CSOonline: Securing Microsoft Teams

As more remote work from home happens, your collaboration tools need more scrutiny. A popular choice for instant messaging and video conferencing is Microsoft’s Teams, and securing this application will be a challenge. There have been Teams-specific exploits observed, for example. And even if Teams isn’t targeted, it could fall victim to general DDoS or ransomware attacks, which would be an issue if you depend on Teams for internal communications post-attack. And while Microsoft has published numerous suggestions on how to better secure Teams, the process is vexing and error-prone.

You can read my published analysis for CSOonline here. I also compare how Teams security stacks up with Slack. Avanan, pictured above, has versions for both.

Avast blog: Everything you should know about social media scraping

Last month, a massive data leak exposed more than 300 million different accounts from social media platforms. The collection included 192 million records scraped from two different Instagram collections, along with 42 million records scraped from TikTok and an additional 4 million records scraped from YouTube.

The records include usernames, profile photos, emails, phone numbers, age and gender along with specifics about followers and other engagement for each account. The leak involved a set of three open data shares from the company Social Data: a few hours after being notified, the shares were properly secured.

There are several things that are interesting about this leak: its source, how the data was obtained, and what this means for your own social media consumption. You can read more on the Avast blog. 

Network Solutions blog: Understanding SSO

One of the best ways to manage your password collection is to use a single sign-on (SSO) tool. These tools centralize the administration of user authentication services by having one login credential that can be used for multiple applications. 

You might think this creates a security loophole. We all have been drilled into not sharing the same login across multiple apps, right? The way that SSO works is somewhat different. Yes, you have a single login to gain overall access to an SSO tool. But once that is accomplished, the tool then automatically sends out separate credentials to sign in so you can use each of your apps. In many cases, you don’t even know what the details of each credential is — they could be using very complex passwords that are created at random by the tool. The good news is that you don’t need to remember each one, because the SSO does it for you. The bad news is that implementing SSO can be confounding, costly and complex.

You can read more on this topic on my blog post for Network Solutions here.

RSA blog: Why authentication still holds the key for RSA’s success after nearly 40 years

Today, RSA once again becomes an independent company, after being owned by EMC and then Dell Technologies for the past several years. I’m commemorating this milestone by looking at a few of my favorite products from the RSA portfolio and set some context for the longevity of this iconic company. You can read my post on their blog here.

Back to college, Covid-style

As most of you know by now, I live in St. Louis. This is midway between two major rival state schools, in Columbia (Mizzou) and the University of Illinois at Urbana-Champaign. The two schools have markedly different Covid testing policies this semester. I will get to that in a moment, but first, take a look at this dashboard developed by the College Crisis Initiative:

You can see the focus in my metropolitan area of each school and the various policies that have been adopted, ranging from full in-person classes to all-online instruction and various in-between choices. There is a lot of variation among the colleges and universities just on this small portion of the map. This reflects the variation of policies about the pandemic. In my region, we have different policies for mask wearing: a county just south of the city went from masks highly recommended to required to revoking the requirement, all within 24 hours. Such is the toxic mixture of politics and public health, with emphasis quite literally on toxic.

It is certainly a confusing time to be attending college. Mizzou is using a hybrid model: some in-person classes and some online. Each school’s dean makes their own decision. Students are required to report positive tests to the campus health department.

Illinois has gone whole-school testing. They aim to test everyone (including staff and faculty) twice a week, whether or not they show symptoms. They are doing thousands of free tests daily, using a new saliva-based protocol that was developed internally (Yale and the NBA are also doing something similar), with results available in minutes. Students receive results on an app on their phones, which allow them access to classrooms if they test negative. Interestingly, most of their classes are being held online, even though students are living on campus. All this planning didn’t help: students still went to parties and got infected.

Some schools, such as Notre Dame, began their semesters with plans for all in-person but got spikes in infections and then paused these classes to do more testing. The cause appeared to be a combination of large on-campus gatherings of non-mask wearers and two off-campus parties attended by biz school students. I guess the students took to their mirroring of adult life very faithfully.

To show you what shouldn’t be done is the example of Albion College in Michigan. Ironically, it has academic programs to train contact trackers to be hired by health agencies. Last month Zack Whittaker at TechCrunch wrote about a new Covid tracking app from Aura that is being deployed at the college. The app is mandatory for all students and tracks their real-time locations.

If you think you have already heard about Aura, there is another product with this name that is a mood tracker for the Apple Watch. There is also the Oura ring which is another health and activity monitor. But the Albion Aura app is a problem. Like at Urbana, students need to use the app to gain entry to classrooms. If students uninstall the app or don’t share their location with the app, they could be suspended. Its first release contained rookie security errors, one of which was found by one of the college’s compsci students. There is a long list of FAQs on the college website.  I was more confused reading the entries and I can’t imagine what students and parents at Albion might think.

Clearly, we are all feeling our way through these trying times. And the Mizzou link above will take you to a SciAm piece that compares strategies at other schools. If you have a college student in your family, do share your own reactions here about your own perspective.

Marketing in the time of the Covid

I have been doing a couple of podcast interviews with marketing executives over the past couple of weeks: one with Domo (a cloud BI company that I did hands-on tests several years ago) and Talend (a cloud data integration vendor). Both faced big challenges during the pandemic, such as turning their in-person user conferences into all virtual ones and changing their marketing to adjust to the new virtual way of doing business. You would think that the marketing would be pretty much the same even though both companies operate primarily in the cloud. But you would be wrong. When it comes to enterprise B2B software sales, you need road warriors and a personal high-touch. But the old school days of customer wine-and-dine are gone. You have to be more creative about building those connections these days.

