Tag: Azure

Posted on by

Microsoft restates commitment to OpenAI amid analyst note about datacentre expansion rollbacks

Microsoft has pushed back against claims its decision to cancel and defer at least 2GW of datacentre projects in the US and Europe is indicative of its “fraying relationship” with OpenAI.

US analyst TD Cowen published a research note on 26 March 2025 that suggested the public cloud giant had cancelled and deferred datacentre lease agreements in the US and Europe that would have increased its compute capacity by at least 2GW.

The reason for the rollback on its plans was, according to TD Cowen, due to Microsoft’s decision not to support OpenAI’s incremental training workloads.

TD Cowen had previously said the two companies were involved in a “fraying relationship”, after Microsoft confirmed in January 2025 that the exclusivity cloud hosting deal between the two firms had been rejigged.

A Microsoft blog post, dated 21 January 2025, confirmed OpenAI had made a “large Azure commitment” that included “changes to the exclusivity on new capacity, moving to a model where Microsoft has a right of first refusal”.

This means Microsoft gets first refusal on whether or not it wants to host OpenAI workloads, but OpenAI also reserves the right to build its own capacity with other partners if Microsoft cannot meet its needs.

Microsoft has now issued a statement to Computer Weekly, pushing back on TD Cowen’s take on the situation, while also restating the strength of the working relationship between the company and OpenAI.

In reference to its decision to scale back its datacentre expansion plans, Microsoft said it’s “well-positioned” to meet the current and increasing customer demand it’s seeing for its services thanks to the “significant investments” it’s made in its infrastructure to this point.

“Last year alone, we added more capacity than any prior year in history,” said a Microsoft spokesperson. “While we may strategically pace or adjust our infrastructure in some areas, we will continue to grow strongly in all regions.

“This allows us to invest and allocate resources to growth areas for our future. Our plans to spend over $80bn on infrastructure this financial year remain on track as we continue to grow at a record pace to meet customer demand.”

Microsoft has been a partner in OpenAI since 2019, with the two firms previously stating that they were working towards a shared goal to “responsibly advance artificial intelligence research” while democratising the technology and making it accessible to all.

Around the same time that Microsoft released details of its reworked cloud hosting arrangement with OpenAI, the latter released details of its $500bn effort to expand the infrastructure underpinning its services through the launch of the Stargate Project.

Softbank, Oracle, MGX and OpenAI are the equity funders for the initiative, while Microsoft is listed as a technology partner.

In reference to its ongoing partnership with OpenAI, the Microsoft spokesperson said: “OpenAI continues to be a great partner. We remain committed to pushing the frontier of AI forward, driving innovation, and making cutting-edge models accessible to our customers and partners.”

Source

Posted on by

UK law enforcement data adequacy at risk

The UK government has introduced its Data Use and Access Bill (DUAB) to Parliament, but proposed reforms to police data protection rules could undermine law enforcement data adequacy with the European Union (EU).

Currently going through the committee stage of Parliamentary scrutiny, the DUAB will amend the UK’s implementation of the EU Law Enforcement Directive (LED), which is transposed into UK law via the current Data Protection Act (DPA) 2018 and represented in Part Three of the DPA, specifically.

In combination with the current data handling practices of UK law enforcement bodies, the bill’s proposed amendments to Part Three – which include allowing routine transfer of data to offshore cloud providers, removing the need for police to log justifications when accessing data, and enabling police and intelligence services to share data outside of the LED rules – could present a challenge for UK data adequacy.

In June 2021, the European Commission granted “data adequacy” to the UK following its exit from the EU, allowing the free flow of personal data to and from the bloc to continue, but warned the decision may yet be revoked if future data protection laws diverge significantly from those in Europe.

While Computer Weekly’s previous reporting on police hyperscale cloud use has identified major problems with the ability of these services to comply with Part Three, the government’s DUAB changes are seeking to solve the issue by simply removing the requirements that are not being complied with.

For example, while the DPA 2018 does allow for overseas transfers to “non-law enforcement recipients” – that is, cloud providers – this is only permissibleif the data controller can show it is strictly necessary to do so. This means information can only be sent on a case-by-case basis for specific, limited purposes when there is no other, less intrusive means of achieving the same goal.

However, in June 2024, Computer Weekly confirmed that UK policing data uploaded to Microsoft services is routinely sent offshore for some forms of processing, while IT support is provided on a global “follow-the-sun” model.

To circumvent the lack of compliance with these transfer requirements, the government has simply dropped them from the DUAB, meaning policing bodies will no longer be required to assess the suitability of the transfer or report it to the data regulator.

Commenting on the transfer issue during a DUAB debate in the House of Lords, Liberal Democrat peer Tim Clement-Jones highlighted how, as it stands, cloud service providers routinely process data outside the UK, and are unable to provide necessary contractual guarantees to policing bodies as required by Part Three: “As a result, their use for law enforcement data processing is, on the face of it, not lawful.”

He added: “The government’s attempts to change the law highlight the issue and suggest that past processing on cloud service providers has not been in conformity with the UK GDPR [General Data Protection Regulation] and the DPA.”

Through the DUAB, the government has also expanded the list of lawful recipients to now include “a processor whose processing … is governed by, or authorised in accordance with, a contract with the controller that complies with section 59”, which outlines key elements that must be contained in any contract between a law enforcement controller and processor. 

This includes specific details of the exact types of data, the categories of data subjects and the specific purpose of the processing, as well as explicit guarantees from the processor about how it will comply with all the requirements of Part Three.

However, given the international nature of the data sharing that takes place on commodity hyperscale architecture, cloud providers are either unable or unwilling to make contractual guarantees that satisfy all aspects of Part Three.

As Microsoft told the Scottish Police Authority (SPA), in relation to its Azure-hosted Digital Evidence Sharing Capability, the company “cannot accept specific consent [to transfer data internationally] on a case-by-case basis as this would be impossible to operationalise”.

All of this effectively means that under the DUAB, the data can be routinely offshored to jurisdictions with lower data protection standards, without adherence to LED conditions around strict necessity.

Similarly, while the LED provided a five-year grace period to ensure all legacy police systems could record justification logs for why a particular piece of information has been accessed – with systems procured after May 2016 were required to have this capability from the start – most policing systems in the UK still do not have this capability.

Instead, the UK government has simply removed the requirement to record these justifications, arguing that the change will save police time and that the data has little evidentiary value because people are unlikely to record an honest justification anyway.

According to Owen Sayers – a long-term commentator on DPA Part Three compliance issues with more than 25 years of experience in delivering secure solutions to policing and the wider criminal justice sector – changing the law in this way will permanently diverge UK law from the LED requirements.

He added that while UK police have been breaking the law in practice since the DPA came into effect in May 2018, the law they were breaking was at least aligned to those in the European Union.

“Even though in practical terms the UK hasn’t actually been protecting personal data as they’re required to under the LED, their law did at least give recourse to a data subject to take action about this processing (even if no one actually did so),” he said.

“Once DUAB comes into force, however, the landscape has totally changed. Not only will UK law enforcement bodies be sending massive amounts of personal data (including a lot of data about EU citizens) offshore to a range of countries not deemed adequate by the EU, but UK law will have change to make it legal for them to do so.

“By making these changes under DUAB, the government have thrown into sharp relief that law enforcement bodies are breaching the law today – they’ve literally confirmed it by modifying the law to give Microsoft and AWS this special status.”

Computer Weekly contacted the Home Office about the threat to the UK’s LED adequacy created by the government’s proposed changes to the law enforcement data protection regime.

“We have introduced some targeted amendments in the Data Use and Access Bill to improve public trust and to drive up law enforcement efficiency by simplifying the legislation. We are committed to data adequacy and had the UK’s adequacy decisions in mind when producing this bill,” said a spokesperson. “Any changes to our data protection regime must not come at the expense of security, and high standards of protection will continue to be applied.”

A Home Office source told Computer Weekly that that the use of cloud providers in particular has caused some confusion, and that measures contained within the bill are intended to give law enforcement the confidence to use cloud processors. However, they said the use of cloud services must not come at the expense of security and high standards of protection will continue to be applied.

Source

Posted on by

DeepSeek-R1: Budgeting challenges for on-premise deployments

Until now, IT leaders have needed to consider the cyber security risks posed by allowing users to access large language models (LLMs) like ChatGPT directly via the cloud. The alternative has been to use open source LLMs that can be hosted on-premise or accessed via a private cloud. 

The artificial intelligence (AI) model needs to run in-memory and, when using graphics processing units (GPUs) for AI acceleration, this means IT leaders need to consider the costs associated with purchasing banks of GPUs to build up enough memory to hold the entire model.

Nvidia’s high-end AI acceleration GPU, the H100, is configured with 80Gbytes of random-access memory (RAM), and its specification shows it’s rated at 350w in terms of energy use.

China’s DeepSeek has been able to demonstrate that its R1 LLM can rival US artificial intelligence without the need to resort to the latest GPU hardware. It does, however, benefit from GPU-based AI acceleration.

Nevertheless, deploying a private version of DeepSeek still requires significant hardware investment. To run the entire DeepSeek-R1 model, which has 671 billion parameters in-memory, requires 768Gbytes of memory. With Nvidia H100 GPUs, which are configured with 80GBytes of video memory card each, 10 would be required to ensure the entire DeepSeek-R1 model can run in-memory. 

IT leaders may well be able to negotiate volume discounts, but the cost of just the AI acceleration hardware to run DeepSeek is around $250,000.

Less powerful GPUs can be used, which may help to reduce this figure. But given current GPU prices, a server capable of running the complete 670 billion-parameter DeepSeek-R1 model in-memory is going to cost over $100,000.

The server could be run on public cloud infrastructure. Azure, for instance, offers access to the Nvidia H100 with 900 GBytes of memory for $27.167 per hour, which, on paper, should easily be able to run the 671 billion-parameter DeepSeek-R1 model entirely in-memory.

If this model is used every working day, and assuming a 35-hour week and four weeks a year of holidays and downtime, the annual Azure bill would be almost $46,000 a year. Again, this figure could be reduced significantly to $16.63 per hour ($23,000) per year if there is a three-year commitment.

Less powerful GPUs will clearly cost less, but it’s the memory costs that make these prohibitive. For instance, looking at current Google Cloud pricing, the Nvidia T4 GPU is priced at $0.35 per GPU per hour, and is available with up to four GPUs, giving a total of 64 Gbytes of memory for $1.40 per hour, and 12 would be needed to fit the DeepSeek-R1 671 billion-parameter model entirely-in memory, which works out at $16.80 per hour. With a three-year commitment, this figure comes down to $7.68, which works out at just under $13,000 per year.

A cheaper approach

IT leaders can reduce costs further by avoiding expensive GPUs altogether and relying entirely on general-purpose central processing units (CPUs). This setup is really only suitable when DeepSeek-R1 is used purely for AI inference.

A recent tweet from Matthew Carrigan, machine learning engineer at Hugging Face, suggests such a system could be built using two AMD Epyc server processors and 768 Gbytes of fast memory. The system he presented in a series of tweets could be put together for about $6,000.

Responding to comments on the setup, Carrigan said he is able to achieve a processing rate of six to eight tokens per second, depending on the specific processor and memory speed that is installed. It also depends on the length of the natural language query, but his tweet includes a video showing near-real-time querying of DeepSeek-R1 on the hardware he built based on the dual AMD Epyc setup and 768Gbytes of memory.

Carrigan acknowledges that GPUs will win on speed, but they are expensive. In his series of tweets, he points out that the amount of memory installed has a direct impact on performance. This is due to the way DeepSeek “remembers” previous queries to get to answers quicker. The technique is called Key-Value (KV) caching.

“In testing with longer contexts, the KV cache is actually bigger than I realised,” he said, and suggested that the hardware configuration would require 1TBytes of memory instead of 76Gbytes, when huge volumes of text or context is pasted into the DeepSeek-R1 query prompt.

Buying a prebuilt Dell, HPE or Lenovo server to do something similar is likely to be considerably more expensive, depending on the processor and memory configurations specified.

A different way to address memory costs

Among the approaches that can be taken to reduce memory costs is using multiple tiers of memory controlled by a custom chip. This is what California startup SambaNova has done using its SN40L Reconfigurable Dataflow Unit (RDU) and a proprietary dataflow architecture for three-tier memory.

“DeepSeek-R1 is one of the most advanced frontier AI models available, but its full potential has been limited by the inefficiency of GPUs,” said Rodrigo Liang, CEO of SambaNova.

The company, which was founded in 2017 by a group of ex-Sun/Oracle engineers and has an ongoing collaboration with Stanford University’s electrical engineering department, claims the RDU chip collapses the hardware requirements to run DeepSeek-R1 efficiently from 40 racks down to one rack configured with 16 RDUs.

Earlier this month at the Leap 2025 conference in Riyadh, SambaNova signed a deal to introduce Saudi Arabia’s first sovereign LLM-as-a-service cloud platform. Saud AlSheraihi, vice-president of digital solutions at Saudi Telecom Company, said: “This collaboration with SambaNova marks a significant milestone in our journey to empower Saudi enterprises with sovereign AI capabilities. By offering a secure and scalable inferencing-as-a-service platform, we are enabling organisations to unlock the full potential of their data while maintaining complete control.”

This deal with the Saudi Arabian telco provider illustrates how governments need to consider all options when building out sovereign AI capacity. DeepSeek demonstrated that there are alternative approaches that can be just as effective as the tried and tested method of deploying immense and costly arrays of GPUs.

And while it does indeed run better, when GPU-accelerated AI hardware is present, what SambaNova is claiming is that there is also an alternative way to achieve the same performance for running models like DeepSeek-R1 on-premise, in-memory, without the costs of having to acquire GPUs fitted with the memory the model needs.

Source

Posted on by

DeepSeek is rushing to get its next-gen R2 model out sooner than expected

After taking the world by storm with the debut of its R1 reasoning model in January, Chinese AI startup DeepSeek is reportedly looking to maintain the momentum by rushing its new R2 model to market as quickly as possible, Reuters reports.

DeepSeek at first planned to launch R2 in early May, but sources familiar with the company tell Reuters that DeepSeek wants to speed up the schedule. However, the sources didn’t provide a new release date for DeepSeek-R2, which has yet to be announced.

We don’t know much about DeepSeek’s next AI model yet, but the Chinese company wants R2 to have improved coding skills and reason in languages other than English.

When DeepSeek-R1 launched, the entire industry was taken aback by the research paper that claimed the highly sophisticated model was trained at a fraction of the cost of OpenAI’s o1. The pushback was immediate, though, as OpenAI posited that DeepSeek distilled ChatGPT to train its model, and Google called DeepSeek’s claims “exaggerated.”

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

Nevertheless, many companies were quick to adopt the new model, including OpenAI investor Microsoft, which added DeepSeek-R1 to Azure AI Foundry and GitHub. You can also find R1 in the Amazon Web Services (AWS) model catalog.

With the arrival of GPT-4.5 still weeks away and GPT-5 potentially months out, DeepSeek has a chance to shake up the market once again if R2 launches soon.

Source

Posted on by

Microsoft overcomes quantum barrier with new particle

Microsoft has published the culmination of 20 years of research into subatomic particles, known as Majorana fermions, which it aims to use to build a million-qubit quantum computer.

The research has involved developing topological qubits, which Microsoft research anticipated would offer more stable qubits, requiring less error correction. A research paper on the property of these particles notes that Majorana fermions have a mathematical quirk which suggests that if fermions and anti-fermions are indistinguishable, they may be able to coexist without annihilating one another. 

In a YouTube video discussing the research, Microsoft technical fellow Matthias Troyer said: “Majorana’s theory showed that mathematically it’s possible to have a particle that is its own antiparticle. That means you can take two of these particles and you bring them together, and they could annihilate and there’s nothing left. Or you could take two particles and you bring them together and you have two particles.”

This offers a way to correlate the nothing state when the fermion and anti-fermion annihilate each other as a binary “0”, and when they both exist as a binary “1”. 

Microsoft technical fellow Krysta Svore said Microsoft has succeeded in designing a chip called Majorana 1 that is able to measure the presence of the Majorana fermion particles. “Majorana allows us to create a topological qubit,” she said, where the qubit is reliable, small and controllable.

The nature of the Majorana particles means they hide quantum information, making it more robust, but also harder to measure. Microsoft developed a new measurement approach that it claims is so precise that it can detect the difference between one billion and one billion and one electrons in a superconducting wire, which is used to determine the state of the qubit for quantum computation.

According to Svore, the approach Microsoft has taken gets around the noise problem that leads to errors in qubits, which results in error-prone quantum computers.

“Now that we have these topological qubits, we’re able to build an entirely new quantum architecture, the topological core, which can scale to a million topological qubits on a tiny chip,” she said.

Svore said that each atom in this chip is placed purposefully. “It is constructed from the ground up,” she added. “It is entirely a new state of matter. Think of us as building the picture by painting it atom by atom.”

The processors used to power computers traditionally use electrons. “We don’t use electrons for compute,” said Svore. “We use Majoranas.”

Majorana 1 is Microsoft’s new quantum chip that combines both qubits as well as surrounding control electronics. Along with the control logic, the Microsoft approach to quantum computing requires a dilution refrigerator that keeps qubits at temperatures much colder than outer space. Microsoft has also developed a software stack, which is needed to enable applications to take advantage of Microsoft’s quantum computing.

The Majorana 1 device can be held in the palm of a hand, and fits neatly into a quantum computer that can be easily deployed inside Azure datacentres. “The way the system that we are constructing works is you have the quantum accelerator,” said Microsoft vice-president Zulfi Alam. “You have a classical machine that works with it and controls it. And then you have the application that essentially goes between classical and quantum depending on which problem it’s trying to solve.”

Once the computations are completed, the results are re-synthesised on the classical computational machine, where it’s surfaced as an answer to the problem.

The researchers at Microsoft are confident the approach they have taken with Majorana 1 will be able to scale, which is something that has so-far hindered the progress of quantum computing, due to the error-prone nature of scaling logical qubits. Microsoft’s topological qubit architecture uses aluminum nanowires joined together in an “H” shape. Each H has four controllable Majoranas that are combined onto one qubit. The Hs can also be connected across the chip.

“It’s complex in that we had to show a new state of matter to get there, but after that, it’s fairly simple,” said Svore. “It tiles out. You have this much simpler architecture that promises a much faster path to scale.”

Source

Posted on by

Public cloud: Data sovereignty and data security in the UK

The UK government’s decision to designate datacentres as critical national infrastructure (CNI) in September 2024 signalled its ambition to build a digital economy that is secure and globally competitive.

But behind the headlines about protecting against cyber crime and IT blackouts lies a more complicated reality – a sector grappling with policy uncertainty, reliance on foreign cloud giants and a data sovereignty agenda that looks increasingly compromised.

In a blog post, Forrester principal analyst Tracy Woo wrote: “New sovereignty requirements such as SecNumCloud, Cloud de Confiance from France, and the Cloud Computing Compliance Controls Catalog (C5) from Germany, along with the push to keep data in-country, have created a broader push for private and sovereign clouds.”

But the promise of “protected infrastructure” rings hollow when hyperscalers openly admit they cannot guarantee that UK government data stored in cloud services such as Microsoft 365 and Azure will remain within national borders.

Woo points out that countries in the European Union (EU) and Asia-Pacific (APAC) have been attempting to more heavily leverage non-US-based cloud providers, create sovereign clouds, or leave workloads on-premise.

In the UK, regulatory scrutiny is exposing the fragile state of the UK’s digital independence. Looking at the UK’s approach to data sovereignty, law firm Kennedys Law describes the Data Use and Access (DUA) Bill, which was published in October 2024, as “a more flexible risk-based approach for international data transfers”.

Kennedys notes that the new test requires that the data protection standards in the destination jurisdiction must not be materially lower than those in the UK. According to Kennedys, this standard is less rigid than the EU’s “essential equivalence” requirement but raises questions about how “materially lower” will be interpreted in practice.

Understandably, with the government’s reliance on cloud-based productivity tools, concerns about compliance with UK data protection laws have intensified.

The Competition and Markets Authority (CMA) is now investigating cloud market practices that could lock customers into foreign providers. A provisional report is expected in early 2025, setting the stage for potential regulatory reforms aimed at boosting data sovereignty and curbing monopolistic practices.

Reshaping data sovereignty

This is not before time for Mark Boost, CEO of Civo, a UK-based cloud hosting specialist. “The inability to ensure data remains within UK borders underscores the risks of depending on hyperscalers,” warns Boost. “If we keep outsourcing critical data infrastructure, we risk losing more than just technical control, we lose national independence.”

The CMA’s review could reshape the country’s digital future, potentially mandating greater transparency and requiring UK data storage guarantees from global cloud providers. This is something Boost has been talking about for some time.

“Transparency isn’t just about where data is stored, it’s about how datacentres are powered, maintained and secured,” he says. His argument highlights the essential connection between data sovereignty and operational clarity, urging providers to adopt clearer accountability measures.

The inability to ensure data remains within UK borders underscores the risks of depending on hyperscalers. If we keep outsourcing critical data infrastructure, we risk losing more than just technical control, we lose national independence Mark Boost, Civo

Despite these challenges around transparency, the UK datacentre industry has seen promising signs, particularly in regional investment. The government’s recent announcement of a £250m datacentre project in Salford showcases how local government cooperation and targeted investment can drive growth. But such projects remain exceptions rather than the rule.

Luisa Cardani, head of datacentres at TechUK and author of the report Foundations for the future: How datacentres can supercharge UK economic growth, warns that without a national policy statement (NPS), the datacentre sector risks becoming fragmented. Local planning authorities lack the expertise and resources to approve projects efficiently, creating bottlenecks that could delay critical infrastructure developments for years.

“The industry wants to work with local people and authorities, but clear national planning guidance is missing,” says Cardani. “Without a coherent strategy, we’re stuck in a cycle of fragmented decisions and regulatory inertia.”

The proposed inclusion of datacentres under the nationally significant infrastructure projects (NSIP) regime could streamline the approval process, ensuring faster decision-making. However, this remains, for the moment at least, more of an aspiration. In reality, investment will remain stalled until the UK develops a coherent, national approach that balances public and private interests while streamlining the project approval process.

Data sovereignty and security requirements are fundamental to this, and to a large extent it will be market forces that determine the shape and size of the UK’s datacentre industry. On this front, Alvin Nguyen, senior analyst at Forrester, says businesses must recognise the different risk profiles posed by local and hyperscaler-operated datacentres.

“It should be expected that hyperscalers will have more bandwidth, more scalability and more redundancy than their more localised counterparts, but having datacentres classified as critical to the UK’s infrastructure may help with mitigating some, but not all, security risks,” he says.

Complexity of keeping data within national borders

Nguyen also questions whether data sovereignty debates might be over-simplified in some cases.

“With data security, it comes down to what the organisation’s requirements are to determine whether or not to go to a hyperscaler or a local datacentre,” he says. “With sovereignty, that is a bit different. If there are components to the sovereignty laws to restrict access or use of data outside of the local datacentres, hyperscalers will need to ensure that guardrails are in place.”

Nguyen’s comments underscore the complexity of managing sensitive data across hybrid environments. Rather than focusing solely on whether to choose a local or global provider, businesses should consider managing workloads across hybrid cloud environments more strategically.

“Many organisations will find a mix of cloud and datacentres makes the most sense … the risk profile of each is different and that blend of risk when combining cloud and datacentres can be made to be optimised for them,” he says.

The security risks associated with data sovereignty are multifaceted, extending far beyond simple data storage concerns. For businesses in regulated sectors, particularly financial services, the stakes are immense.

When on-premise is the only option

Jon Cosson, head of IT and chief information security officer at wealth management firm JM Finn, underscores the potential dangers when businesses assume that using a large cloud provider automatically guarantees security.

“It’s absolutely imperative you know where your data is and how to secure it,” he warns. “You would not believe how many businesses still just rely on somebody else.”

The issue is compounded by the jurisdictional complexity of global cloud services. When sensitive data crosses borders, it may fall under multiple regulatory regimes, raising questions about legal access and government overreach. This concern has been amplified by legislation such as the US Cloud Act.

In 2019, the then home secretary, Priti Patel, signed a US Cloud Act Agreement covering the UK and Northern Ireland, in which the US and UK governments agreed to provide timely access to electronic data for authorised law enforcement purposes. The Cloud Act could compel US-based hyperscalers to provide foreign-stored data to US authorities, bypassing local laws.

“I want to know exactly where my data goes, how it’s encrypted and how quickly I can get out if needed,” says Cosson, reflecting a broader industry concern that opaque data paths and limited contractual assurances can expose businesses to significant compliance risks.

“We use the cloud when we have to, but still run key systems on-premise for control,” adds Cosson. This approach is typical of companies handling sensitive financial data. There is a lack of trust with organisations not prepared to take promises of “secure cloud storage” at face value.

While Cosson acknowledges that cloud adoption is inevitable for some services, such as Microsoft 365, he underscores the enduring role of on-premise infrastructure for businesses that require absolute control over sensitive data. This, of course, raises an additional problem of how to manage hybrid data environments securely and efficiently.

According to Cosson, companies like Nutanix play a critical role here, enabling organisations to manage workloads across cloud and on-premise environments while maintaining data control. Nutanix’s infrastructure services are designed to address sovereignty concerns, he says, by ensuring businesses have clear data management policies and remain compliant with local regulations.

We need coordinated efforts between government, industry and local authorities to build a resilient datacentre ecosystem. This means shared responsibility, clearer policy frameworks, and incentives for both hyperscalers and UK-based providers Luisa Cardani, TechUK

“The next five years will be decisive,” says Civo’s Boost. “If transparency becomes a legal requirement, we’ll see businesses demanding more from providers, not just about where data resides, but also how infrastructure is managed and powered.”

TechUK’s Cardani believes public-private partnerships will play a crucial role here. “We need coordinated efforts between government, industry and local authorities to build a resilient datacentre ecosystem,” she says. “This means shared responsibility, clearer policy frameworks, and incentives for both hyperscalers and UK-based providers.”

Boost and Cardani each agree that the balance of power between hyperscalers and local operators may shift, particularly if future policies mandate data localisation or prohibit cross-border data transfers without explicit guarantees. Sovereignty-by-design, where infrastructure is built to meet local compliance from the start, could become the new standard.

Adhering to current standards

Until that point, organisations need to work out how they can meet existing standards. Cardani argues that adherence to standards must be supported by national policies that enable transparent reporting and clear accountability structures.

In practice, this means enforcing mandatory audits, data residency certifications and security benchmarks tailored to UK-specific legal frameworks. Without these measures, businesses risk falling into compliance gaps that could expose them to data breaches, fines and legal disputes.

Frameworks such as ISO 27001 for information security management, General Data Protection Regulation (GDPR) for data privacy and Payment Card Industry Data Security Standard (PCI DSS) for payment security set clear operational expectations. Yet these standards are only part of the equation, as evolving regulations increasingly emphasise data sovereignty and security-by-design.

Ensuring that datacentres comply with such frameworks while offering sovereignty guarantees has become a pressing challenge. Hyperscalers operating across multiple jurisdictions complicate audits and compliance checks due to varying legal obligations and data transfer rules.

The introduction of the CMA’s investigation is urgently needed, if only to provide some clarity around what, for most buyers, has become a confusing subject.

For IT leaders, the critical takeaway is that responsibility cannot be outsourced. Security, compliance and sovereignty must be actively managed through risk assessments, compliance audits and multi-supplier strategies.

And as the UK’s digital infrastructure evolves, only businesses that stay ahead of regulation and demand transparency from their providers will be able to navigate the uncertainties.

On that score, the UK’s datacentre industry stands at a crossroads – but with policy clarity, local investment and industry transparency, it has the potential to become a global digital leader in this space.

It’s about trust and everyone playing by the same, fair rules, but from a UK perspective it is also about protecting that most valuable national asset – data.

At JM Finn’s Cosson puts it: “Data sovereignty is not a buzzword, it’s survival.”

Source

Posted on by

Datafy promises to slash massive EBS overprovisioning costs

AWS EBS – Elastic Block Storage – customers usually massively over-provision cloud storage capacity and pay way more than they should. Capacity utilisation on EBS is between 10% and 30%, according to Datafy, a startup that claims it can slash AWS customers’ EBS bills by adding greater granularity to their cloud block storage deployments.

According to Gurdip Kalley, head of business development at Datafy, the core issue with AWS EBS is that it is effectively a form of direct-attached storage (DAS) but in the cloud, and that differs from other AWS block storage such as FSX which can be one-to-many. And so, because of this, customer devops engineers invariably over-provision capacity because it’s very difficult to predict usage, especially in Kubernetes deployments.

“EBS is elastic, but it’s not that elastic,” said Kalley. “So, customers pay up front for capacity, just like you do for mobile phone storage and you pay whether you use it or not.”

According to Kalley, EBS eclipses all other AWS cloud storage services in terms of revenue, with a Datafy-estimated $10bn of income. “It’s popular because it’s the easiest way to lift-and-shift storage for EC2 and EKS applications,” he said.

But there’s a problem in terms of scaling. To scale up is easy, said Kalley, but to scale down is far less so. What you have to do is to create a new, smaller volume, move the data, then break all connections with the application and the old volume and connect to the new volume, he said, adding: “Customers have said it’s basically a migration, and they’ll do this once or twice, but not after that.”

What Datafy does is deploy an agent in all instances of customer AWS compute. Here, it determines the size of volumes and replaces single larger volumes with a number of smaller ones.

This is where Datafy’s smarts reside – in its virtualisation of many volumes to make them appear as one, and so allow easier scaling as multiple volumes are added and subtracted to right-size capacity.

Kalley said there are no “non-AWS concepts” introduced to the running of Datafy agents and supra-agent intelligence. “Customer data is copied from the original volume to the Datafy volume [actually volumes, in the plural],” he said. “Now, the original can be deleted and the customer will now save money. We can grow capacity in real time as needed, with shrinking taking place to ensure the least possible disruption.”

Pricing is based on capacity managed and comes in at 20% of AWS capacity managed. If that seems a steep percentage, it’s because Datafy is confident the customer will pay a lot less than it did for over-provisioned AWS EBS storage.

For example, if you were spending $100 per month and now spend $40 per month – which assumes a previous utilisation rate of 40% – the cost of Datafy would be 20% of the latter figure and a total of $48. And you only pay if you make savings.

Datafy is available on the AWS marketplace, starting in Q1 2025.

Later in 2025, Datafy will expand its capabilities to Azure and Google Coud Platform block storage.

Source

Posted on by

Has Pure got the first of its ‘HDD is doomed’ ducks in a row?

Pure Storage thinks things are slotting into place for its predicted imminent demise of enterprise spinning disk.

In December 2024, it announced an unnamed hyperscaler had inked an agreement to take Pure’s DirectFlash Modules (DFMs) as components for storage infrastructure.

Meanwhile, Pure Storage now counts Nand flash makers Micron and Kioxia as supply chain partners.

