Daily Archives: February 3, 2022

Charlie Bell, a former Amazon Web Services executive, is now the leader of Microsofts newly formed, 10,000-person security engineering organization. (Microsoft Photo)

Your code will be attacked.

That warning, so obvious today, was a blunt wake-up call 20 years ago for many of the software developers reading the book Writing Secure Code, by Microsoft security engineering leaders Michael Howard and David LeBlanc.

Bill Gates was one. He absorbed the 477-page technical tome in one weekend and returned to Redmond ready to change how Microsoft made software prioritizing security and reliability over new features.

Eventually Gates wrote, our software should be so fundamentally secure that customers never even worry about it.

Two decades later, that line from the Microsoft co-founders Trustworthy Computing memo would seem quaint if the reality werent so terrifying: ransomware, software supply chain attacks, privacy breaches, nation-state hacks, malware, worms, and adversarial machine learning are just a few of the looming threats.

And the security of Microsofts software is still falling well short of Gates vision. Last month, on the anniversary of the landmark memo, Microsoft patched nearly 120 holes in Windows and other products. Nine were critical. One was wormable, letting attacks spread between computers without human involvement.

Charlie Bell is known to love big engineering challenges. He appears to have found the perfect job, because it would be hard to imagine one bigger than this.

The former Amazon Web Services executive, whose departure for Microsoft last fall was the subject of weeks of negotiations between the Seattle-area tech giants, is now almost four months into his role as a Microsoft executive vice president, leading a new Security, Compliance, Identity, and Management organization.

Bringing together existing groups from across the company, the new organization numbers 10,000 people including existing and open positions, representing more than 5% of the tech giants nearly 200,000 employees.

Its primary focus will be developing and delivering security products and services, not the core security of the companys individual products, which is the purview of security groups inside product teams.

But people inside and outside Microsoft hope Bell can spark meaningful change for the company and cybersecurity writ large, as a respected leader coming in with fresh eyes and a mandate from Microsoft CEO Satya Nadella.

The next big challenge for our company and our industry is securing digital technology platforms, devices, and clouds in our customers heterogenous environments, wrote Nadella in an internal memo announcing Bells position. This is a bold ambition we are going after and is what attracted Charlie to Microsoft.

In a LinkedIn post about his new job, Bell wrote that he was inspired to join Microsoft to take on one of the greatest challenges of our time, trying to take the world from digital medievalism to digital civilization.

Microsoft, he wrote, is the only company in a position to deliver this.

One reason, others point out, is Microsofts own role in the problem.

Microsoft is at the root of tons and tons of the issues these days and people are saying, Just fix this.

Microsoft is at the root of tons and tons of the issues these days. Theres a lot of customer frustration, and people saying, Just fix this. said Alex Gounares, founder and CEO at Bellevue, Wash.-based security tech company Polyverse, who worked in the role of technical advisor to Gates at Microsoft from 2003 to 2006.

Gounares said he believes Microsoft already has much of the technology it needs to address many of the core challenges in cybersecurity. Back in the day, he said, Gates was a forcing function internally to bring Microsofts disparate efforts together in the interest of the greater whole. Bell could now play a similar role in marshaling the companys cybersecurity initiatives.

Charlie is well-known as a get-stuff-done kind of guy, Gounares said. I think its a really good move on Microsofts part to get somebody of his talent and stature to drive fundamental improvements.

But theres a big difference from the days of Bill Gates. The company isnt merely trying to write secure code anymore. The security threats are much larger, and so are Microsofts aspirations to address them. The company wants to build a large line of business by offering security and software to protect its customers, no matter whose software or services theyre using at any given moment.

In fact, this business is already booming. As part of its record-setting earnings report last week, the company said revenue from security products in the prior 12 months surpassed $15 billion, up 45% year over year.

Thats more than 8% of Microsofts total revenue for that time period, and three times the annual revenue of Palo Alto Networks, the largest publicly traded standalone IT security company by market value.

This quest to delivery security across many devices, platforms and clouds is the focus of Bells job leading Microsofts new security engineering organization.

But in the larger scheme of the company, the initiative raises a natural question: How can Microsoft justify making so much money on security when its still routinely patching critical holes in its software?

Deutsche Bank analyst Brad Zelnick raised this issue on Microsofts earnings call, asking Nadella to explain the extent to which Microsoft sees cybersecurity as its responsibility, versus it being a commercial opportunity that you can continue to monetize.

Were going to be very, very mindful of our responsibility.

Nadella acknowledged that one of Microsofts fundamental responsibilities is to build security into its products. The company is going to be very, very mindful of our responsibility, he said.

At the same time, he added, we think we have a security opportunity in being able to secure the entire heterogeneous digital estate of our customers.

Our monetization is about really recognizing that the real world is not some homogenous Microsoft infrastructure world. It is a multi-cloud, multi-platform world, Nadella said. And we will definitely monetize those aspects [where] we have best-of-breed solutions and suites and offerings.

Microsoft had more than 715,000 corporate customers using its security solutions as of its most recent quarter, and Nadella said they save 60% compared to companies that implement solutions from multiple vendors.

The company declined to make Bell available for an interview. Microsofts security team, in a detailed response to GeekWires questions, outlined the companys wide-ranging investments in technology, tools and teams, including a pledge to boost spending to $20 billion on security protections for customers over five years.

Microsoft says its fighting an asymmetric battle in unprecedented times.

In addition to the SolarWinds software supply chain attacks that first emerged in late 2020, the company says it saw increases of 150% in ransomware and more than 600% in phishing last year, plus password attacks at a rate of 579 per second.

The attack landscape is very sophisticated. Its very frequent. And we have our jobs cut out for us, said Vasu Jakkal, Microsoft corporate vice president for security, compliance, identity and privacy.

The company listed these key priorities for its security initiatives:

Microsoft also has a Digital Crimes Unit with an extensive track record of identifying, pursuing and taking down botnets, ransomware rings and other criminal networks online. The company also works on election integrity.

While Microsoft is far from alone in dealing with vulnerabilities in its software, its technology has long been foundational for many businesses. The company has extended that role into a new era by making the transition to the cloud. The resurgence of the PC market has made the company all the more relevant.

Microsoft is the arsonist, the fire department, and the building inspector all rolled into one.

Microsoft acknowledges that its unique in delivering both software and security products. Some competitors believe that dual role amounts to playing both sides of the fence.

[W]ith one hand, the company ships vulnerabilities and hosts malware, and with the other, it charges to protect users from those same vulnerabilities and threats, wrote Ryan Kalember, a National Cyber Security Alliance board member and executive vice president with Proofpoint, which competes with Microsoft in enterprise security. Add in the worlds most extensive incident response practice, and Microsoft is the arsonist, the fire department, and the building inspector all rolled into one.

Another issue is Microsofts practice of putting advanced security solutions into its costliest enterprise licensing tiers.

Weve gotten to this point now where you have to pay a premium to get security features, which is honestly very unfortunate, said Wes Miller, research analyst at the independent Directions on Microsoft research firm. So customers who either are unwilling or unable to pay that premium for the security features get left out in the cold.

Miller, who was working at Microsoft as a Windows program manager when Gates issued his memo, said he sees a disconnect in the companys recent announcements touting its security revenue growth.

The reality is, you shouldnt be gloating about the money youre making, considering the larger security issues, he said. Regardless of whats in Windows 11, the company is not doing enough to fight ransomware. They are not.

The companys role in the ransomware problem was documented in a detailed post last year by Kevin Beaumont, a former Microsoft senior threat intelligence analyst. For one, Beaumont wrote, many people underestimate the burden that patching software vulnerabilities puts on IT departments.

Beaumont also cited the enterprise licensing issue.

Basic secure usage of Microsofts products, which currently helps fuel a worldwide criminal network in ransomware gangs, shouldnt have a security poverty line. That is a key element these groups are exploiting, he wrote.

He added, Microsoft can lead the security market and still make money by driving product change in its own offerings, and genuinely changing both the security industry and technology risk landscape of the world.

In an interview with GeekWire last fall, Microsoft President Brad Smith said the companys licensing approach is driven by a desire to give enterprise customers the choice to use Microsofts security solutions or others. Thats especially important in enterprise security, he said, given the extreme diversity of legacy IT infrastructure.

Theres a level of complexity that we need to think through, Smith said. The lines will probably shift over time. I think Charlie Bell can help us figure that out. And that will be good not just for Microsoft and our customers; it will be good for the country and the world.

Bell, 64, is a native of Irvine, Calif., who graduated from California State University, Fullerton. Early in his career, he worked at Boeing as a Space Shuttle flight interface engineer. He joined Amazon in 1998 when it acquired Server Technologies Group, an e-commerce software company that he founded in 1996 after leaving Oracle.

He talked about his history and focus at Amazon in this 2020 conversation at the IEEE conference on Computer Vision and Pattern Recognition.

Bell worked at Amazon for more than 23 years, including 15 as a top AWS executive. He reported to Andy Jassy, the longtime AWS CEO, before Jassy became Amazon CEO. Once considered a potential successor to Jassy at AWS, Bell took the Microsoft job after Amazon brought Adam Selipsky back from Tableau to AWS as CEO.

Longtime colleagues describe Bell as a down-to-Earth leader with a pragmatic streak. During his Amazon tenure, he could often be spotted walking from his home through the city to Amazons campus, wearing a bright yellow safety jacket.

Bell is the husband of Nadia Shouraboura, an entrepreneur who was previously an Amazon vice president and founder and CEO of Seattle-based robot-powered apparel startup Hointer.

A consummate engineer, Bell is also a quintessential Seattleite, the kind of person who would be as comfortable leading a multinational corporation as he might be chatting about Puget Sounds J Pod endangered southern resident orcas, said a former AWS colleague, Brian Hall.

Hes fascinated with problems and opportunities, and how to engineer solutions, Hall said.

Jakkal said she and Bell bonded over a shared interest science fiction and quantum physics, and a Star Trek analogy that explains the security engineering groups vision: giving Microsoft customers the same level of visibility into the security landscape as a captain of the Enterprise would have into deep space from the bridge.

Im confident hes going to help us build that, Jakkal said.

Microsoft executives and teams now reporting to Bell are:

The language in Bells LinkedIn post was, in some ways, reminiscent of Gates memo.

As digital services have become an integral part of our lives, were outstripping our ability to provide security and safety, he wrote. Its constantly highlighted in the headlines we see every day: fraud, theft, ransomware attacks, public exposure of private data, and even attacks against physical infrastructure.

He added, This has been weighing on my mind and the best way I can think to describe it is digital medievalism, where organizations and individuals each depend on the walls of their castles and the strength of their citizens against bad actors who can simply retreat to their own castle with the spoils of an attack.

We all want a world where safety is an invariant, something that is always true, and we can constantly prove we have, he wrote.We all want digital civilization.

Updates: Added information on Microsofts Digital Crimes unit and related activities. Corrected to remove reference to Harv Bhela, who had been one of Bells direct reports but recently left to become NetApps chief product officer.

Follow this link:

Former Amazon exec inherits Microsofts complex cybersecurity legacy in quest to solve one of the greatest challenges of our time - GeekWire

"The Sell Sider" is a column written by the sell side of the digital media community.

Today's column is written by Mike Peralta, VP and GM of Marketing Solutions, a division of T-Mobile USA.

2021 brought unprecedented consolidation across ad tech. But theres one particularly striking mini trend thats emerging: Gaming studios are merging with ad tech platforms.

In the latest example of this trend, Microsoft announced two blockbuster deals that pair ad tech with gaming content. In December, the company shared plans to acquire Xandr, AT&Ts data and analytics platform. And just two week ago, Microsoft announced its acquiring Activision Blizzard, the publisher behind Call of Duty and World of Warcraft, for a whopping $68 billion.

But Microsoft isnt the first to take this approach. In fact, its following in the footsteps of gaming and software giants, including AppLovin, ironSource and Zynga. Whats the strategy behind the move? First-party data.

A popular playbook

First-party data is the future of advertising, taking the place of outdated cookie-based tech. In previous years, ad platforms have failed to find a way to fully leverage the power of this data. But today, companies are putting it at the center of their strategies. And M&A is helping to fuel it.

In 2018, AppLovin raised $400 million from private equity firm KKR at a valuation of $2 billion, using those funds to transform itself from an advertising platform into a mobile gaming powerhouse. Today, AppLovin has a market cap of nearly $32 billion.

To get there, they made a slew of smart ad tech acquisitions: first, MAX, an in-app bidding solution. Then SafeDK, an SDK management tool that helps mobile app publishers automate security and brand safety. Then Adjust, a mobile advertising measurement and attribution company. And, most recently, MoPub, one of the largest in-app ad exchanges on the market.

Each of these acquisitions were strategic investments to grow AppLovins mobile ad business. In 2020, in-house app traffic generated more than 70% of AppLovin's ad business. Following these acquisitions specifically, MoPub that number will shift dramatically by monetizing app traffic across every vertical.

IronSource, which runs a gaming studio and ad network, took a similar approach. In just nine months, the company acquired an ad quality insights platform, a creative platform and two major mobile in-app monetization platforms Tapjoy and Bidalgo. Today, ironSource, much like AppLovin, continues to gain market share from the overall mobile gaming and mobile monetization industry.

But wait, theres more. In 2021, Zynga, the leading global game developer, acquired Chartboost, an in-app monetization platform with a widely used SDK. And other up-and-coming players, like Media and Games Invest (MGI), continue to leverage M&A to turbocharge the content and platform growth strategy.

Fueling first-party data

Through these acquisitions, companies like AppLovin, ironSource and Zynga can tap first-party data from their in-house mobile games, add more first-party data via their monetization SDK integrations, then use those two sets of data to refine and scale both businesses: the gaming side and the media side.

For example, through its MoPub acquisition, AppLovin can leverage data from other mobile gaming publishers to derive insights on KPIs like CPMs, CTRs, viewability rates, completion rates and more. Then, AppLovin can use these rich insights to improve and grow the gaming assets they already own. Its a recipe for success and smart companies with large budgets are doubling down.

For Microsoft, the opportunity is equally robust. It can now combine the strengths of Xandr and Activision Blizzard to give both its gaming business and its ad tech business a major boost. Moving forward, the tech giant can gather insights from Xandrs existing ad platform and use them to drive growth and improve the monetization of Activisions portfolio of mobile gaming content.

And thats really just the beginning. With the mobile gaming content market in the US expected to reach $25 billion in 2022, and US mobile ad spend exceeding $160 billion this year, this particular M&A trend may very well set the tone for mobile marketing in 2022.

Follow T-Mobile (@TMobile)and AdExchanger (@adexchanger) on Twitter.

Follow this link:

The Real Reasons Gaming Companies Are Merging With Ad Tech AdExchanger - AdExchanger

Online services (Yonhap)

In 2020, South Korea passed a legal revision holding online content service providers accountable if they fail to maintain stable services amid growing complaints against streaming giants Netflix and Google after their services experienced outages.

The revised law, informally dubbed the "Netflix law" in the country, applies to online service companies that account for 1 percent or more of the country's average daily data traffic in the last three months of the previous year and that have more than 1 million daily users.

Local streaming platform Wavve has been excluded from the regulation this year as its average traffic fell short of 1 million daily users.

The ministry said it has notified the five companies and will finalize the designation within this month after consultations with the companies.

The ministry said global tech giants made up a significant portion of the country's daily data traffic in the final three months of 2021, with Google accounting for a whopping 27.1 percent, followed by Netflix at 7.2 percent and Meta at 3.5 percent.

Among local companies, top portal operator Naver held the top spot at 2.1 percent, followed by rival Kakao at 1.2 percent.

The five companies accounted for a total of 41.1 percent of the country's average daily traffic over the period.

The ICT ministry data also showed that Google's average daily user number over the period stood at 51.5 million, followed by Kakao at 40.6 million, Naver at 40.3 million, Meta at 6.8 million, and Netflix at 1.7 million. (Yonhap)

Read more here:

S. Korea requires Google, Netflix and 3 others to provide stable online services this year - The Korea Herald

A

mazon is continuing its rapid expansion in the UK with plans to hire 1,500 apprentices after growing its British headcount by almost 50% last year.

Amazons 1,500 new UK apprentices will receive in-house training across departments including publishing, retailing and marketing. Country Manager John Boumphrey said the programme would help even more people get the skills that are in demand in todays labour market.

The company has invested 32 billion in the UK since 2010 and today said it hired 25,000 people here last year. That is higher than the 10,000 target it original set.

The jobs spree takes Amazons permanent UK workforce to 70,000. Half of last years new hires were previously unemployed or joined directly from education, the company said. Roles spanned the breadth of the company, with new hires doing everything from packing parcels to maintaining servers.

The rapid rise in headcount comes as Amazon diversifies into the grocery sector with its till-free Amazon Fresh shops. There are now 15 outlets up and running in London and the tech giant plans to open around 200 across the UK in the next two years. The expansion is a direct challenge to British retail giants such as Tesco, which is already battling German discounters Aldi and Lidl.

Amazon said its Fresh stores, and two 4-Star stores opened last year, created hundreds of jobs.

Business Secretary Kwasi Kwarteng said: Amazons announcement is testament to the strength of the British economy, with GDP back at pre-pandemic levels, employee numbers at record highs and unemployment falling.

The hiring spree comes after Amazon enjoyed a surge in profits after lockdown restrictions caused shoppers to switch to online retail.

See the original post:

Amazon hires 25000 new UK employees as tech-giant takes on supermarket chains - Evening Standard

Growing up in 1970s Britain, I would gaze in awe at my great aunt Ruth Tetts kitchen cupboards. After living through two world wars and a global economic depression, she was addicted to hoarding and recycling almost anything she possessed.

No old paper bags, bits of string, ribbon and wood, nails or pieces of cloth were ever thrown away if they could be repurposed in some form as clothes, fencing, or anything else.

As a teenager, I described this as being old fashioned. Today, I would say: embracing the circular economy. The instincts that my great aunt upheld as a result of deprivations are coming back into vogue.

That is partly because a new wave of environmental activists and sustainability champions are promoting circular economy goals or consumption based on the reuse of products, byproducts and waste, rather than a never-ending cycle of resource exploitation.

The phrase circular economy is also being tossed around in the environmental, social and governance movement, with ESG investors pressing big companies to show how they uphold this mantra, too.

The ideas represented in those 1970s kitchen cupboards, in other words, are creeping into the corporate boardroom.

Consider the right to repair movement. A decade ago, it was taken for granted in Silicon Valley that consumers would always embrace the most up-to-date versions of digital devices. They would buy upgraded gadgets when their current ones malfunctioned or wore out.

It remains to be seen how many consumers will fall in with the upgrade culture fixing an old iPhone or digital watch is no simple matter, even when parts are available

This upgrade culture was so ingrained in western consumer society that tech companies tended to design products on the assumption that they would quickly become obsolete. They used overt and covert strategies to prompt consumers to keep churning their devices. In 2020, for instance, Apple agreed to pay $500mn to settle claims that it deliberately slowed down some iPhones as they got older.

No longer. These days, the cost of this upgrade mentality is becoming clear: Global E-waste Statistics Partnership, which measures electric and electronic waste, estimates that some 53.6mn tonnes of products were discarded in 2019, or 21 per cent more than five years earlier. Less than 20 per cent of this e-waste was officially recorded as recycled.

But, now, a host of initiatives is under way to try to change consumer and corporate behaviour. University College Londons Big Repair Project is a case in point. It has been carrying out surveys of the British public about their attitude towards their consumer electronics. As its website explains, the aim of the project is to understand the factors affecting household maintenance and repair (carried out yourself or using professional services) of home appliances and electronics across the UK.

The group recently met tech manufacturers, the repair community, industry bodies and other stakeholders to develop proposals for right to repair legislation in the UK. This would give consumers the ability to force companies to back efforts to reuse old electronic devices.

Separately, ESG activists have filed shareholder proposals at the annual meetings of big tech groups, seeking to force them to change their strategies.

Last year, non-profit As You Sow unveiled a petition at Microsofts AGM that called for its devices to be made more easily repairable. Microsoft...facilitates premature landfilling of its devices by restricting consumer access to device reparability, Kelly McBee, waste programme co-ordinator at As You Sow, told the Financial Times.

The move marked the first such shareholder proposal in the US. And, while tech leaders initially dismissed these ideas, Apples management performed a U-turn late last year to launch a self-service repair scheme that would allow customers to buy Apple-made components to replace worn out or broken parts.

Microsoft has made similar moves and other tech giants are likely to do the same not least because the Biden administration said last year that it wanted the Federal Trade Commission, the competition watchdog, to look at anti-competitive restrictions on repair markets. Around half of US states are contemplating local legislation in this direction, too.

Of course, it remains to be seen how many consumers will fall in with the upgrade culture. After all, fixing an old iPhone or digital watch is no simple matter, even when parts are available.

However, environmental activists hope these measures will encourage more independent repair providers to emerge. And, if nothing else, the about-turn by Apple illustrates two important points.

The first is the degree to which big companies are responsive to ESG investor demands particularly when coupled with regulatory reforms.

The second noteworthy lesson is how consumer expectations are changing. Generation X (like me) grew up revering the endless upgrades culture; todays millennial and younger generations are leaping back into the future.

If my great aunt were still alive, she might chuckle; the rest of us should cheer.

See more here:

'Right to repair' campaign forces rethink by Big Tech - Financial Times