Talend hired a completely new leadership team (which interestingly are all women) and as a result went through a series of rebranding efforts. “Data is the difference between surviving and thriving,” says Lauren Vaccarello, the CMO of Talend on our podcast. She watched one of her favorite tea shops close their doors in a couple of weeks and lay off hundreds of their staff. That motivated her to rethink their messaging and start fresh, assuming that everything will change. “We have a product that can help businesses with better and real-time access to their data.”

“We can’t rely on anything, we have to innovate and change what we did a year ago,” she said. For example, they could pull customer executives together in a webinar rather than rely on those who could attend a physical meeting. Not to mention that virtual events were a lot less costly and had a lot higher attendance and engagement too. “From an ROI perspective, we got 5x higher returns than from an in-person event.” Having an all-female executive team at Talend is an interesting experience for all of them. “None of us feel the need to be perfect around each other,” she said. That makes for more intense, authentic and productive collaboration too. “The dynamic is different.”

Domo had a similar experience and just a few days to transform their customer event into a virtual one. It went from about 3,000 attendees to more than 12,000 virtual visitors. And from three days’ worth of sessions to one 90 minute plenary session with dozens of break-out sessions that could be streamed on demand.

One of my biggest beefs with SaaS companies is how hard it is to price their services. Compare Domo’s pricing page with Talend’s  (shown here) — the latter is very transparent and very clear, and a rarity.

I want to bring in a post from Salesforce which talks about ways marketers can fight digital fatigue. The authors cite the average person now spends 7.5 hours daily in front of a screen. They have several suggestions on how to beef up your own marketing efforts during these pandemic times, including:

  • Follow your customers as they change usage patterns and try new products. Stay top of mind and evolve with them. Don’t stop your marketing efforts.
  • Personalization is critical. As customers curate their digital experiences, make sure you have a better understanding of their needs and what matters to them. But don’t cross over into being creepy.
  • Agile is here to stay. Understand this evolution and how customers are responding to your content.
  • Social media matters. Make sure you can engage your customers on the various social platforms where they talk about your products.
  • Empathy is important. Show your customers that you care and respond to their concerns. Above all else, avoid the hard sell and be authentic.


FIR B2B podcast #141: How Domo pivoted to a virtual conference — in just 12 days

Business intelligence software firm Domo had been planning its March 18 Domopalooza conference for nearly a year. About 3,000 customers and partners were expected to flock to Salt Lake City for four days of technical training and meetings, capped by a concert by the Black Eyed Peas. But as quarantines and lockdowns began sweeping the world in late February, Domo made the tough call to take the conference virtual, with just 12 days to make the shift.

Chief Strategy Officer John Mellor spearheaded the shift. In this interview he summarizes the rapid series of decisions Domo had to make to pull off a successful virtual event that ultimately attracted more than 12,000 visitors. There are more details in this story that my podcasting partner Paul Gillin wrote for SiliconAngle.

Mellor turned a three-day event into one 90-minute plenary session that mixed live conversations with pre-taped segments, along with a series of dozens of break-out sessions that could be streamed on demand. He focused on delivering great content, driving a higher attendance and better engagement through a well-defined user community. He also saved a bunch of money, even after paying the no-show fees for the various in-person aspects of the event. In our podcast, he discusses his decisions and why he expects to take a “virtual first”  approach to future events.

Listen to our 21-minute podcast here:

Network Solutions blog: How to evaluate a DNS security provider

The Domain Name System (DNS) is the Rodney Dangerfield of Internet protocols. By that, we mean that DNS has trouble getting respect for all the important things that it does. Over the years, the DNS has been abused by spammers, its weaknesses exploited by distributed denial of service (DDoS) attackers and domain hijackers. Given that the spate of attacks is increasing (according to one 2019 IDG report), it is time to get more serious about how you manage your DNS infrastructure and how you can harden it to prevent future threats. DNS attacks are often used by bad actors to reach their victims and do damage to business reputations. In this post for Network Solutions’ blog, I talk about the role that DNS plays and how you can evaluate a potential DNS supplier and use various means to protect your network assets.

RSA blog: Enabling A Virtual SOC Environment

The role of the security operations center (SOC) is changing in a more distributed world. As businesses continue to support remote operations and staff, they need to start thinking about building out a virtual SOC environment to manage their infrastructure long-term. There are several things to consider in building the right virtual SOC. Some of these choices are not as obvious and will require some effort to plan appropriate actions. In my latest post for RSA’s blog, I discuss some of these issues.

FIR B2B podcast episode #140: Talend’s Lauren Vaccarello On Taking Marketing Virtual

Lauren Vaccarello’s first year as CMO of Talend has been about resilience, psychological trust and safety, along with frequent quick pivots. The former marketing executive at Salesforce.com and Box and host of a Mission.org marketing podcast has had to adjust to working with an entirely new leadership team, leading a full company rebrand (and a second rebrand thanks to COVID-19) and transforming a planned in-person event to a worldwide series of virtual events fielded across three continents in a single day.

In the process, Lauren has learned to think on her feet and how to rewire marketing in this brave new pandemic world. In our interview, we talk with her about the changes COVID-19 has wrought in the B2B world, what marketers still need to learn about digital marketing, how B2B is affected by the surge of e-commerce usage in the consumer world and why Talend is so transparent about pricing (its page is a model of clarity that every SaaS vendor should follow). She also tells why she is excited to be working for an all-female leadership team and the collaboration and shared responsibility they bring to the table. It’s something other Silicon Valley firms could learn from. Listen to our 30 minute podcast here: