platforms risk replacing hardware lock-in with software lock-in. Tying your architecture to proprietary in-cluster storage features creates massive migration hurdles, effectively breaking the core portability promise of Kubernetes,” he says.</p> <p>So, the choice here comes down to just how portable you need things to be. Enterprises often use a hybrid approach: CSI to connect to massive, high-performance arrays for their heaviest databases; container-native storage for modern, distributed apps that need to be able to move without a “messy” data migration.</p> <p>In 2026, choosing the correct storage protocol for container storage is all about playing in a “mixed economy”, with a Kubernetes cluster able to pull from all three formats simultaneously.</p> </section> <section class="section main-article-chapter" data-menu-title="Block for high performance"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Block for high performance</h2> <p>Block storage presents data as a raw, unformatted volume – like a physical hard drive – that is attached to a single node at a time. In Kubernetes, this is typically handled via persistent volumes using the ReadWriteOnce (RWO) access mode.</p> <p>Block storage can be in on-premise arrays or in the cloud, such as in Amazon Elastic Block Store (EBS), Google Persistent Disk, or Microsoft Azure Disk.</p> <p>Block storage offers the lowest latency and highest input/output operations per second (IOPS) because there is no filesystem overhead between the application and the storage. That makes it ideal for databases where small, frequent updates happen at specific locations within files.</p> <p>When it comes to the cons, most block storage cannot be mounted to multiple pods across different nodes simultaneously, and scaling usually requires resizing the volume and expanding the filesystem. Block storage is generally the most expensive, too.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about container storage</h3> <ul class="default-list"> <li>Kubernetes at 10 – <a href="https://www.computerweekly.com/feature/Kubernetes-at-10-Persistent-storage-matures-helped-by-operators">persistent storage matures</a>, helped by Operators: Google engineer Saad Ali remembers the early days of Kubernetes, the storage challenges faced and overcome, and the revolution in application awareness that comes from Operators.</li> <li>Kubernetes storage 101 – <a href="https://www.computerweekly.com/feature/Kubernetes-storage-101-Container-storage-basics">Container storage basics</a>: We look at the basics of creating storage and specifying it for applications in container storage using Kubernetes Persistent Volumes and Persistent Volume Claims. </li> </ul> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="File for directory access"> <h2 class="section-title"><i class="icon" data-icon="1"></i>File for directory access</h2> <p>File storage provides a shared hierarchical namespace (folders and files) accessible over a network. In Kubernetes, it is the primary way to achieve ReadWriteMany, allowing multiple pods on different nodes to read and write to the same data.</p> <p>It is also available in on-premise storage or cloud services such as Amazon Elastic File System (EFS), Microsoft Azure Files and Google Filestore.</p> <p>File access is perfectly suited for horizontal scaling of web servers where all pods need access to the same assets, and most legacy applications are built to read/write to a standard directory structure. Compared to block access, network protocols like NFS or SMB introduce more latency, and at large scales (millions of files), traversing deep directory trees can become extremely slow. Meanwhile, handling concurrent writes across many pods can lead to file locking conflicts if not managed carefully.</p> </section> <section class="section main-article-chapter" data-menu-title="Object for sizeable datastores"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Object for sizeable datastores</h2> <p>Object storage manages data as discrete objects in a flat namespace and is accessed via APIs (for example, S3 or Swift) rather than being “mounted” like a disk. It’s the cloud-native storage protocol, though it can run on-site, too. Examples include Amazon Simple Storage Service (S3), MinIO, Google Cloud Storage and Ceph RGW. Object storage can store petabytes of data without worrying about partition limits or disk sizes, and is usually the cheapest option for large-scale unstructured data (logs, images, backups).</p> <p>Object storage is ideal for modern “cloud-native” apps that talk directly to storage via HTTP/HTTPS, bypassing the OS kernel entirely.</p> <p>On the negative side, object storage is generally the slowest for transactional work with high throughput but higher latency than block or file. Meanwhile, you can’t “edit” a single line in a file; you must re-upload the entire object to change it.</p> </section> <section class="section main-article-chapter" data-menu-title="Storage protocol decision-making"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Storage protocol decision-making</h2> <p>In summary, block storage is expensive but the best performing, file storage is less costly but with scale restrictions, and object storage is great for huge capacity but also lags in performance terms. So, which one to choose? It’s a case of horses for courses, according to Tony Lock, director of engagement and distinguished analyst at Freeform Dynamics.  </p> <p>“In an ideal world, the choice of underlying storage – block, file or object – will likely depend on what the app is, where the organisation wishes to run it, and what its characteristics are in terms of size, number of containers, latency requirements, security, location, cost, etc,” he says.</p> <p>Meanwhile, Whit Walters, field chief technology officer at GigaOm, believes S3 is winning the battle, but block has its place. He says: “The real story is protocol bifurcation inside AI pipelines. Object storage dominates the ingestion and data lake tier, offering exabyte-scale horizontal scaling with rich, customisable metadata that enables semantic discovery natively at the storage layer.</p> <p>“Block storage still owns the inference hot path where vector databases demand 500,000+ IOPS, however.</p> <p>“The emerging trend to watch is COSI, the Container Object Storage Interface, which aims to make object storage buckets first-class Kubernetes resources with standardised, declarative lifecycle management.”</p> </section> <section class="section main-article-chapter" data-menu-title="CSI vs container-native in storage supplier container platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CSI vs container-native in storage supplier container platform</h2> <p>All the big storage suppliers provide some form of platform or wrapper for container storage. These include Dell’s Container Storage Modules, HPE’s Ezmeral Runtime Enterprise, the Hitachi Kubernetes Service (HKS), NetApp’s Astra and Everpure’s Portworx.</p> <p>What they all have in common is a means of managing container storage – and in some cases, data protection and more. Where they differ under the hood is that most are based around CSI, so they provide a layer from which to manage CSI drivers to their storage.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> CSI connectivity may well be better suited to larger, more static environments, while container-native solutions can be best for more dynamic sets of workloads </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Some differ in that they provide their management functionality from within Kubernetes. Everpure’s Portworx, for example, lives entirely within Kubernetes but uses CSI as a “handshake” with external storage.</p> <p>Meanwhile, HPE Ezmeral also runs in Kubernetes but accesses data via the CSI driver. NetApp’s Astra Datastore was container-native in a similar way to Portworx, but was discontinued in 2023.</p> <p>While all the key storage suppliers offer products that can manage storage for containers, be sure to check the extent to which these are container-native or dependent on CSI. As mentioned, CSI connectivity may well be better suited to larger, more static environments, while container-native solutions can be best for more dynamic sets of workloads.</p> <p>GigaOm’s Walters puts a finer point on it: “The Kubernetes tax is real, but it’s a trade-off. Container-native platforms run replication, dedupe and encryption on worker nodes. Ceph alone carries a 2-10% baseline CPU penalty per node just for cluster quorum, and that spikes hard during replica rebuilds.</p> <p>“In GPU [graphics processing unit]-dense AI environments, where every cycle counts, offloading that work to dedicated array ASICs [application-specific integrated circuits] via an advanced CSI model keeps compute nodes clean. But in multicloud or edge scenarios without dedicated arrays, that CPU tax buys you topology-aware placement and self-healing automation that’s genuinely hard to replicate otherwise.”</p> <p>There may also be performance considerations in terms of contention for resources, as well as questions about how they are administered. </p> </section> <section class="section main-article-chapter" data-menu-title="Towards autonomous, agentic storage"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Towards autonomous, agentic storage</h2> <p>As we look towards 2027, the focus is shifting from manual provisioning to policy-driven storage.</p> <p>The ultimate goal is a system where the storage “senses” workload requirements. For example, if an AI training container spins up, the system automatically provisions high-throughput file storage, or if a database scales up, it gets low-latency block storage.</p> </section> We look at key choices when it comes to providing storage for containerised applications and whether to choose block, file or object storage https://cdn.ttgtmedia.com/visuals/German/article/container-on-a-train-adobe.jpg https://www.computerweekly.com/feature/Container-storage-in-the-AI-age-Block-vs-object-and-CSI-vs-container-native Tue, 28 Apr 2026 03:45:00 GMT Container storage in the AI age: Block vs object and CSI vs container-native <p>The UK is in the middle of shaping <a href="https://www.computerweekly.com/news/366618655/Major-obstacles-facing-Labours-AI-opportunity-action-plan">the public sector's artificial intelligence (AI) capability</a> for decades to come. The visible part, comprising Copilot rollouts, foundation model partnerships and the headline contracts, is already well advanced.</p> <p>The less visible part is whether, in the course of those deployments, we also build the buying capability, cultivate a plural supply base, and establish the shared standards that will let us adapt as the technology evolves.</p> <p>We have made a strong start on the first half of the task. The second half is the one that will determine whether the first half pays off.</p> <section class="section main-article-chapter" data-menu-title="Silent lock-in"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Silent lock-in</h2> <p>We can call this the "silent lock-in" trap. It is the accumulation of AI capability on top of infrastructure, management practices and governance approaches that are individually defined, poorly coordinated and mismatched to the pace at which the technology is changing.</p> <p>Despite the hard work of individuals and teams to <a href="https://www.computerweekly.com/opinion/The-governments-AI-push-is-at-risk-if-we-dont-establish-clear-accountability">procure and experiment with AI’s emerging capabilities</a>, the pieces are not adding up the way they should.</p> <p>What can we do to learn from the last decade’s digital transformation experiences to accelerate the UK’s AI adoption? That is the subject of <i>Making AI work for Britain</i>, published by London Publishing Partnership and available for download at <a href="https://FutureOfAI.uk">FutureOfAI.uk</a> under an open-access licence. The book draws on several years of research into the UK's AI strategy and ecosystem, and on over a decade working with <a href="https://www.computerweekly.com/opinion/Digital-transformation-the-missing-government-mission">UK government on digital transformation</a>.</p> <p>In the book, I set out a framework for AI success based on a simple strategy - consolidate demand, diversify supply. The short extract that follows is drawn from the final chapter and summarises three of the key recommendations flowing from this analysis: Build buyers who can push back; pool demand that is already shared; and keep the supply side plural.</p> <div align="center"> <hr align="center" width="100%" size="2"> </div> </section> <section class="section main-article-chapter" data-menu-title="Build buyers who can push back"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Build buyers who can push back</h2> <p>The smart-buyer problem is easy to describe and difficult to solve. AI suppliers, particularly the larger ones, now routinely make claims that require significant technical capability to evaluate - claims about training data provenance, model behaviour under distribution shift, security properties of the fine-tuning pipeline, interoperability with alternative providers.</p> <p>Most procurement functions were designed to assess claims like, "this system meets this specification" and "this supplier has these references." They were not designed to assess claims like, "this model will remain useful as underlying capabilities change."</p> <blockquote> <div class="imagecaption alignLeft"> <img src=" https://cdn.ttgtmedia.com/rms/computerweekly/Alan-Brown.jpg " alt="Alan Brown headshot"> </div> <p><strong><span style="color: #34495e;"></span></strong></p> <p><strong><span style="color: #34495e;">“None of this requires new powers or new money. It requires the decision to treat AI procurement as a capability we are actively building rather than a series of individual deals”</span></strong></p> <p><em><span style="color: #34495e;">Alan Brown</span></em></p> <p><em><span style="color: #34495e;"></span></em></p> </blockquote> <p>The smart-buyer model does not mean building deep AI expertise in every department. It means, in each organisation spending meaningfully on AI, having a small core of people who can sit opposite a vendor and know what they are looking at. That core needs three things - the authority to say no, the technical depth to justify it, and enough exposure to current practice to recognise when claims have quietly drifted from their evidence.</p> <p>Where that capability exists, suppliers behave differently. Where it does not, they behave as suppliers to an unsophisticated market always have.</p> </section> <section class="section main-article-chapter" data-menu-title="Pool the demand that is already shared"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Pool the demand that is already shared</h2> <p>Many of the <a href="https://www.computerweekly.com/opinion/Google-Cloud-Next-Its-time-to-create-value-not-slop-from-the-AI-boom">AI problems</a> public sector organisations are solving are the same problem. Case summarisation. Triage. Translation between policy language and operational systems. Document extraction. These requirements do not vary meaningfully between one department and the next, and the money spent separately working them out is considerable.</p> <p>Consolidating demand is the less celebrated half of the lesson we took from digital government reform. When the specification of a shared requirement is done well once, as a common evaluation framework, a reference architecture or a shared procurement vehicle, the supplier market responds to it. Three or four suppliers quickly learn what "good" looks like, and they compete on it.</p> <p>The aim is not to buy the same system everywhere - that was the mistake of an earlier generation. The aim is to agree on what the shared requirement is, measure it consistently, and let departments make the local calls within that frame.</p> </section> <section class="section main-article-chapter" data-menu-title="Keep the supply side plural"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Keep the supply side plural</h2> <p>No market stays plural on its own. Left to itself, enterprise AI will concentrate, because the economics of foundation models favour scale and because the switching costs of deeply integrated AI services are high. That concentration is not inevitable, but avoiding it requires active stewardship rather than hope.</p> <p>In practice, stewardship means three kinds of move. First, treat open source and open-weight models as first-class options in public sector procurement, with evaluation criteria that credit them for the strategic flexibility they preserve.</p> <p>Second, use the UK's research base and AI ecosystem as suppliers as well as subjects of study, which means procurement vehicles that smaller providers can actually clear and contract durations that give them a realistic shot at building capability.</p> <p>Third, treat the <a href="https://www.computerweekly.com/news/366636655/AI-safeguards-improving-says-UK-government-backed-body">AI Security Institute</a> and the UK's sovereign compute investments as part of the operational supply map available to departments, not as national prestige projects standing apart from day-to-day procurement.</p> <p>These three recommendations illustrate the way forward for AI in the UK. Over the next few months, most large public sector organisations will sign AI contracts that shape what they can do with the technology well into the next decade. Each is a chance to build smart-buyer capability, to consolidate shared requirements, and to keep a seat at the table for new suppliers.</p> <p>None of this requires new powers or new money. It requires the decision to treat AI procurement as a capability we are actively building rather than a series of individual deals.</p> <p><i>Alan W. Brown is the author of </i><a href="https://futureofai.uk/">Making AI work for Britain</a><i>, published by LPP. He is a professor in digital economy, an experienced business executive and a strategic advisor. He has spent more than 30 years in the US, Europe and the UK driving large-scale software-driven programmes with commercial high-tech companies, leading R&D teams, building state-of-the-art solutions and improving software product delivery approaches.</i></p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI in government</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366628066/The-UK-governments-AI-Growth-Zones-strategy-Everything-you-need-to-know">The UK government’s AI growth zones strategy: Everything you need to know</a> - Plans to make the UK an AI superpower imply pervasive use of the technology. Ramping up adoption of AI will require more datacentres to host compute-intensive workloads, which is where the AI growth zone strategy comes in.