News

News

Pulse Flash Read: Lessons from the Google lawsuit

You’ve probably seen that
Google is getting sued by the DOJ for monopolizing and violating antitrust laws. 2020 is bad for all of us, but Alphabet, Google’s all-seeing umbrella corporation, started the year by pulling out of its flagship city-of-the-future utopia SideWalk Toronto, and will end it dealing with a lawsuit. Life must be tough at the top. The main reason behind the lawsuit is the fact that Google has been paying Apple billions to be the default browser presented to Apple users. Google doesn’t deny this—in a blog post, Kent Walker, SVP of Global Affairs at Google, states that it’s standard business practice:  “Yes, like countless other businesses, we pay to promote our services, just like a cereal brand might pay a supermarket to stock its products at the end of a row or on a shelf at eye level. For digital services, when you first buy a device, it has a kind of home screen “eye level shelf.” The whole blog post reads more like a resources page on Google Devs, only with added sass, complete with demonstrations of how simple it is to switch to different search engines if users so choose, along with some scary stuff thrown in about ‘phone prices would be higher if we didn’t give Apple all these dollars yadder yadder yadder.’ But hang on a second—hasn’t Apple been making a big deal about it’s privacy-first approach? Taking billions of dollars that have come via Google’s MO of selling private user data feels a little like politicians taking money from the mob for prime construction contracts. Sure, they didn’t whack anyone for the money but they’ll happily benefit from the ones who did. While Google probably does have a case for this being standard business practice, this feels more like a warning about big tech than an excuse. Because this isn’t cereal in a supermarket—this is software that guides choices everyday, for individuals and enterprises. That has society-level impacts. Tech has been thrust onto the front pages throughout the pandemic, which has come with increased public scrutiny. Cities around the globe are developing digital strategies to get a handle on the tech landscape of their jurisdiction, and to better educate the civilians whose lives are being changed by the tech companies operating within those cities. It feels like we’re moving inexorably towards the big ‘R ’— Regulation. With Regulation on the horizon, it seems like the time has come to read the room and rethink those standard practices. Because when the public becomes aware of these goings on and all they hear back is, “Well everyone’s doing it!” it doesn’t ring like reassurance.  Does the C-suite, particularly the lesser-mentioned CCO (Chief Compliance Officer), function mostly to put out fires whenever new rules get laid down across different jurisdictions? Ensure arguments are watertight when the next lawsuit comes up? Have the right PR firm in place to ghostwrite the blog post response? Or can the CXO roles function to hold up a mirror to the organization and ask is this how we should do this?  If the roadmap to regulation is a proactive process, a company is able to place that front and center of their messaging. Think of the headaches GDPR in the EU caused across the board for global businesses. Adopting a long-term strategy that anticipates aspects of the business that could be targeted by regulation might put an organization in a highly marketable position when the time comes: we didn’t just say ‘But that’s how it’s done!’ We asked, ‘What’s a better way to do this?’

Has the lawsuit made you think about your organization’s practices? Or do you think Google will come away looking more bulletproof than ever?

Top Answer :

10 views
0 comments
3 upvotes
Related Tags

WhatsApp: skepticism of remote communication tools is healthy

Every day, as a remote, distributed workforce, employees are busy firing off communications between themselves, customers, other businesses, and the board…  Communications are the nodes that move plans into actions, ideas into growth, leads into customers. Digital communications, simple and reliable as they are, turn our communications into pockets of permanence. This essential nature of communications makes them a direct target for attack—every time information is communicated, it becomes a potential vulnerability; a record to be accessed. Consider Slack channels, for example. While Slack channels may feel like behind-closed-doors conversations, they’re actually a record of that conversation. It’s like having every room in the office mic'd up and set to tape—there’s a record of it somewhere, even if Slack’s cloud is (hopefully) harder to access than a pile of tape behind a locked door. Permanence. In Slack, companies can, however, set file-retention policies that expire after a set amount of time to solve for this. Do all corporate communications tools have such policies? More pertinently, what’s the actual privacy policy of each of those tools? And so we come to
WhatsApp’s terrible new year. A poorly communicated update (ostensibly designed to enable better communications channels for B2C interactions) has caused mass introspection amongst users about how their metadata is handled by WhatsApp (or more accurately, how their metadata might be shared with Facebook, which owns WhatsApp). Many users have decided they no longer trust WhatsApp to maintain their privacy, and have sought  what they perceive as more trustworthy alternatives. Signal and Telegram have reported a massive uptick in active users in the past couple weeks—so much in Signal’s case that it temporarily went down under the weight of all the new users. WhatsApp has since paused the update and scrambled to fix the damage, but convincing the public to reinterpret the subtleties of their privacy policy might be a lost cause.  Given that it’s the CSO/CISO’s job to inspect third-party privacy policies, is the business world undergoing a similar introspection about their communications tools? According to research conducted by Pulse, most IT executives aren’t using encrypted messaging to communicate confidential information. When asked, “What tool(s) do you use to communicate confidential information?” the highest response by far was email (42%), with relatively few mentions of encrypted email services (such as ProtonMail) (11%) or encrypted messaging apps (6%). That sound you can hear right now? That’s the collective shudder of CISOs around the world. CISOs have a fight on their hands: to convince the business of the necessity of secure communications. It’s a fight on multiple fronts, as CISOs must also scrutinize vendors’ security protocols. The pressure can yield results—Zoom has made great strides to address security concerns raised by businesses and consumers (here’s a regularly updated history of Zoom security flaws and fixes).  Remote work was forced upon many of us. We’ve all had to adapt and learn new tools. And the onus is on each of us to understand the tools we use—whether that be for the sake of our business or our own privacy. Ultimately, when it comes to cybersecurity, communication isn’t just about what you say, it’s also about the medium in which you say it. The medium we choose is up to us.

Are you concerned about the security of your business communications?

Top Answer : Not much, we avoid using unsanctioned channels and keep a rather conservative approach (email)

12 views
1 comments
1 upvotes
Related Tags
Tis the season to audit the software supply chain Pulse Flash Read We were supposed to be winding down for the holidays. Then again, maybe we suspected that 2020 had one last gut-punch for us. Thanks, ‘SUNBURST’. ‘SUNBURST’ is what FireEye is calling the recent cybersecurity attack that has government agencies scrambling, carried out by an unidentified agent FireEye refers to as ‘UNC2452’. FireEye, with barely contained awe, have described what they’ve uncovered as “...some of the best operational security that FireEye has observed in a cyber attack, focusing on evasion and leveraging inherent trust.” Read the full blog post here, and find FireEye’s GitHub repository on detection and neutralization here. FireEye’s transparency and urgency in sharing what they’d discovered has earned plaudits in the cybersecurity community. FireEye was the first company to detect a compromise in their own system. Once they’d identified the source as a SolarWinds software update, it became clear that this was a big one. Why? Because that same SolarWinds software update went out to hundreds of thousands of customers—including many top US federal agencies.  It’s a nefarious, evil-genius level attack. While gaining access through a classic Trojan Horse approach, the attackers were subtle, sitting within the tech stack and taking their time to learn what credentials were needed to access critical information. Once they’d identified targets and how to access them, they struck, using only the operations that enabled access to function in the first place. It’s ‘the butler did it’, except that the butler was possessed.  FireEye has characterized this attack as a problem in the Software Supply Chain (SSC). I’ve written about this problem previously with regards to open source software, but SaaS sprawl is turning this into a bigger issue. SolarWinds provides broad IT management software—the perfect tools for discovering access credentials. IT has to match its security and risk management in line with every new vendor that makes up that SaaS ecosystem—is each vendor doing everything they can to detect and treat vulnerabilities? Do you trust that new update? (Speaking of which, SolarWinds is urging customers to install their latest, presumably safe, update for the compromised Orion Platform software.) In some ways, Christmas has come early for cybersecurity SaaS. Vendors are filling blog posts with all the ‘lessons learned’ which, strangely enough, are usually resolved by purchasing that vendor's particular threat detection tools. Paranoia pays, especially when that paranoia is justified. What will this mean for cybersecurity in 2021? Will zero-trust finally rise to prominence? Do we need more AI/ML tools to detect those subtle differences in malicious behaviors that mimic normal protocols? One of the scarier aspects of the FireEye hack is that penetration test tools were stolen. If the enemy knows how we fight it, innovation may be key. As details of the attack continue to accumulate like all those holiday chocolates, one thing’s for sure: this won’t be the last we hear of the SolarWinds breach this season. How are you responding to the SolarWinds hack? What does the future of cybersecurity look like to you?

Top Answer : I would say testing Updates on honeypot environment before implementing it. on longer periods.

49 views
2 comments
1 upvotes
Related Tags
When the research isn’t what you want to hear Pulse Flash Read If you don’t like the findings of your research team, what do you do? Now, it seems, we know what Google does, as evidence mounts that it ousted lead ethical AI researcher Timnit Gebru (according to Google, Gebru ‘resigned’, though Gebru’s colleagues have now publicly disputed this). Gebru’s departure centers around a research paper she co-authored. Google was not happy about the contents of that paper and asked Gebru and other researchers to retract their co-authorship of the paper (a summary of the paper has been published by MIT Technology Review). If you follow AI ethics research, you’ll be familiar with Gebru. She co-authored a paper a few years back with Joy Buolamwini; a paper that detailed findings of racial bias embedded within the data that powers facial recognition software. The paper laid the groundwork for the likes of IBM and Microsoft to eventually pause their facial recognition technology research. You would presume that by hiring a prominent AI ethicist in Gebru, who also co-founded Black in AI, Google was signalling an intent to pursue AI research that was cognizant of the ethical problems that have arisen, to ensure that its technology would not be built on similarly biased practices. Until, that is, Gebru wouldn’t stop questioning the research once she was on the payroll. It should be noted this is the second renowned AI ethics researcher to publicly find their position at Google untenable two years running, following Meredith Whittaker’s exit in 2019. We can’t be sure of the situation from the outside, but if there’s any gray area over whether an employee has been fired or not, a company probably needs to take a close look at its HR guidelines and labor laws. This has been a mess whatever the outcome. While we await further details, there are some serious questions for Google, and indeed, the wider B2B world. How often are researchers and technical teams being told to whitewash ethical or other concerns? IT leaders have told Pulse of the pressure that exists to , so what else goes on behind closed doors? Perhaps more external auditing or regulation is the solution here.   As the SaaS model becomes the norm for businesses, are we questioning the story of the data, methods or practices of business partners? These are questions that don’t just impact our work lives but also hit us on a human level. Google employees have already spoken out against the actions taken against Gebru, just as Facebook employees have spoken out against its practices in the past. Are there systems in place that allow employees to express concerns about partners? More importantly, are employees able to comfortably express ethical concerns in-house? While humans are still in charge of creating, maintaining and deciding how we use new technologies, we should keep questioning our own practices, and be open to research that warns against certain business practices. Even if the answers aren’t what the business wants to hear. What do you think of the situation? Have you experienced businesses ignoring ethical concerns?

Top Answer : A great question and one in some cases with easy answers and not so easy ones to determine what is right and what is wrong.  In the book through the moral maze.  Robert Kane says " the first of many confusions that people have about ethics concerns the value of thinking about it.  Ethical argument is not primarily directed at those who are bent on doing evil.  It is directed in the first instance not at bad people, but at good people whose convictions are being drained by intellectual and moral confusions".

26 views
1 comments
1 upvotes
Related Tags
Who is your favorite CEO, Founder, leader - in enterprise IT?

Top Answer : A few "other" respondents so far - but no comments - my mistake for not including the "king of cloud market share" Andy Jassy at AWS... upvote if he's your favorite.

