Source Code: Your daily look at what matters in tech.

enterpriseenterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
People

Control issues: How Twitter is forcing companies to rethink security and access

For a few hours last week, Twitter lost control of its platform. While the outcome could have been much worse, it's a wake-up call for anyone managing information security and employee access to data.

An iPhone with the Twitter logo on the screen.

As more and more companies move critical applications to cloud services and use third-party enterprise software tools, modern identity management software has become a very important part of the tech department's toolkit.

Photo: Sara Kurfeß on Unsplash
Twitter's harrowing security incident last week is a good reminder that many companies need to reassess the internal controls governing access to their tools and data, because it's never been harder to stop the bad guys at the perimeter.

For administrators at a big, very visible company like Twitter, it's not if your network defenses will be penetrated; it's when. It took Twitter several hours to regain control of its systems Wednesday after a small group of hackers were able to obtain the login credentials of a Twitter staffer and commandeer its account tools.

Twitter's experience was an extreme one, and while we don't know exactly how much information was compromised, the outcome could have been much, much worse. But it's clear that steps taken to improve controls in the aftermath of two other high-profile incidents — a 2010 settlement with the Federal Trade Commission over account access issues and the 2018 indictment of two employees who were spying for the Saudi Arabian government — were not enough, and there are lessons for everyone in the aftermath.

In a blog post Monday, security expert Bruce Schneier called the Twitter incident a "class break," describing this category as "security vulnerabilities that break not just one system, but an entire class of systems." "Class breaks are endemic to computerized systems," he wrote, "and they're not something that we as users can defend against with better personal security."

As more and more companies move critical applications to cloud services and use third-party enterprise software tools, modern identity management software has become a very important part of the tech department's toolkit. This need has only accelerated in a pandemic, during which so many employees are working from their home networks and outside of the traditional defenses around corporate networks.

Software from companies like Okta allows workers to securely access the internal corporate applications they need to do their jobs with "single sign-on" technology, sort of like a password manager for work. Then, once workers pass that test, other tools are needed that grant certain people access only to specific data sets or controls, so that one breach doesn't open up the entire company to an attacker.

At Twitter, lots of employees have access to user accounts. Any attempt to provide customer service requires that, to some extent, but it's also clear that the company needs to consider additional controls, such as requiring two employees to sign off on proposed changes to prominent user accounts.

Companies also need to move past the idea that a user who has entered the proper login credentials is a valid user — the so-called "zero trust" approach. The central idea here is paranoia: No person or device should be automatically trusted outside or inside a network, and Google pioneered this line of thinking over the last decade with an internal service called BeyondCorp.

It's not clear what type of approach is in place at Twitter, but the company has been operating without a chief information security officer in 2020, according to The Wall Street Journal. That vacancy will likely be filled in short order, and like lots of companies re-evaluating their internal processes in the wake of this incident, one of that person's first jobs will be to rethink how Twitter manages identity and access to its systems.

Does Elon Musk make Tesla tech?

Between the massive valuation and the self-driving software, Tesla isn't hard to sell as a tech company. But does that mean that, in 10 years, every car will be tech?

You know what's not tech and is a car company? Volkswagen.

Image: Tesla/Protocol

From disagreements about what "Autopilot" should mean and SolarCity lawsuits to space colonization and Boring Company tunnels, extremely online Tesla CEO Elon Musk and his company stay firmly in the news, giving us all plenty of opportunities to consider whether the company that made electric cars cool counts as tech.

The massive valuation definitely screams tech, as does the company's investment in self-driving software and battery development. But at the end of the day, this might not be enough to convince skeptics that Tesla is anything other than a car company that uses tech. It also raises questions about the role that timeliness plays in calling something tech. In a potential future where EVs are the norm and many run on Tesla's own software — which is well within the realm of possibility — will Tesla lose its claim to a tech pedigree?

Keep Reading Show less
Becca Evans
Becca Evans is a copy editor and producer at Protocol. Previously she edited Carrie Ann Conversations, a wellness and lifestyle publication founded by Carrie Ann Inaba. She's also written for STYLECASTER. Becca lives in Los Angeles.

As President of Alibaba Group, I am often asked, "What is Alibaba doing in the U.S.?"

In fact, most people are not aware we have a business in the U.S. because we are not a U.S. consumer-facing service that people use every day – nor do we want to be. Our consumers – nearly 900 million of them – are located in China.

Keep Reading Show less
J. Michael Evans
Michael Evans leads and executes Alibaba Group's international strategy for globalizing the company and expanding its businesses outside of China.
Protocol | Workplace

Apple isn’t the only tech company spooked by the delta variant

Spooked by rising cases of COVID-19, many tech companies delay their office reopening.

Apple and at least two other Silicon Valley companies have decided to delay their reopenings in response to rising COVID-19 case counts.

Photo: Luis Alvarez via Getty

Apple grabbed headlines this week when it told employees it would delay its office reopening until October or later. But the iPhone maker wasn't alone: At least two other Silicon Valley companies decided to delay their reopenings last week in response to rising COVID-19 case counts.

Both ServiceNow and Pure Storage opted to push back their September return-to-office dates last week, telling employees they can work remotely until at least the end of the year. Other companies may decide to exercise more caution given the current trends.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.
Protocol | Workplace

Half of working parents have felt discriminated against during COVID

A new survey found that working parents at the VP level are more likely to say they've faced discrimination at work than their lower-level counterparts.

A new survey looks at discrimination faced by working parents during the pandemic.

Photo: d3sign/Getty Images

The toll COVID-19 has taken on working parents — particularly working moms — is, by now, well-documented. The impact for parents in low-wage jobs has been particularly devastating.

But a new survey, shared exclusively with Protocol, finds that among parents who kept their jobs through the pandemic, people who hold more senior positions are actually more likely to say they faced discrimination at work than their lower-level colleagues.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Enterprise

Alphabet goes deep into industrial robotic software with Intrinsic

If it succeeds, the gambit could help support Google Cloud's lofty ambitions in the manufacturing sector.

Alphabet is aiming to make advanced robotic technology affordable to customers.

Photo: Getty Images

Alphabet launched a new division Friday called Intrinsic, which will focus on building software for industrial robots, per a blog post. The move plunges the tech giant deeper into a sector that's in the midst of a major wave of digitization.

The goal of Intrinsic is to "give industrial robots the ability to sense, learn, and automatically make adjustments as they're completing tasks, so they work in a wider range of settings and applications," CEO Wendy Tan-White wrote in the post.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Latest Stories