</li> <li><a href="https://www.computerweekly.com/news/366637838/UK-government-signs-more-partners-to-boost-AI-skills-across-the-country">UK government signs more partners to boost AI skills across the country</a> - The government is seeking to educate 10 million adults in the UK on how to use artificial intelligence tools to streamline their work.</li> <li><a href="https://www.computerweekly.com/news/366633173/Do-government-services-need-a-rethink-for-AI-and-automation">Do government services need a rethink for AI and automation?</a> Evidence presented in a new Public Accounts Committee report covering smart public services delivery suggests a change in tack is needed.</li> </ul> </div> </div> </section> The government must learn from years of experience introducing digital transformation if the UK is to make the most of the opportunities AI offers to the public sector https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/London-Westminster-Houses-of-Parliament-aerial-zgphotography-adobe.jpg https://www.computerweekly.com/opinion/How-to-make-AI-work-for-Britain-consolidate-demand-diversify-supply Tue, 28 Apr 2026 03:00:00 GMT How to make AI work for Britain: consolidate demand, diversify supply <p>The SAP Sapphire conference is being held in Orlando, Fla., on May 11-13.</p> <p>The event is expected to center on topics including Joule, SAP's generative AI copilot, and other AI subjects, including SAP products like Business Data Cloud and Business Technology Platform. Developments such as multi-agent orchestration and agentic AI remain the dominant topics in the tech world.</p> <p>As in past years, the longstanding effort to move customers from SAP ECC to S/4HANA and the 2027 end of support for ECC remain major topics. The conference will likely also include discussion about SAP’s engagement offerings as the company has worked to integrate its engagement technology with other enterprise tools.</p> <p>IT decision-makers should check back here for the latest on SAP announcements and other developments once the conference kicks off.</p> Here are the newest developments from SAP Sapphire in Orlando, Fla., with the enterprise software vendor's 2026 announcements and our writers' takes on the news. https://www.techtarget.com/searchsap/conference/SAP-Sapphire-Now-news-trends-and-analysis Mon, 27 Apr 2026 09:00:00 GMT SAP Sapphire 2026 news, trends and analysis <p>Security leaders should be turning <a href="https://www.computerweekly.com/opinion/Confidence-in-AI-powered-cyber-must-be-earned-not-assumed" target="_blank" rel="noopener">offensive artificial intelligence (AI) cyber tools</a> on their own systems before threat actors do, exploiting the innate defenders’ advantage to attain the high ground and increase their chances of withstanding a cyber attack.</p> <p>So says Yinon Costica, co-founder of <a href="https://www.wiz.io/" target="_blank" rel="noopener">Google-owned Wiz</a>, who, speaking at <a href="https://cloud.google.com/blog/topics/google-cloud-next/welcome-to-google-cloud-next26" target="_blank" rel="noopener">Google Cloud Next in Las Vegas</a>, argued that defenders can win against attackers by using AI to exploit an advantage that may not appear obvious at first glance, that of context.</p> <p>“The same AI model can obviously produce very different results based on the context that we feed into it,” he said. “Now, attackers hopefully have much less context about us, while as defenders we do have a lot of context about our environments that we can share with the model.</p> <p>“If, as defenders, we take the first movers’ advantage and we use the AI against ourselves, with the context we have, we actually stand a chance to win … But we need to act fast,” said Costica.</p> <p>“We need to start using AI against ourselves as much as possible, whether it’s to scan attack surfaces, scan code, scan anything, in order to be the first one to see the results and not to wait for the bad guys to do it before us.”</p> <p>As speed becomes ever more of the essence in cyber security, Costica conceded that this would be a challenge for defenders – but noted that the tools to do this are rapidly becoming available. To try to help, Wiz unveiled three new <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-agents" target="_blank" rel="noopener">AI agents</a> at Google Cloud Next – red, green and blue – which are named for the human cyber teams they are designed to help.