Salesforce buys Slack: what’s the end game?  Pulse Flash Read “Personally, I believe this is the most strategic combination in the history of software.” So said Stewart Butterfield, Slack CEO, upon the news that Salesforce had acquired Slack for $27.7 billion.  That’s a bold claim, but as far as enterprise software goes, the acquisition of the channel-based messaging app has certainly shaken things up. We all know why Salesforce has bought Slack: Microsoft Teams. Microsoft built Teams instead of acquiring Slack, and pushed it out for free to users of its Office cloud offerings. And it’s been pummeling Slack in terms of daily users—unsurprisingly given that many larger companies stay loyal to Microsoft. Salesforce has tried and failed (twice, first with Chatter and subsequently with the acquisition of Quip) to produce an effective collaborative communication tool like Slack or Teams. So, it bought one instead. Salesforce has its tool with a readymade user base and Slack gets the backing of a much bigger player in the fight against Teams. Anyway, you’ve read the analyses and likely have your own opinion about whether or not this was a worthwhile investment, as Salesforce looks to use Slack to move beyond CRM and sales into the rest of the organization. We want to instead speculate on what this means about the future of enterprise software: are we looking at a future of ~ 3 or 4 tech behemoths that basically all offer the same top-to-tail offering?  There’s a process in biology called convergent evolution, where certain features that resemble each other evolve through completely separate processes. The obvious example is flight: the wings of birds, bats and insects all look very different and are constructed in different ways, but ultimately, the same evolutionary pressures led to their current forms, and they serve the same purpose. The difference with software is, one company can look at what a competitor has evolved to do and simply buy its way into convergence. It’s a protobat looking at a bird and thinking, I’d like me some wings. And then gobbling up whatever the birds were eating... To stretch the nature metaphor, similar forms evolve without having to compete directly because there are so many different niches they adapt to. Having wings doesn’t mean that either bats or birds will survive at the expense of the other. They do their own thing. But these one-stop-shop tech companies? Time and experience will likely iron out any issues in their tech stacks, meaning that products will perform with minimal differences in performance. So, if vendors are offering a complete toolkit that offers the same tools that perform equally well, how do buyers choose? When different tools do the job equally well, the emphasis may fall on the people offering those tools. Or, in a precipitous sense, the personification of a set of brand values that all align along a successful go-to-market strategy and beyond. From the content that generates inbound leads to the sales rep you speak with, through the everyday usage of the product, those values can continue to resonate. There’s probably going to be some ‘positional’ choices being made, too, i.e. I’m choosing this product because it reflects how I feel about my position in the social/business world. Many larger, long-standing enterprises have used Microsoft for as long as anyone can remember and simply see no reason to change, as Microsoft itself adapts to the changing SaaS ecosystem. Salesforce, by taking on Slack, will be granted access to its startup and small businesses base—newer organizations that may be anti-Microsoft, owing to the ‘I’m a PC’ image that continues to linger. Perhaps a more pertinent question would be: is a one-stop-shop product even a good thing? Will IT find that every innovative startup SaaS they use is eventually gobbled up into the event horizon of these tech behemoths? In this scenario, vendor lock-in may already be a fait accompli; an end game years in the making that leaves the fate of business to the function of one SaaS that rules absolutely. If that’s the case, “the most strategic combination in the history of software” might not be too far off the mark. What are your thoughts on the Slack acquisition? How do you see the future of the ‘one-stop-shop’ playing out?

Top Answer : I think its strategic move but having a collaboration/messaging solution in their portfolio is probably only the first step.  So the real question is what would be next ?  what about documents, spreadsheets, slide decks.  Google has those with the gsuite, microsoft has had those for decades.

45 views
2 comments
4 upvotes
Related Tags
Microsoft just announced a 21% profit today (Oct 24) and credited it to their cloud offering. What are your thoughts? 

Top Answer : I thought Azure earnings fell short from last year ?

30 views
5 comments
1 upvotes
Related Tags

Pulse Flash Read: What will Slack’s new ‘instant audio’ feature bring to remote communications?

  When software solutions recreate the most annoying aspects of the physical processes they’ve digitally replaced, do we want to call that ‘progress’? Take your average Slack channel. How often do you watch with increasing anxiety as two colleagues back-and-forth over something (and not even in a thread, just line after line) only to decide to hop on a Zoom call to resolve the point 25 lines later? And if you’re one of the party, there’s then the process of creating the link, setting up your workspace, waiting to be let in the waiting room, troubleshooting screen share… The physical workplace equivalent would be two colleagues shouting back and forth across the floor for 15 minutes straight, then taking it to the conference room, setting up the projector, trying to connect the laptop… Same same but different. Slack, however, has realized this and in a daylight-grade lightbulb moment may have brought some progress to our digital workspaces. It’s the remote equivalent of: ‘can we just have a quick chat about this?’ Slack will introduce an
‘instant audio’ feature before 2021, letting users 'push-to-talk' without leaving the app. This feature will be added into channels, letting anyone who’s in that channel see what’s happening and dip into conversations if they want to contribute. It’s an attempt to capture the spontaneity of quick conversations when the need arises, rather than trying to schedule those moments in yet another Zoom meeting.  It’s worth pointing out that Slack already has a ‘call’ feature that nobody seems to use. The difference here though is 'instant audio' sounds genuinely intriguing enough for users to explore. That novelty, if it pays off, might quickly turn into habit if users feel better connected to colleagues and ultimately, the organization feels like the team is performing better because of it. Slack has realized a problem that it helped create and found a solution that might just actually make remote work more effective. You might even call it progress. 

Are you into 'instant audio' or is it just another feature you won't use?

Top Answer : Sounds quite disruptive to productivity and concentration to me

81 views
8 comments
5 upvotes
Related Tags