May 4, 2022
Hello and welcome to Protocol Enterprise! Today: SafeGraph tells Protocol changes are coming after selling abortion clinic visitor data to customers, GitHub makes two-factor authentication the No. 1 login method, and Twilio’s CEO sees the antidote to the “privacy-focused world.”
Companies that move to the cloud often cite a desire for increased speed and agility, but that’s not always the case, at least at first. New research from Tigera found that almost all of the companies it surveyed building cloud-native applications are moving slower than they’d like, with two-thirds of them citing security concerns as the bottleneck.
“I think it's good that we were called out,” Auren Hoffman, CEO of location data provider SafeGraph, told Protocol on Wednesday.
After Motherboard reported Tuesday that SafeGraph sold information showing where groups of people visiting clinics providing family planning and abortion services had traveled from, how long they stayed and where they traveled afterwards, changes are coming. On Wednesday SafeGraph said “in light of potential federal changes in family planning access,” it would remove the data associated with family planning center locations from its online self-serve data platform and from the API through which it distributes data to customers.
When asked why the company has ever made such data available commercially, Hoffman said, “Honestly, it's a good question, so we're reviewing it.”
Like other providers of controversial location data, SafeGraph began making its data showing where or how often people moved around the country available for free to nonprofit organizations and government agencies around the start of the COVID-19 pandemic.
But now Hoffman said that SafeGraph might consider altering its approach to data access.
When asked today whether the company would name any of the partners it works with to supply location data showing patterns of places people visit, Hoffman said he could not.
Our workplace has changed in many ways. Most work now happens inside technology, hybrid work arrangements appear here to stay, and organizations are trying to keep up. Join us NEXT WEEK May 10 at Guide: The Digital Adoption Summit to learn how your org can adapt to the digital workplace.
[Editor’s note: Meet Kyle Alspach, who just joined Protocol Enterprise this week to cover cybersecurity! We’re thrilled that we can now put more emphasis on this absolutely vital sector of enterprise tech, and you can get in touch with Kyle below.]
GitHub announced Wednesday that it will require developers who contribute code to the repository to use two-factor authentication by the end of 2023, in a drive to better lock down the security of the software supply chain.
Just 16.5% of GitHub.com users currently use two-factor authentication, considered to be a substantially more secure method of logging in given that it requires more than just a password. The two-factor authentication requirement will affect GitHub.com's 83 million users, and is being announced well in advance to "make sure we get this right" in terms of the user experience for developers, said Mike Hanley, chief security officer at GitHub.
In an interview with Protocol, Hanley said the move "has a potential to really bolster the overall security of the software ecosystem." GitHub said that its enterprise customers will also be able to require their developers to use two-factor authentication when accessing their repositories.
The announcement by Microsoft-owned GitHub comes at a time of high anxiety in the enterprise about the potential security risks of open-source software components. This is due in part to rising attacks against software supply chains — which jumped by more than 300% in 2021, according to a report from application protection firm Aqua Security.
Countless software development teams depend on the use of open-source code from repositories such as GitHub. But the insertion of malicious code into a major open-source project — perhaps enabled by a compromised password — can be catastrophic. With widely used open-source code, if an adversary has control for even a short time, "it can be downloaded tens of thousands of times or hundreds of thousands of times," Hanley said.— Kyle Alspach (email | twitter)
Off the heels of 48% revenue growth for the quarter, Twilio CEO Jeff Lawson is optimistic the SaaS giant is on its way to profitability. While heavy investments in acquisitions such as the $3.2 billion acquisition of Segment have driven up operating expenses in recent years, Lawson is shifting focus to turning a profit.
Part of that shift will entail capitalizing on those acquisitions. Lawson is counting on first-party data platform Segment to drive continued revenue growth as the privacy landscape continues to shift. “CDPs are the antidote to the privacy-focused world that we’ve entered into,” said Lawson. Update: Twilio later reached out to note that while Lawson did indeed say "antidote," he meant to say "answer," which makes a little more sense.
Even though customer data platforms had a bit of a false start several years ago, Lawson thinks now is their time to shine. “I think the market is ready. And I think that pretty soon, any company that has customers will need a CDP, and we’re building for that world and we’re going to go really after that market,” he said.— Aisha Counts (email | twitter)
SAP and Google Cloud linked S/4HANA Cloud and Google Workspacethrough a new integration that will make it easier to use data stored in SAP within Google’s office productivity tools.
Heroku began resetting customer passwords after a security incident last month, and the change could break applications using Heroku APIs until access tokens are regenerated.
What makes it hard to manage a complex IT portfolio? How can IT take the lead on driving software adoption? What role should cross-departmental partners play in their strategy? You’ll get the answers to these questions and more from leaders at Asana, Linksys, and ELF Beauty during our CIO panel at Guide: The Digital Adoption Summit. Join us NEXT WEEK on May 10.
Thanks for reading — see you tomorrow!