</p> <p>“What agents allow us to do is really get to the next level of acceleration [and] automation of security work,” said Costica.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more from Google Cloud Next</h3> <ul class="default-list"> <li>Attendees at Google Cloud Next in Las Vegas are backing AI all the way to the bank. But as AI turns up in everything, everywhere, all at once, we’re going to need to get a lot stricter <a href="https://www.computerweekly.com/opinion/Google-Cloud-Next-Its-time-to-create-value-not-slop-from-the-AI-boom" target="_blank" rel="noopener">about what we use it for</a>.</li> <li>With more AI agents moving to production, Google Cloud is targeting governance, multi-cloud data architecture and purpose-built silicon to help enterprises <a href="https://www.computerweekly.com/news/366641999/Google-launches-Gemini-Agent-Platform-eighth-generation-TPUs" target="_blank" rel="noopener">orchestrate agentic workflows</a>.</li> <li>Blue chips will expand use of Gemini Enterprise AI agents on a revamped platform, but how far its appeal will extend beyond the Google Cloud user base <a href="https://www.techtarget.com/searchitoperations/news/366642097/Merck-Home-Depot-tap-Gemini-Enterprise-for-AI-agent-development" target="_blank" rel="noopener">remains to be seen</a>.</li> </ul> </div> </div> <p>The red agent is designed to assist red team penetration testing work by probing deep into its owners’ IT estate, identifying potential exposures, such as <a href="https://www.computerweekly.com/news/366618596/DeepSeek-API-chat-log-exposure-a-rookie-cyber-error" target="_blank" rel="noopener">application programming interfaces</a>, end-of-life <a href="https://www.computerweekly.com/news/366641403/Russian-cyber-spies-targeting-consumer-Soho-routers" target="_blank" rel="noopener">edge networking kit</a> or operational technology (OT) assets, and runs penetration tests on them. The green agent follows on by automating the triage process, something that can take ages for humans. Finally, the blue agent acts as a detective, doing the investigative work that can also be a lengthy process for human teams.</p> <p>“These three agents together form a layer that is autonomous and automated,” said Costica. “It’s not revolutionary in that it aligns closely to how security teams have been working for many years, but now it allows each team to automate their workflows.</p> <p>“It’s like living in the future in the eyes of security teams because it means that from the moment they find a risk, they can automate the process to find who owns it and deliver the code fix to complete and redeploy to production.”</p> <p>A little over a month on from the closure of the $32bn acquisition of Wiz – Google’s largest purchase to date – the two organisations reaffirmed their commitment to providing a unified security platform, retaining Wiz’s brand, that will enhance the speed with which customers detect, prevent and respond to threats, especially emerging ones created using AI.</p> <p>The duo also claim their combined capability will accelerate adoption of multi-cloud security and spur more confidence in innovation around cloud and AI. Wiz’s products are also to continue to be made available across other platforms, including Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud. It also announced support for Databricks and agent studios such as AWS Agentcore, Microsoft Azure Copilot Studio and Salesforce Agentforce, as well as the Gemini Enterprise Agent Platform, and continues to support security ecosystems with integrations to the outer layer of the cloud, including Google Cloud Apigee, Cloudflare AI Security for Apps, and the Vercel platform.</p> <p>Behind the scenes, Wiz has also updated how it integrates security detections from Wiz Defend with Google Security Operations and Mandiant Threat Defence to make life easier for human analysts.</p> <p>And it announced new capabilities to secure the AI-native deployment cycle. These include scanning vibe coded applications for issues; AI-generated code scanning and vulnerability remediation; agent-based remediation allowing teams to automate remediation workflows; and an AI bill of materials to keep on top of the use of shadow AI for coding.</p> At Google Cloud Next, Wiz co-founder Yinon Costica called on security defenders to use AI to steal a march on threat actors, and launched agentic capabilities for cyber teams https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Robot-AI-books-learning-Adobe.jpg https://www.computerweekly.com/news/366642436/Wiz-founder-Hack-yourself-with-AI-before-the-bad-guys-do Fri, 24 Apr 2026 15:15:00 GMT Wiz founder: Hack yourself with AI, before the bad guys do ComputerWeekly.com 60 editor@computerweekly.com