Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

This is your Cyber Saturday edition of Fortune’s tech newsletter for October 7, 2017.

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business—a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

—Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax. 

ONE MORE THING

The adventures of John Titor.  Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

AWS, Microsoft and Google take different paths to the cloud

SAN FRANCISCO — An outage at Amazon Web Services Tuesday rekindled the debate about whether it is wise to rely too heavily on one cloud service provider. Such snafus are rare for AWS so CIOs worry more about the potential for vendors to turn off their service without notice.

But CIOs who bet on multiple providers often invite challenges, including committing resources to work with each vendor, said Adrian Cockcroft, vice president of cloud architecture strategy for Amazon Web Services, at this week’s WSJ CIO Network conference, which included also appearances from executives running Microsoft and Google’s cloud businesses.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

AWS, Microsoft, and Google take different paths to the cloud

An outage at Amazon Web Services Tuesday rekindled the debate about whether it is wise to rely too heavily on one cloud service provider. Such snafus are rare for AWS so CIOs worry more about the potential for vendors to turn off their service without notice.

But CIOs who bet on multiple providers often invite challenges, including committing resources to work with each vendor, said Adrian Cockcroft, vice president of cloud architecture strategy for Amazon Web Services, at this week’s WSJ CIO Network conference, which included also appearances from executives running Microsoft and Google’s cloud businesses.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

IDG Contributor Network: 3 steps CIOs can take to lead more strategically in 2017

It’s time to rethink the CIO title. Are you responsible for keeping the trains running on time and the lights on, or are you providing the thought leadership and guidance within your own organization to maximize value and business agility?

Most C-level executives run the risk of doing the perp walk in handcuffs out of the office and ultimately wearing an orange jumpsuit if their subordinates break the rules or screw up – and while you serve a valuable function, this is not true for the CIO. 2017 needs to be the year where you go from “serving” to “leading.”

To earn your keep, you need to show both value and accountability at a minimum. A-grade CIOs identify opportunities to drive business growth – and A+ ones do it with fewer resources, not more.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

Leveraging Open Source Reference Architectures Allows You To Give And Take From Broader Expertise

Many standard storage server manufacturers have participated in the development of reference architectures, providing great insight into how to best deploy their servers for each of your company’s use cases.
InformationWeek: Cloud

AWS looks to take the drudge work out of data analysis

Amazon Web Services is looking to make it easier, and more efficient, for enterprises to analyze their data in the cloud.

“Eighty percent of what we call analytics is not analytics at all but just hard work,” said Werner Vogels, chief technology officer at Amazon.com, speaking during a keynote speech this morning at the AWS re:Invent cloud conference in Las Vegas.

Instead of digging down into a company’s data to find patterns and insights that will give an enterprise a competitive advantage, too much time is spent on indexing, storage, security, and making sure the right access is set up.

To help AWS cloud customers with that analysis workload, the company today unveiled AWS Glue .

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

How machine learning will take off in the cloud

A company that helps users to create their own websites now knows what kind of sites their 80 million users are building without pestering them with repeated questions.

Wix, a Tel Aviv-based web development company, is using machine learning on Google’s cloud platform to learn more about its users so it can help them find the images they need to build interesting and useful websites.

That’s just the beginning of how machine learning will be used in the cloud, according to industry analysts who say machine learning will be the biggest thing that’s ever hit the cloud.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

How machine learning will take off in the cloud

A company that helps users to create their own websites now knows what kind of sites their 80 million users are building without pestering them with repeated questions.

Wix, a Tel Aviv-based web development company, is using machine learning on Google’s cloud platform to learn more about its users so it can help them find the images they need to build interesting and useful websites.

That’s just the beginning of how machine learning will be used in the cloud, according to industry analysts who say machine learning will be the biggest thing that’s ever hit the cloud.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

Facebook search tools take aim at Twitter’s relationship with news

Facebook is updating its search tool to make it easier for users to find things that interest them among the 2 trillion items archived by the company’s index.

The update boasts personalized search suggestions, the ability to search through public posts in addition to those made by friends or family, and a new tool that allows people to view public conversations around news stories. That last item is by far the most interesting — and the one most likely to worry Twitter.

Twitter often bills itself as a forum for public conversations. Unless someone makes their entire account private, every 140-characters-or-fewer missive is indexed and can be found by anyone using the service’s search function. This makes it relatively easy to find and participate in active conversations — especially when used in conjunction with hashtags, Twitter’s defining mark. Facebook has basically just recreated one of the most useful parts of Twitter.

I doubt this will convince Twitter users to suddenly use Facebook as a home for their pithy, snarky-or-smarmy remarks about the day’s news. And that’s OK. Facebook has many times as many monthly active users as Twitter; and with more and more people using services like Instagram or Messenger, it’s already established itself as the social network of choice for more than a billion people. Now, it just has to make sure those people don’t have dalliances with other apps.

Put another way: Facebook has just removed another reason people might decide to sign up for Twitter instead of remaining content with its services. (Or, at the very least, given casual Twitter users one less reason to occasionally stray from Facebook.) The company has become a magician willing to pull anything — Snapchat clones, standalone messaging apps, improved search tools, etc. — from its hat to prevent its all-but-captive audience from checking out another exhibit.

The changes to Facebook’s search tool will likely seem weird to people who joined the network for the purpose of staying in touch with their real-life social circles. But if Twitter and other platforms (like Reddit) have shown us anything, it’s that many will also want to have conversations with interesting folks they’ve never met, and discuss topics that might not appeal to the people in their daily lives. It’s a very kumbaya-esque mission to connect people with random people who happen to share their interests as well as the people in their everyday lives.

Still, the changes are unlikely to make Twitter a ghost town. Twitter users have their cliques; they prize their follower counts; and probably value having a place where they can express an opinion without repercussion. One of the main things stopping people from having public conversations on Facebook’s platform is the “real name” policy that prevents users from hiding their identities. (Or in some cases embracing their true selves, trying to escape dangerous situations, or simply using whatever unique name their parents gave them.) Twitter and Reddit are both popular at least partly because they don’t have policies like that.

Then again, Facebook doesn’t have to win anyone’s heart or mind — it just has to hold its users’ attention tightly enough that it doesn’t wander. This improved search feature is just the latest beast it’s pulled from its hat to do just that.

Facebook search tools take aim at Twitter’s relationship with news originally published by Gigaom, © copyright 2015.

Continue reading…

Related research and analysis from Gigaom Research:
Subscriber content. Sign up for a free trial.

Cloud

Google’s Android Based Brillo Has the Potential to Take IoT Automation to Next Level

brillo1 300x155 Google’s Android Based Brillo Has the Potential to Take IoT Automation to Next LevelWith the acquisition of Nest last year, Google has demonstrated its interest in the field of smart home. At recently concluded Google I/O annual developer conference, the group of Mountain View celebrates a further step forward, talking openly about the Internet of Things.

Born Brillo, a project to connect any device used, not only smartphones, tablets, computers and smartwatch, but also those that are part of everyday life such as home appliances, cars, surveillance systems etc.

Brillo is the ecosystem through which Google intends to play a leading role in the IoT. It is a platform derived from Android, and reduced to essentials to be performed on devices with minimum system requirements, therefore, suitable to be fitted for example in lamps for smart intelligently manage the lighting system of the house. The strength of Brillo is the ability to recognize these devices in an entirely automatic way in smartphones and tablets, as well as simplify the configuration process, making it accessible even to beginners.

It will be able to connect devices of all kinds, through the use of sensors from the extremely low power consumption, enabling them to communicate with each other and enabling users to interact with it such as centralized refrigerators, equipment for monitoring of home, lighting and much more talking to each other.

In addition to home automation, Brillo is also designed for industrial use. Thus, a plant could, for example, use it to connect its sensors and manufacturing equipment.

Google’s another project Weave will be used as the cross-platform protocol, based on JSON (JavaScript Object Notation), through which developers can put in communication between their devices and objects compatible with Brillo, thereby taking advantage of the enormous potential of synchronization of cloud platforms and Mobile application versatility.

As regards the technical specifications, it seems that the software developed by Google can run on devices with a small quantity of RAM, even if only 32 or 64 MB. It supports Wi-Fi connectivity and Bluetooth low energy, does not require particularly powerful processors to run and the Thread protocol used by equipment designed by Nest, a Google property company specializing in intelligent thermal control systems.

Google Brillo IoT is based on a kernel that is derivative of the Android system; naturally it compact the bone to be unified with devices of very small size and devices not too capable on the hardware side. Given the market share of Android and the open source nature, Brillo has the potential to reach the same level as Android. The choice of keeping popular Android mobile OS caters especially to the simplification of procedures developed by device manufacturers.

One thing is sure – one linked to the Internet of Things is a new territory, but which have already staked their eyes for all big technology industries. Microsoft recently announced the arrival of a specially developed IoT version of the Window 10 operating system. Huawei has presented an IoT platform called LiteOS weighing just 10 kB and Samsung has already launched the chip design intended specifically for this sector.

The IoT will come soon in our lives every day without making too much noise with a number of interconnected devices that will grow dramatically in the coming years, and it is obvious that all the big names are getting ready to new market requirements.


CloudTimes

Downloading your LinkedIn contacts can now take all weekend

LinkedIn users now have to wait up to three days if they want a list of their contacts on the service.

Previously, the social networking site provided a way for users to instantly export their contacts. It was a useful feature for people looking to manage their contacts elsewhere. Under a change made Thursday, users now must make a request to download their account data. In a page describing the new process, LinkedIn says users will receive an email within 72 hours with a link to download the archive when it is ready.

A link to the instructions for the process appears in very small type on the LinkedIn export settings page. The change was reported earlier by VentureBeat.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing