Source Code: Your daily look at what matters in tech.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
yesAdam JanofskyNone
April 6, 2020
You and everyone on your team are suddenly working from home for the foreseeable future. That awesome security structure you had in place is now Swiss cheese at best, with employees using all sorts of devices and network setups to access corporate data.
How do you plug the biggest security holes as quickly as possible?
We asked more than a dozen cybersecurity companies to share the memos, emails and other guidance that they have sent to their own employees in the past few weeks to protect their systems. Here's what we found.
They're taking phishing really seriously
Almost every cybersecurity company we contacted has been regularly warning employees about sophisticated phishing attacks that leverage COVID-19 information to get victims to click on malicious files.
Joe Payne, chief executive of Code42, which makes software that detects and responds to insider threats, wrote in an email to all employees on March 24 that their CISO had reported "a huge surge in phishing activity. The bad people (and they really are bad people!) are preying on people's fear during this crisis. Do not click on links!!!"
The scams can take different forms, but workers should be especially suspicious of emails about workplace policy changes, emails that offer health advice, and messages that look like they're from the Centers for Disease Control and Prevention, advised a March 16, all-employee memo from Simon Biddiscombe, chief executive of MobileIron, which helps enterprises secure mobile devices and other endpoints.
"Cybercriminals have targeted employees' workplace email accounts. One phishing email begins, 'All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.' If you click on the fake company policy, you'll download malicious software," Biddiscombe wrote.
Cybersecurity companies including Veracode, Satori Cyber, OneLogin and F5 Networks all circulated ways to identify if an email is malicious — for example, by checking a domain before clicking on a link and verifying that a sender is who they say they are — and reminded employees how to report suspicious emails so that they can be analyzed by security teams.
"Let's make sure we don't get a different kind of virus," OneLogin's security team wrote in a March 17 email to all employees, advising that when they receive an unexpected message, to apply the "S-T-O-P principle": Stop, Take a deep breath, an Opportunity to think, and Put the email into perspective and report it to one of three teams.
They're talking about security constantly
To keep on top of rapidly evolving threats, cybersecurity firms have ramped up their regular communications with employees.
In addition to frequent security-related emails, FireEye chief executive Kevin Mandia has a standing weekly live call — held twice to accommodate all global team members — to reinforce the messages and address questions, a spokesperson said.
SecureLink chief executive Joe Devine holds a similar weekly meeting through Google Hangouts, and Chief Information Security Officer Tony Howlett sends out daily educational emails about the latest attack information and how to stay protected.
"When it comes to communications with our employees, we are now actively over-communicating with them to keep them informed about everything going on. Extreme transparency is always the best policy," Howlett said in an email to Protocol. "Repetition is key when it comes to educating employees on security best practices, so we send out regular bulletins that [recap] the latest attacks from that week and how you can keep yourself safe at home."
Everyone is IT now
Many of the steps that employees can take to protect themselves require some technical know-how, and some cybersecurity firms have created guides and checklists to help employees secure their home workspace without in-person guidance from IT staff.
Twilio, which helps companies manage their cloud communications security, has an internal wiki called "Protect Your Castle" that they've been updating daily since the outbreak began. The wiki has policies, guidelines and FAQs about working from home.
Security resources on the wiki include steps to take to protect your home network (for example, change the name of your Wi-Fi, change your router's username and password, and don't broadcast your SSID), and to protect your laptop and other devices from cyberthreats (turn off Bluetooth, update your software, delete apps that you don't use, use a VPN).
Not everyone on your team knows how to do these things? It's a great time for them to expand their skill set. SecureLink's cybersecurity team also put together a "Work From Home Security Guide" for employees that explains things like how to set up a VPN and multifactor authentication.
They're afraid of children
Even if workers do everything right, one 8-year-old downloading Minecraft modifications on a work computer can sabotage the whole system.
"Sometimes the work PC is now the best computer in the house," said Steve Grobman, chief technology officer at McAfee. "There needs to be a lot of thought before you let your kid do their homework on your work PC and possibly go to a website during a break that can put your company at risk."
Grobman said that many organizations allow employees to use work computers for some level of personal use, but they need to emphasize ways that workers can separate the two during the outbreak, when there may be several family members stuck at home with not enough devices.
Eldad Chai, chief executive of Satori Cyber, emphasized this point to employees at the end of a March 19 email about how to stay secure.
"Also, don't let your kids install anything :)," he said.
… and wash your hands
Below, check out some of the emails cybersecurity companies have sent to their employees.
From Your Site Articles
Adam Janofsky
Adam Janofsky (@adamjanofsky) is the former cybersecurity and privacy reporter at Protocol. Prior to that, he was a reporter at The Wall Street Journal, where he covered cybersecurity, AI and other emerging technology. Prior to that, he worked at Inc. magazine and edited The Wall Street Journal's blog about startups and entrepreneurship.
People
Expensify CEO David Barrett: ‘Most CEOs are not bad people, they're just cowards’
"Remember that one time when we almost had civil war? What did you do about it?"
Expensify CEO David Barrett has thoughts on what it means for tech CEOs to claim they act apolitically.
Photo: Expensify
January 19, 2021
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
January 19, 2021
The Trump presidency ends tomorrow. It's a political change in which Expensify founder and CEO David Barrett played a brief, but explosive role.
Barrett became famous last fall — or infamous, depending on whom you ask — for sending an email to the fintech startup's clients, urging them to reject Trump and support President-elect Joe Biden.
<p>"Anything less than a vote for Biden is a vote against democracy," Barrett said in the email.</p><p>It was an unprecedented political maneuver by a CEO-founder in Silicon Valley, and one that drew praise from a preeminent historian of the region.</p><p>"This was a moment that utterly transcended politics as usual, and his statement utterly transcended politics as usual," futurist and historian Paul Saffo told Protocol. "I'm sure investors got a little bit of a case of indigestion over this. It was a bold move and I would say it was made with considerable character."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>And it wasn't a one-off: Barrett sent another email to Expensify customers over the weekend, telling its users about its plans to spend $3 million on fighting inequality, while also railing against the "domestic terrorists" who invaded the Capitol earlier this month.</p><p>Barrett talked to Protocol last Friday, before the latest email, about the coming transition, which he reflected on in a celebratory mood even as he looked back on the controversial episode. "We just survived Trump. This is going to be an amazing year," he said. "The economy's coming back. The vaccines are rolling out. Travel is going to restart. We got a new administration that's going to make reasonable decisions. We avoided a civil war. Everything's on the up and up."</p><p><em>The interview has been edited for clarity and brevity.</em></p><p><strong>You sent that email taking a position on the election. I've talked to a lot of CEOs in Silicon Valley who'd rather stay in the middle. They're not going to say what they think or even who they voted for because it's safer.</strong></p><p>My opinion is a little bit different. I think this idea of "Oh, we're apolitical," I think that's kind of bullshit. I think there's no such thing in a democracy as being apolitical. Every action you take is your position. I think that a large number of these tech companies, by saying, "Oh, we're apolitical," that's a very convenient way of saying, "No, I'm voting for the status quo. I support the current administration, and I'm not going to take actions to do anything about it because it's actually good for business." I think it's actually pretty cynical.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p><strong>There's going to be a change, and there will be new issues. It's probably not going to be as intense as Trump, but there will be issues. How do you navigate them? It can be a slippery slope when you start to take positions.</strong></p><p>I think the litmus test is: What is the real-world potential impact of this? I don't anticipate to weigh in on the normal issues. It sounded bombastic back then when I wrote the newsletter: "Hey, I am genuinely concerned that we're going to have a true civil war, and that's going to be really bad for business. My business is great. We're profitable. We're growing. We're surviving the pandemic. So long as we don't descend into civil war, we'll be fine. But Trump is saying he's not going to leave office, and is anyone reading this crazy shit? We should take it seriously." </p><p>This is not normal politics. This is not taxes or health care or whatever. This is like the destruction of our nation up for discussion. The only reason I felt it was important as a CEO to weigh in was that the stakes are too high to be neutral here. </p><p>Even right now. The guy's still not out of office, by the way. The FBI's warning that we're going to have attacks on every state Capitol. Never has that happened in the history of the nation before. This is so wild, what we're talking about. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>I feel that we need to keep reminding ourselves just how beyond the pale this is. As business leaders, it's just shameful to just sit out this entire thing. It's like, "Oh, remember that one time when we almost had civil war? What did you do about it? Oh, fucking nothing? Oh, good job."</p><p><strong>What was the reaction to the email like? Did any of it give you pause?</strong></p><p>Expensify is not a product you adopt overnight. You also don't leave it overnight. We just didn't know what the reaction was going to be. We saw this thing just go so much bigger than we expected. We were like, "Oh, fuck. OK. That's exciting."</p><p>Most people ignored it, or agreed with it, or vented about it or whatever. The vast majority of people, they're too busy. And in this Twitter news cycle, sustaining anger for more than like 10 seconds is hard. It's like, "Fuck Trump! Oh, such a cute puppy!" It's so hard to do anything.</p><p><strong>Where does that come from, that belief in taking a position? Can you talk a bit about your background?</strong></p><p>My background has always been in hard engineering. Never been in finance. Never been in politics or any of that stuff. I think what you're getting at [is]: Why are you so outspoken? I'm in a lucky position to do that. I run a very profitable business that has a very distributed customer base. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>I think most CEOs, it's not that they're bad people, they're just cowards. They're like, "Yeah, I would like to take a stand, but I can't because of investors, customers and things like this." It basically comes down to, "I care more about hitting the next quarter results than preventing a civil war," which is so fucked up. They're more afraid of their investors than they are of militants. I'm in a lucky position where I don't have to be afraid of my investors. I'm super profitable. I can't get fired. There's no majority on the board that can fire me. So I think that I am in a position [where] I can take these stands much more than others. </p><p>I've heard from a lot of other CEOs [about speaking up, and they say]: "I can't. I wish I could. I feel bad. I feel ashamed. But I kind of can't." I feel I can give an example of, like, "Guys, speak up. The water's fine." Defending democracy is not actually a bold choice because most people agree with it.</p><p>Sure, we got a lot of shit on Twitter, or whatever. Those people weren't our customers anyway. It had no negative impact on revenue. If anything, I think we're gonna look back and this is going to be an incredible brand building event. We didn't expect this to go as viral as it did. It's like, "Shocker! Getting massive coverage for defending democracy is good for business, actually."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>I think that CEOs need to have the courage to actually step up for things that matter, and be less sort of afraid of the impact on their businesses. Because most customers, especially the people who are actually buying the software, they care about stability, they care about democracy.</p><p><strong>Would you consider politics after your business career?</strong></p><p>No, that sounds like a huge pain in the ass. Plus that assumes that there is an "after my business career." I just made this giant profitable business, and it's fucking awesome. I want to work here forever. My goal is just to stay here forever.</p>
From Your Site Articles
Keep Reading
Show less
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
Protocol | Enterprise
Don’t worry about the cybersecurity fallout of the Capitol breach
Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.
Any lasting cybersecurity damage from the breach is likely to be limited.
Photo: Louis Velazquez/Unsplash
January 11, 2021
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
January 7, 2021
Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.
One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.
<p>There could have been plenty of unclassified information that would still be considered sensitive, such as Pelosi's contacts and email correspondence. And it's fair to say that congressional IT practices are somewhat haphazard; some computers might have been encrypted, while some might not have even had password protection, according to security experts.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>As Katie Moussouris, CEO and founder of Luta Security, <a href="https://www.washingtonpost.com/politics/2021/01/07/cybersecurity-202-riot-capitol-is-nightmare-scenario-cybersecurity-professionals/" rel="noopener noreferrer" target="_blank">told The Washington Post</a>: "There's an old saying, if an attacker has physical access to your computer, it's not your computer anymore."</p><p>Still, any lasting cybersecurity damage from the breach is likely to be quite limited.</p><p>A <a href="https://www.reuters.com/article/us-usa-election-cyber/u-s-senator-says-capitol-building-rioters-made-off-with-laptop-idUSKBN29C2GA" rel="noopener noreferrer" target="_blank">laptop from Sen. Jeff Merkley's office was taken</a>, but there were no other reports of missing computers. Representatives from Merkley's office did not respond to an inquiry as to whether or not that laptop was encrypted; computers purchased for Senate offices after October 2018 were <a href="https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/" rel="noopener noreferrer" target="_blank">required to have encryption technology turned on</a> at the urging of Merkley's fellow Oregon senator, Ron Wyden, but it's not clear when the laptop in question was purchased.</p><p>There's a far greater threat to information security in the Capitol Building, and it doesn't require access to the building itself. As we've seen with the SolarWinds hack that infiltrated several executive branch agencies last year, the biggest threats to government information security aren't wearing red hats and breaking windows; they're coming from overseas through the internet to steal sensitive data.</p><p>And in any event, the Capitol Building is not exactly the most secure facility controlled by the government, as Wednesday's events show. Any foreign intelligence agent bent on figuring out what the House Committee on Ways and Means is up to would probably have better luck accessing computers by infiltrating the cleaning staff or mingling with visitors on a post-pandemic tour of the building.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>The incident does shine a light on congressional cybersecurity practices, which are far less robust than the requirements of the executive branch.</p><p>In the House, members of Congress are responsible for procuring their own IT assets just like any of us, whereas in the Senate, technology purchases are made through the office of the <a href="https://www.senate.gov/reference/office/sergeant_at_arms.htm" rel="noopener noreferrer" target="_blank">Sergeant at Arms</a>. Email and file servers in the House are managed by the chief administrative officer, a non-partisan position. In the Senate, that duty falls to the Sergeant at Arms, who serves at the pleasure of the party in power.</p><p>"Images on social media and in the press of vigilantes accessing congressional computers are worrying," said Rep. Anna Eshoo, a Democrat from California, in a statement. "I asked the Chief Administrative Officer of the House to conduct a full assessment of threats based on what transpired yesterday, and the CAO has already taken important steps to that end. I have confidence that House and Senate IT and cybersecurity professionals are taking the matter seriously."</p><p>On Thursday afternoon, the <a href="https://twitter.com/ericgeller/status/1347303258180751364/photo/1" rel="noopener noreferrer" target="_blank">CAO updated members of the House</a> saying that administrators took "efforts including issuing commands to lock computers and laptops and shutting down wired network access to prevent inappropriate access to House data." It's not clear what, if any, action was taken on the Senate side.</p><p>Executive branch staff are almost universally required to use two-factor authentication to log into their work computers, but such a requirement does not exist in the legislative branch. Congresspeople are essentially small-business owners who can require their staff to follow whatever cybersecurity practices they deem necessarily, including, well, nothing.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>There's certainly a chance that a few individuals among the mob that breached the Capitol Building could have read less-than-flattering emails sent by or to members of Congress, and could use those emails to damage a few reputations.</p><p>But the most likely outcome of Wednesday's breach is that a lot of passwords have already been changed, or will be changed in the next few days.</p><p><em><strong>Update: </strong>This article was updated at 4:07 p.m. PT to include a statement from Rep. Anna Eshoo, and corrected at 5:17 p.m. PT to fix the spelling of her first name.</em><br></p>
Keep Reading
Show less
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
Politics
In 2020, COVID-19 derailed the privacy debate
From biometric monitoring to unregulated contact tracing, the crisis opened up new privacy vulnerabilities that regulators did little to address.
Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, says the COVID-19 pandemic has become a "cash grab" for surveillance tech companies.
Photo: Lianhao Qu/Unsplash
December 30, 2020
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
December 29, 2020
As the coronavirus began its inexorable spread across the United States last spring, Adam Schwartz, senior staff attorney at the Electronic Frontier Foundation, worried the virus would bring with it another scourge: mass surveillance.
"A lot of really bad ideas were being advanced here in the U.S. and a lot of really bad ideas were being actually implemented in foreign countries," Schwartz said.
<p>In China, where the virus first took hold, the country had already begun using draconian smartphone-based tools to <a href="https://www.bbc.com/news/technology-51439401" rel="noopener noreferrer" target="_blank">track sick people's whereabouts</a> and effectively force them to stay home. In Israel, lawmakers rushed through a proposal to give government officials <a href="https://www.bbc.co.uk/news/technology-51930681" rel="noopener noreferrer" target="_blank">access to Israelis' location data</a>. As the White House met with tech giants including Facebook and Google to discuss ways they could help, Schwartz and others feared the U.S. might be next in allowing fear of the virus to subvert basic civil liberties.</p><p>Nine months into the crisis, Schwartz said, the "worst ideas" being deployed internationally have yet to take hold in the U.S. But that doesn't mean COVID-19 hasn't created a slew of smaller, but still insidious privacy setbacks for Americans who, in recent years, have become increasingly wary of all the intrusive ways that governments and private companies use their personal data. Since March, corporate offices and college campuses have been flooded with biometric scanners, employers have deployed software that lets them remotely monitor workers' keystrokes and giant corporations like Ticketmaster have <a href="https://help.ticketmaster.com/s/article/What-are-your-COVID-screening-requirements?language=en_US" rel="noopener noreferrer" target="_blank">contemplated</a> linking people's negative COVID-19 tests to their tickets to gain entry to future events. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>While many of these precautions are well-meaning attempts to preserve public safety and to use technology to get the economy up and running again, they can come at a cost to personal privacy. And yet, the crisis has once again relegated privacy legislation to the back burner in Congress as lawmakers battle over how to handle dueling health and economic disasters.</p><p>Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, says the COVID-19 pandemic has become a "cash grab" for surveillance tech companies. "I think this has been the most dangerous moment for civil rights since 9/11," he said. "When you're faced with impossible choices like whether or not to keep schools open and deprive kids of an education or put them at risk, it's so easy to be taken in by the allure of magical thinking and startups that say if you just install this tracking device you'll somehow be able to avoid doing the impossible."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Contact tracing has been a source of concern, as governments across the country work with a slew of private firms to manage manual contact tracing with no real guardrails in place. "People by the thousands are telling contact tracers where they've been, who they're with, and we don't think there are sufficient ways to secure that data, especially when private contractors or for-profit corporations are helping," Schwartz said.</p><p>In New York, Cahn's organization supported legislation that would have protected New Yorkers from having their contact tracing data used against them in court or administrative proceedings. That bill passed over the summer, but Governor Andrew Cuomo has yet to sign it into law, leaving that information vulnerable. "In most states, police or ICE can get contact tracing data with a subpoena," Cahn said. "This not only creates a privacy threat, but it's a public health nightmare. There are millions of Americans who would second guess whether to fully disclose their potential contacts."</p><p>Apple and Google partnered on a contact-tracing tool that went to extremes to ensure people's data wouldn't be centrally stored or shared with either company or with the government. But health officials, at least early on, <a href="https://www.washingtonpost.com/technology/2020/05/15/app-apple-google-virus/" rel="noopener noreferrer" target="_blank">scoffed</a> at the limitations. "Digital apps and technology have struggled in the in-between space of wanting to track the path of this disease, this virus, while at the same time really struggling with very real privacy concerns," said Malkia Devich-Cyril, founding director and senior fellow at the advocacy group MediaJustice.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>The imminent rollout of a vaccine presents even trickier questions, like what happens if businesses or governments begin requiring people to prove they've been vaccinated in order to access certain spaces. California's legislature already defeated a bill that would have created a blockchain-based system to create what Schwartz calls "immunity passports." EFF argued that requiring people to hand over their smartphones to prove their immunity would open them up to other privacy invasions and would require people to have a smartphone in the first place. "We view this as a horrible, horrible idea," Schwartz said, noting that EFF will be "in the trenches" if any similar proposals arise.</p><p>Over the course of 2020, there have been other, subtler attitudinal shifts too. In the spring, news outlets that, in the past, criticized apps for surreptitiously tracking and selling people's location data, suddenly began tapping that same data to track where people were actually <a href="https://www.nytimes.com/interactive/2020/04/02/us/coronavirus-social-distancing.html" rel="noopener noreferrer" target="_blank">staying at home</a> or whether anti-shutdown protesters might be <a href="https://www.theguardian.com/us-news/2020/may/18/lockdown-protests-spread-coronavirus-cellphone-data" rel="noopener noreferrer" target="_blank">spreading the virus</a>. "We think there's a lot of COVID-washing going on," Schwartz said.</p><p>That COVID-washing hasn't been uniform though, Devich-Cyril said, noting that Black and brown communities with a long history of being surveilled remain wary of that kind of intrusion. "The simple fact of a medical disaster is not enough to turn people away from their desire for basic freedoms and rights," Devich-Cyril said.</p><p>Still, despite these setbacks, privacy advocates did score some wins in the midst of the chaos. On Election Day, Portland, Maine succeeded in banning facial recognition technology. Michigan voted to require police to seek search warrants before accessing electronic data. And California passed Proposition 24, a measure that rewrites the California Consumer Privacy Act and gives Californians new rights over protecting their data. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>"That is the story of privacy in 2020," said Jim Steyer, CEO of Common Sense Media, which backed Prop. 24. "That was a significant step forward." It's worth noting that not all privacy groups celebrated the passage of Prop. 24. Some, like the American Civil Liberties Union, opposed it over concerns that it created new privacy loopholes for businesses.</p><p>Schwartz is at least relieved that so many of the "bad ideas" that emerged at the beginning of 2020 have not been adopted in the U.S. But as the pandemic rages on through 2021, the fight for privacy in the face of a global health crisis will undoubtedly continue.</p>
From Your Site Articles
Keep Reading
Show less
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
People
The year our personal lives took center stage at work
2020's blurring of professional and personal boundaries exacerbated disparities, humanized leaders and put personal values front and center.
In 2020, the personal and the professional became inextricable at work.
Photo: Tom Werner/Getty Images
December 28, 2020
Anna Kramer is a reporter at Protocol (@ anna_c_kramer), where she helps write and produce Source Code, Protocol's daily newsletter. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.
December 28, 2020
For those of us lucky enough to keep our jobs and privileged enough to be able to work from home, our whole selves were bared at work this year. Our homes and faces were blown up for virtual inspection. Our children's demands and crises filled our working hours, and our working mothers became schoolteachers and housewives, whether they wanted to or not. Our illnesses became vital public information, and our tragedies shared. Our work lives ate into our social lives until there was no boundary between them.
In 2020, the personal and the professional became inextricable at work. Remote work might be the most sexy 2020 trend, but for the CEOs and leaders I spoke with, the de-professionalization of work could be the most important effect on a personal level. It's the one that has caused the most harm to women in the workplace and destroyed work-life balance for basically everyone. It's also what has contributed to the majority of work-from-home Americans being more satisfied with their work lives than they were before, mostly because they feel more connected to their families, they're able to set their own schedules and they're more comfortable at home, according to a Morning Consult poll. While we can't know exactly how many and who will be going back to the office just yet, as long as there is some kind of flexible work schedule, people's personal lives will be part of their work lives and vice versa.
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>"In some respects, it has created intimacy in a way we didn't expect. Because you can't hide your life. You can't hide your whole self," explained Erika Fisher, chief administrative officer and general counsel at Atlassian. This can allow people to set their own schedules around their needs and increase empathy between workers and their managers. The increased intimacy also became an equalizer in meetings, because it democratizes participation and gives everyone the same physical space online, according to Fisher. "You don't have to worry about the man-spreading that happens in meetings, literally or metaphorically," she said.</p><p>Personal politics and activism at work are also an element of newly blurred professional boundaries. The summer of protests following the killing of George Floyd, combined with the chaos of the 2020 election cycle, spurred more than just diversity pledges by corporations; it created a new wave of people bringing their politics and values to work. While Brian Armstrong <a href="https://www.protocol.com/coinbase-social-political-policies-backlash" target="_self">stirred up support in some corners when he declared that political and social beliefs had no place at Coinbase</a>, his memo also crystalized for others that personal identity and personal values should be welcomed where they work. Company leaders at SF-based edtech startup Outschool encouraged their employees to get involved in the 2020 election, while people like Kary Campbell, Airbnb's former director of design, <a href="https://www.protocol.com/newsletters/sourcecode/social-media-ultimate-test?rebelltitem=5#rebelltitem5" target="_self">told me that</a> "companies and societies can no longer just exist to create profitable numbers for their shareholders. We need to evolve as human beings to be more creative than that." </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>While global comms provider Mitel has never taken explicit political positions, the historically quiet company saw a big jump in activism, affinity group creation and values discussions among its workforce this year. "I think we can agree that people need to be treated fairly and that we should embrace and welcome who people are," said Mary McDowell, the company's CEO. "That is part of people's whole selves. It's part of what they bring to work now, when it wasn't before."</p><p>But while falling professional boundaries have been good for some people and some parts of work, they've seriously damaged others. Just because personal lives are now dictating work schedules and kids, pets and houses take center stage on screen doesn't mean that workers' relationships with peers and managers are as healthy or social as they were before. Instead, intimate personal information is shared without the buffer of friendship and companionship that can be found in the office, <a href="https://www.aei.org/articles/remote-work-is-becoming-the-new-normal-it-comes-with-tradeoffs/" rel="noopener noreferrer" target="_blank">making most workers feel <em>more</em> lonely</a>, isolated and judged, not less. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>"Increased intimacy also makes differences much more acute," Fisher said. And it's those differences that contribute <a href="https://www.protocol.com/mckinsey-head-of-diversity-lareina-yee-interview" target="_self">to the fact that one in four women in corporate roles have considered downshifting their careers</a>, according to McKinsey's Women in the Workplace 2020 report. The "always-online" remote work norm has made caretaking responsibilities, which fall more heavily on women, increasingly visible at work; now, "worry that their performance is being negatively judged because of caregiving responsibilities during the pandemic" is one of the key factors affecting why working mothers are considering downshifting their careers, according to the report.</p><p>But falling professional boundaries could also help solve the problem, said Lareina Yee, McKinsey's chief diversity officer and the report's leader. Many companies have policies that encourage flexibility and leave-taking, but workers don't see their leaders take advantage of those policies. If leaders are clear that they are fighting the same battles, they can "de-risk this perception that their career will be hurt if they actually say they need to use something that a company already offers," she said. </p><p>Fisher is focused on physical space in her search for solutions. Some workers are comfortable in their home spaces and willing and even eager to share them on video, but others may not have privacy, or a clean room, or enough space to be conducive to work and to help them feel comfortable at home. Twitter's RoomRater and other Zoom-rating accounts, while mostly funny and well-intentioned, <a href="https://www.vice.com/en/article/epdzkn/room-rater-twitter-account-work-from-home-zoom" rel="noopener noreferrer" target="_blank">made that abundantly clear,</a> literally assessing the quality of a person's room and helping legitimize the judgment and subsequent shaming of people's personal spaces. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>So, whether people go back to the office full time, Fisher wants to find ways for Atlassian to provide a physical space that allows people to enjoy the flexibility of work-from-home while reducing the disparities and judgment that can come with the increased intimacy. "Space is one of the choices that you can extend to people," she said.</p><p>In 2021, the conversation about work will be a conversation about the choices we make in physical spaces, and about whether we want to rebuild the walls between our personal and professional lives. Fisher described it best: "There's this wave happening. Even when the wave comes ashore and washes back out … There will be a different direction."</p><p>Here at Protocol, we've written more stories about the future of work than I have the energy to count (I got to 20 before I gave up, and that only took me as far back as May). So if you're looking for more on what we learned in 2020, I selected some of the most interesting and important articles we've written this year: </p><p>Issie Lapowsky <a href="https://www.protocol.com/parents-working-from-home-survey" target="_self">wrote about how remote work is hurting mothers</a>, and Mike Murphy <a href="https://www.protocol.com/accenture-cto-paul-daugherty" target="_self">delved into why the future is probably not entirely remote</a>. David Pierce profiled <a href="https://www.protocol.com/dropbox-spaces" target="_self">Dropbox's Drew Houston, who hopes to capitalize on a new world of work</a> and interviewed <a href="https://www.protocol.com/superhuman-ceo-rahul-vohra-interview" target="_self">Superhuman CEO Rahul Vohra on how to run a remote company</a> on our podcast. I talked to <a href="https://www.protocol.com/peter-schwartz-salesforce-remote-work" target="_self">Salesforce's futurist Peter Schwartz</a> about why companies will lose talent if they aren't flexible about work and dug into <a href="https://www.protocol.com/atlanta-tech" target="_self">how new ideas about work will make it easier</a> for companies to diversify their workforce by investing in places like Atlanta.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p>
Keep Reading
Show less
Anna Kramer is a reporter at Protocol (@ anna_c_kramer), where she helps write and produce Source Code, Protocol's daily newsletter. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.
Protocol | Enterprise
How Christian Klein’s reboot of SAP’s strategy is working out
The pandemic wasn't kind to the company. But the way it's working with the major COVID-19 vaccine makers is a model for what comes next.
Christian Klein became SAP's sole CEO in April.
Photo: Picture Alliance/Getty Images
January 11, 2021
Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.
December 22, 2020
Christian Klein took over as SAP's sole CEO in April. It wasn't an ideal time to take the helm of an organization that sells expensive enterprise software.
As the spread of COVID-19 forced corporations everywhere to cut costs, one of the first places they looked was IT budgets. Specifically, companies around the world trimmed spending on back-end products, such as those offered by SAP, many of which still run via on-premise data centers.
<p>But now, with an end to the pandemic in sight, Klein is charting a path toward recovery. Central to his strategy is for SAP to become even more of a key tech vendor for the world's most complex companies, analysts say. That means doubling down on industries that are already robust SAP customers, such as manufacturing and automotive, as well as convincing them to pivot to use SAP products in the cloud.</p><p>"We have always been the leading on-premise application platform," Klein <a href="https://www.zdnet.com/article/sap-charts-new-course-to-accelerate-cloud-shift-co-innovation-one-data-model/" target="_blank">told Wall Street analysts</a> earlier this year. "Our intention is to repeat that for the cloud."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>Those sorts of sectors would be ideal clients for SAP because they run very data-heavy operations. SAP's enterprise resource planning software helps track those processes and, perhaps more importantly, allows the stored information to be more easily accessible across the enterprise. </p><p>And by transitioning to the cloud-based products, SAP has the opportunity to deepen its relationships with existing customers. For one, clients switch from paying large upfront costs to monthly installments. That's an increasingly attractive model for organizations because it becomes easier to scale up or down based on demand. As that adoption grows, it could also increase the likelihood that corporations will pile on additional cloud-based SAP applications, ultimately helping the provider achieve its vision of underpinning all operations across the enterprise. </p><p>"[With] asset-intensive organizations, it's important to be able to manage the end-to-end processes. And that is something that SAP has focused on," said Paul Saunders, a senior research director at Gartner.</p><p>That strategy is apparent in the company's work with the life sciences industry. Moderna, which hopes to start <a href="https://www.businessinsider.com/moderna-vaccine-slaoui-likely-approved-by-end-of-week-2020-12" rel="noopener noreferrer" target="_blank">distributing its COVID-19 vaccine this year</a>, uses SAP's ERP software known as S/4HANA. That's enabled Moderna to "improve the quality of drugs being produced," according to a <a href="https://www.sap.com/documents/2017/11/8c9e515b-e27c-0010-82c7-eda71af511fa.html" rel="noopener noreferrer" target="_blank">synopsis of the partnership</a> from SAP. And Moderna is deploying other solutions on top of the core ERP, like a program that will help the company <a href="https://news.sap.com/2020/12/sap-moderna-covid-19-vaccine-distribution/" rel="noopener noreferrer" target="_blank">prevent counterfeit vaccines</a>. Similar tools are in use at AstraZeneca, Johnson & Johnson, Sanofi, GlaxoSmithKline and <a href="https://blog.asug.com/hubfs/ASUG83120%20-%20Pfizer's%20Flight%20to%20SAP%20Cloud%20Platform.pdf" rel="noopener noreferrer" target="_blank">Pfizer</a> — pharmaceutical companies working on COVID-19 vaccines — according to publicly available information.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>"When you look at what is just happening out there on the vaccine side, there we are almost supporting every manufacturing, every logistic provider," Klein <a href="https://seekingalpha.com/article/4392353-sap-ses-sap-ceo-christian-klein-presents-fourth-annual-wells-fargo-tmt-summit-2020-conference" rel="noopener noreferrer" target="_blank">said at a recent Wells Fargo conference</a>.</p><p>That all serves to demonstrate how, despite its most recent struggles, SAP remains a powerhouse in the enterprise software industry. </p><p>But it's not to say Klein's onto a sure thing: For many of these companies and others, SAP is just one of a slew of vendors currently in use. Enterprises are also reimagining how they use their ERP systems, according to <a href="https://www2.deloitte.com/us/en/insights/focus/tech-trends.html" rel="noopener noreferrer" target="_blank">Deloitte</a>, and shifting more non-critical business functions to other third-party applications to reduce legacy IT debt — a phenomenon that could ding SAP in the long run. Some companies, for example, may seek to take software that helps manage the human resource function off of the ERP and run it separately. </p><p>And despite being a market leader in ERP software, SAP isn't without competition. Oracle remains a key rival, and its founder Larry Ellison has alluded to a more fierce competition ahead in the cloud. He even told analysts during a recent earnings call that Oracle would soon announce a slate of large-scale customers it stole from SAP. </p><p>"Oracle is the clear market leader in cloud ERP," Ellison declared on a call with Wall Street analysts earlier this month. That "will become even more obvious when we announce that several major large-scale SAP ERP customers are leaving," he added. Still, that's a promise Ellison also made last year, and one which has yet to materialize — at least publicly. An Oracle spokesperson declined to comment. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Despite the challenges, SAP's overall sales grew slightly to nearly $20 billion In the first nine months of 2020. But while for Klein the recovery is a long-term vision, his plan hasn't exactly been embraced by investors. Following a statement in late October that <a href="https://markets.businessinsider.com/news/stocks/sap-stock-price-2020-outlook-downgrade-2020-10-1029720099" rel="noopener noreferrer" target="_blank">outlined a two-year delay in reaching prior revenue targets</a>, SAP's stock dropped 22% — a fall it has yet to recover from.</p><h2>Underpinning vaccine development</h2><p>Even so, a deeper look at how SAP is deployed across top vaccine-makers shows why it's hard to count the software giant and its CEO's vision out entirely.</p><p>Companies typically want to remain quiet when it pertains to an ongoing initiative as critical as eradicating a virus that led to a global pandemic. True to form, spokespersons for Moderna, AstraZeneca, J&J, Pfizer, GSK and Sanofi did not respond to a request for comment about how they use SAP products for this article. But many of the objectives previously outlined by executives at those firms in adopting the company's technology align with the goal of now quickly developing and producing a vaccine.</p><p>GSK, for example, has <a href="https://www.ariba.com/resources/library/library-pages/gsk-and-sap-ariba-how-innovation-improves-lives#video" rel="noopener noreferrer" target="_blank">over 90% of its pharmaceutical and vaccine businesses</a> running on SAP's ERP system. The global deployment enables the UK-based manufacturer to better "leverage the significant amounts of data" it collects and develop insights from that information to improve operations, former technology product manager Jonny Dent said during a February webinar.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>On top of that software, GSK also uses Ariba, SAP's procurement manager, to improve how the company works with its many suppliers and contract manufacturers — the same ones that could be tasked with helping to mass-produce a vaccine.</p><p>"We're a SAP house through-and-through," Dent told participants at the time.</p><p>At Sanofi, the French drugmaker opted to implement S/4HANA in 2017. The software initially went live in several pilot countries in 2018 in Europe before the company deployed it more broadly earlier this year. One of the goals of the pivot was to consolidate the 10 disparate ERP platforms that Sanofi had as a result of over 300 acquisitions since its founding in 1999, according to a <a href="https://www.sap.com/assetdetail/2020/07/12b04aa9-a37d-0010-87a3-c30de2ffd8ff.html" rel="noopener noreferrer" target="_blank">promotional video posted by SAP</a>. Now, the company says information can be more easily accessed by individuals across different business units.</p><p>AstraZeneca uses SAP's Work Manager software to better oversee its manufacturing equipment. The tool effectively allows factory workers to more closely track their performance on the floor to help managers determine when machines may be close to breaking down. One exec previously said it led to a "6[%] to 8% increase in efficiency." Such an application could play a role in ensuring the production of a vaccine doesn't run into any major hiccups.</p><p>And J&J employs Ariba <a href="https://news.sap.com/2018/02/sap-ariba-and-johnson-johnsons-future-includes-new-technology-better-health-for-everyone/" rel="noopener noreferrer" target="_blank">to help it partner with more diverse suppliers</a>. Overall, roughly 80% of J&J's spend runs through Ariba, totaling more than 250,000 purchase orders as of February 2018.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>So as SAP aims to become an end-to-end partner for key industries, its work with Moderna, GSK and other pharmaceutical companies will serve as a model for how it should try to insert itself in other sectors. Now Klein just needs to make sure that happens. </p>
Keep Reading
Show less
Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.
Latest Stories
See more
Most Popular
Bulletins
January 15, 2021 13:45 EST
Get Source Code in your inbox
David Pierce's daily analysis of the tech news that matters.