The Micron partnership was announced earlier this month, with Pure making plans to take quantities of Micron’s gen 9 QLC Nand memory.

Last month, Pure and Kioxia announced the latter would supply QLC flash for DFM modules to supply to hyperscaler customers.

Here, Pure Storage is setting itself up as a provider of hyperscaler systems or components in a ground-breaking move for an enterprise storage array maker.

The wider significance is that because hyperscalers are such huge buyers of hard drives, a switch to all-flash would make a big dent in spinning disk manufacturing volumes, and that could spell the hard disk drive’s (HDD’s) death knell. 

Selling to hyperscalers: The nails in HDD’s coffin?

In June 2024, Pure announced it had been working to adapt its DFM technology to the needs of hyperscaler environments. DFMs are not ordinary SSDs, like those sold by the big drive makers. Because Pure controls DFM design and manufacture, and because they also design and build controller systems, data management functionality can be distributed across drive and array systems.

According to Pure, that brings efficiencies in use of cache and data placement that in part can make for better longevity in QLC-based flash.

It also means less energy used, more rapid input/output (I/O) and savings on space that allow for more Nand to be installed. That amounts to a claimed capacity multiplier of around 2.5x compared with what’s possible from commodity SSD-equipped arrays. For hyperscalers that buy massive quantities of drive capacity, these advantages are significant.

Pure Storage said one hyperscaler has sung the praises of its DFMs after deploying a proof-of-concept.

For Pure Storage, the challenge will be scale in the supply chain. Amazon Web Services (AWS), Azure, GCP and Meta buy about 43% of global server production. And they only buy white box hardware that they customise themselves. That market is one hitherto effectively barred to enterprise storage makers because their products are not specialised to it.

So, according to their strategy, Pure Storage will sell their DFMs as components that will work with the hyperscalers’ own storage. Officially, it’s not known which hyperscaler Pure has struck a deal with, but it is known that GCP and Meta, at least, have driven the adoption of the software data placement technique, flexible data placement.

SSDs with 10x more capacity than HDD

Until now, hyperscalers have preferred to use spinning disk HDDs to drive their storage services largely because they have been cheaper. But they are also slower. And, with the advent of artificial intelligence (AI), the need for more rapid access to colder data has arisen – such as in backups and data lakes – and so the big hosting companies have started to look at SSD.

However, so far, SSD had lacked the capacity to be profitably deployed. Now, the latest generations of QLC flash from Micron and Kioxia allow Pure to make DFMs that provide 150TB, which will soon reach 300TB, the equivalent of 10 HDDs.

Kioxia’s latest generation of Nand flash, unveiled late last year, uses charge trap (CT) cells to create smaller SSDs with higher density and while using less energy. Meanwhile, Kioxia also released test results that showed writes with flexible data placement (using NoSQL database RocksDB) that gave read speed 1.8x faster and Nand cell lifespan increased by 3x.

Micron is already a supplier to Pure Storage of Nand in its DFMs. It hasn’t shared much detail about its next generation of SSD, but what is known is that its Nand circuits will give 19% more capacity than the current one.

In December 2024, Pure Storage announced quarterly revenue of $831m, 9% up year-on-year. That puts it behind Dell, which generated revenue of $4bn in the past quarter (up 4% year-on-year); also behind NetApp, which took $1.66bn in the same period (up 6% year-on-year), and almost certainly behind HPE, which doesn’t disclose the share taken by storage in its quarterly revenue of $8.5bn.

Is it the beginning of the end for HDD?

Will Pure’s partnership to supply its high-capacity flash modules to a hyperscaler customer be the first set of nails in the coffin of spinning disk hard drives?

Pure Storage chief technology officer Rob Lee said last week at a press event in Prague that the company’s first hyperscaler design win will be “transformative”, and that a switch to flash by the hyperscalers could lead to collapse in the HDD market.

The deal he’s talking about was announced in December, and will see Pure supply its DFM SSD modules – which will offer up to 300TB capacity by 2026 – to an unnamed hyperscaler.

“We won’t be supplying arrays,” said Lee. “They want the benefits of direct flash but don’t need the other data services. We’re co-engineering with the hyperscaler to integrate with their custom system.

“They were all ready to build something like DFM, but then thought, ‘Why build it ourselves? Let’s just integrate [Pure’s flash modules]’.”

He said the move on the part of the hyperscalers is driven by data growth and the needs of AI, in particular the requirement to access large and relatively dormant stores of data.

Lee added that there is something like 100,000 exabytes of HDD produced quarterly, with hyperscalers taking “60% or 70%”. That, in turn, would take such a chunk out of the volume of HDD manufacturing as to make it much less viable.

Source

Posted on by

Microsoft just added DeepSeek R1 to Azure AI Foundry and GitHub

When it comes to artificial intelligence, Microsoft refuses to be left behind. On Wednesday, the Redmond company announced that the R1 model from DeepSeek is now available on Azure AI Foundry and GitHub. This surprisingly sudden move comes despite the fact that OpenAI claims DeepSeek built AI models using its data without permission.

“As part of Azure AI Foundry, DeepSeek R1 is accessible on a trusted, scalable, and enterprise-ready platform, enabling businesses to seamlessly integrate advanced AI while meeting SLAs, security, and responsible AI commitments—all backed by Microsoft’s reliability and innovation,” Microsoft CVP Asha Sharma said in a blog post.

Sharma also repeated DeepSeek’s pitch for R1, explaining that its power and low cost will give more users access to state-of-the-art AI without heavy investment.

Of course, Microsoft understands the concerns raised about DeepSeek during its rapid rise to prominence in recent weeks, including the sheer amount of data the Chinese company collects. According to Microsoft, the model “has undergone rigorous red teaming and safety evaluations, including automated assessments of model behavior and extensive security reviews to mitigate potential risks.” Plus, Azure AI has tools like content filtering and the ability to test applications before deployment to protect developers and end users.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

If you want to test out DeepSeek R1 through Azure AI Foundry, you will need an Azure account. Once you’re signed in, search for “DeepSeek R1” in the model catalog. After opening the model card, click “Deploy” to obtain the inference API, the key, and access to the playground. You can try out your prompts in the playground to try out R1.

You can also “explore additional resources and step-by-step guides to integrate DeepSeek R1 seamlessly into your applications” on GitHub. Microsoft says Copilot+ PC owners will soon be able to run distilled versions of DeepSeek R1 locally as well.

Source

Posted on by

Are you on the naughty or nice list for responsible AI adoption?

Over the past year, artificial intelligence (AI) has proved its worth as a long-term investment for businesses. It brings a range of perfectly wrapped presents to the table, making a significant impact on productivity, efficiency, and automation across business functions. With almost 40% of companies worldwide already using AI in some form, it’s undeniable that it has the capability to revolutionise business operations.

For example, Santa’s workshop would benefit from AI adoption in automation of its supply chain orders, faster and more accurate analysis of wish list data, and tracking of items that have made it into his sleigh.

To ensure he makes the most of AI’s benefits, Santa will have brought it on board with ethical guidelines and responsible practices in mind. But have you? Whether you’ve already adopted and want to make sure you’re using AI responsibly, or you’re yet to adopt and are looking to integrate ethical standards into your plan – time’s running out to get onto Santa’s nice list before Christmas.

Getting into the good books with responsible adoption

Adopting AI responsibly isn’t just about avoiding risks, it’s also a way of setting the stage for sustainable growth, efficiency, and innovation. If you jump on the AI bandwagon without building a solid foundation and outlining a clear strategy, a myriad of risks can await your business. Data breaches, ethical challenges, and financial losses are all risks businesses face if they ignore the importance of responsible adoption.

The most effective way of adopting AI to mitigate these risks is a responsible one, and it’s not as easy as plugging in your Christmas lights. Smart and strategic choices are the key to protecting business data and aligning AI initiatives with business goals.

Santa’s top tips for adopting responsibly

Like writing a Christmas shopping list, AI adoption can be too daunting to start for lots of businesses. With so much information out there, where are you meant to start?

The key is pushing fear to the side and making any type of start, even if it’s small. Those who start now and invest in AI will stay ahead of the curve. But like Rudolph and his crew, the AI gap is real, and businesses who don’t get on board now will be left behind. So, what do you need to consider to adopt AI responsibly?

  • Make sure your data shines like a bauble

Squeaky clean data is crucial to getting reliable insights from AI. Getting AI ready means prepping business operations for AI systems to easily slot in, so business data needs to be accurate, void of bias, and ready for action.

The same way you wouldn’t send Santa a disorganised wish list, you wouldn’t give AI messy data. Making sure data is up to date, without errors or duplicates, is critical to ensuring your AI delivers real value. This comes hand-in-hand with assessing your internal resources, and making sure your infrastructure can handle the scale and power of AI demands. More flexible Cloud platforms like AWS, Google Cloud, and Azure can help business scale AI cost-effectively.

  • Embrace elf-level organisation

Training is a key part of onboarding AI. Do you think Santa’s elves are expected to wrap presents without being trained first? Preparation for AI use is essential to allowing your employees to understand its benefits and using it effectively.

As it affects every team in the business, not just the IT department, the entire workforce needs to be prepped for AI adoption. Whilst this can seem like a costly task, investing in your people is how AI will create valuable results. Change management is a key component to preparing workforces for the changes you need to adopt AI. Fostering a culture of readiness and continuous compliance is key to ensuring it becomes an asset.

Knowing your business objectives and making sure your AI strategy aligns with and contributes to them is key to maximising its capabilities. Whether improving customer experiences, automating repetitive tasks, or personalising services is your business goal, use AI to drive that strategy.

Prioritising AI applications that solve real problems as well as boosting productivity is key to boosting business growth. Do you need help with recommending products to your customers to increase sales? This is a tangible problem AI can solve for you. Like following a gingerbread recipe, baking a strategic AI plan will produce the best goods.

Santa’s secret weapon – Responsible AI

Long-term success is the outcome of adopting AI through responsible practices and with ethical guidelines in mind. High-quality data aligned business goals, and a prepped workforce are the key to thriving rather than falling behind.

If Santa’s already on board, why aren’t you? After all, it’s how he gets his presents from the North Pole to under your tree.

Get onto the nice list this Christmas – start small, think big, and stay responsible.

Kyle Hill is chief technology officer at ANS, a digital transformation provider and Microsoft’s UK Services Partner of the Year 2024. Headquartered in Manchester, it offers public and private cloud, security, business applications, low code, and data services to thousands of customers, from enterprise to SMB and public sector organisations.

Source