AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

“What we're really trying to do is to look at that end-to-end journey of data and to build really compelling, powerful capabilities and services at each stop in that data journey and then…knit all that together with strong concepts like governance,” Selipsky told Protocol in a recent interview in Boston.

AWS now has more than 200 services, and Selispky said it’s not done building.

“I don't know when we ever will be,” he said. “We continue to both release new services because customers need them and they ask us for them and, at the same time, we've put tremendous effort into adding new capabilities inside of the existing services that we've already built. Both prongs of that are important.”

But cost-cutting is a reality for many customers given the worldwide economic turmoil, and AWS has seen an increase in customers looking to control their cloud spending.

“Some customers are doing some belt-tightening,” Selipsky said. “What we see a lot of is folks just being really focused on optimizing their resources, making sure that they're shutting down resources which they're not consuming. By the way, they should be doing that all the time. The motivation's just a little bit higher in the current economic situation.”

This interview has been edited and condensed for clarity. Read Protocol’s other story based on our interview with Selipsky here.

Besides the sheer growth of AWS, what do you think has changed the most while you were at Tableau? Were you surprised by anything?

The number of customers who are now deeply deployed on AWS, deployed in the cloud, in a way that's fundamental to their business and fundamental to their success surprised me. You can see it on paper and say, “Oh, the business has grown bigger, and that must mean there are more customers,” but the cloud and our relationship with these enterprises is now very much a C-suite agenda.

There was a time years ago where there were not that many enterprise CEOs who were well-versed in the cloud. Then you reached the stage where they knew they had to have a cloud strategy, and they were…asking their teams, their CIOs, “okay, do we have a cloud strategy?” Now, it's actually something that they're, in many cases, steeped in and involved in, and driving personally.

That’s just indicative of how much so many organizations are using the cloud now in every facet of their business — to run their core IT enterprise applications, of course, to do all sorts of new analytics, many of which involve machine learning now that there were never possible before, and then many, many end-customer applications as well.

It's not just about deploying technology. The conversation that I most end up having with CEOs is about organizational transformation. It is about how they can put data at the center of their decision-making in a way that most organizations have never actually done in their history. And it's about using the cloud to innovate more quickly and to drive speed into their organizations. Those are cultural characteristics, not technology characteristics, and those have organizational implications about how they organize and what teams they need to have. It turns out that while the technology is sophisticated, deploying the technology is arguably the lesser challenge compared with how do you mold and shape the organization to best take advantage of all the benefits that the cloud is providing.

How has your experience at Tableau affected AWS and how you think about putting your stamp on AWS?

I, personally, have just spent almost five years deeply immersed in the world of data and analytics and business intelligence, and hopefully I learned something during that time about those topics. I'm able to bring back a real insider's view, if you will, about where that world is heading — data, analytics, databases, machine learning, and how all those things come together, and how you really need to view what's happening with data as an end-to-end story. It's not about having a point solution for a database or an analytic service, it's really about understanding the flow of data from when it comes into your organization all the way through the other end, where people are collaborating and sharing and making decisions based on that data. AWS has tremendous resources devoted in all these areas.

Can you talk about the intersection of data and machine learning and how you see that playing out in the next couple of years?

What we're seeing is three areas really coming together: You've got databases, analytics capabilities, and machine learning, and it's sort of like a Venn diagram with a partial overlap of those three circles. There are areas of each which are arguably still independent from each other, but there's a very large and a very powerful intersection of the three — to the point where we've actually organized inside of AWS around that and have a single leader for all of those areas to really help bring those together.

There's so much data in the world, and the amount of it continues to explode. We were saying that five years ago, and it's even more true today. The rate of growth is only accelerating. It's a huge opportunity and a huge problem. A lot of people are drowning in their data and don't know how to use it to make decisions. Other organizations have figured out how to use these very powerful technologies to really gain insights rapidly from their data.

What we're really trying to do is to look at that end-to-end journey of data and to build really compelling, powerful capabilities and services at each stop in that data journey and then…knit all that together with strong concepts like governance. By putting good governance in place about who has access to what data and where you want to be careful within those guardrails that you set up, you can then set people free to be creative and to explore all the data that's available to them.

AWS has more than 200 services now. Have you hit the peak for that or can you sustain that growth?

We're not done building yet, and I don't know when we ever will be. We continue to both release new services because customers need them and they ask us for them and, at the same time, we've put tremendous effort into adding new capabilities inside of the existing services that we've already built. Both prongs of that are important.

We don't just build a service and move on. Inside of each of our services – you can pick any example – we're just adding new capabilities all the time. One of our focuses now is to make sure that we're really helping customers to connect and integrate between our different services. So those kinds of capabilities — both building new services, deepening our feature set within existing services, and integrating across our services – are all really important areas that we'll continue to invest in.

Do customers still want those fundamental building blocks and to piece them together themselves, or do they just want AWS to take care of all that?

There's no one-size-fits-all solution to what customers want. We absolutely have customers who very much want to have their hands “on the wheel,” if you will, and to be working with our services at the at the deepest layer, at the most primitive level — so EC2 for compute, S3 for storage, one or more of our database services — and they want to be interacting with those services directly.

It is interesting, and I will say somewhat surprising to me, how much basic capabilities, such as price performance of compute, are still absolutely vital to our customers. If you'd asked me 15 years ago, “hey in 2022, how much of the cutting edge of innovation do you think would be around raw performance or price performance of a unit of compute,” I wouldn't have necessarily guessed that was still as important as it is. But it's absolutely vital. Part of that is because of the size of datasets and because of the machine learning capabilities which are now being created. They require vast amounts of compute, but nobody will be able to do that compute unless we keep dramatically improving the price performance.

We (also) absolutely have more and more customers who want to interact with AWS at a higher level of abstraction…more at the application layer or broader solutions, and we're putting a lot of energy, a lot of resources, into a number of higher-level solutions. One of the biggest of those … is Amazon Connect, which is our contact center solution. In minutes or hours or days, you can be up and running with a contact center in the cloud. At the beginning of the pandemic, Barclays … sent all their agents home. In something like 10 days, they got 6,000 agents up and running on Amazon Connect so they could continue servicing their end customers with customer service. We've built a lot of sophisticated capabilities that are machine learning-based inside of Connect. We can do call transcription, so that supervisors can help with training agents and services that extract meaning and themes out of those calls. We don't talk about the primitive capabilities that power that, we just talk about the capabilities to transcribe calls and to extract meaning from the calls. It's really important that we provide solutions for customers at all levels of the stack.

Given the economic challenges that customers are facing, how is AWS ensuring that enterprises are getting better returns on their cloud investments?

Now's the time to lean into the cloud more than ever, precisely because of the uncertainty. We saw it during the pandemic in early 2020, and we're seeing it again now, which is, the benefits of the cloud only magnify in times of uncertainty.

For example, the one thing which many companies do in challenging economic times is to cut capital expense. For most companies, the cloud represents operating expense, not capital expense. You're not buying servers, you're basically paying per unit of time or unit of storage. That provides tremendous flexibility for many companies who just don't have the CapEx in their budgets to still be able to get important, innovation-driving projects done.

Another huge benefit of the cloud is the flexibility that it provides — the elasticity, the ability to dramatically raise or dramatically shrink the amount of resources that are consumed. In the first six months of the pandemic, Zoom's demand went up about 300%, and they were able to seamlessly and gracefully fulfill that demand because they're using AWS. You can only imagine if a company was in their own data centers, how hard that would have been to grow that quickly. The ability to dramatically grow or dramatically shrink your IT spend essentially is a unique feature of the cloud.

These kinds of challenging times are exactly when you want to prepare yourself to be the innovators … to reinvigorate and reinvest and drive growth forward again. We've seen so many customers who have prepared themselves, are using AWS, and then when a challenge hits, are actually able to accelerate because they've got competitors who are not as prepared, or there's a new opportunity that they spot. We see a lot of customers actually leaning into their cloud journeys during these uncertain economic times.

During Amazon’s Oct. 27 earnings call, it was noted there was an uptick in AWS customers wanting to cut costs, and Amazon’s CFO said customers were looking to save versus their committed spend. Do you still push multi-year contracts, and when there's times like this, do customers have the ability to renegotiate?

We're an $82-billion-a-year company last quarter, growing 27% year over year, so we have, of course, every use case and customers in every situation that you could imagine. Many are rapidly accelerating their journey to the cloud. Some customers are doing some belt-tightening. What we see a lot of is folks just being really focused on optimizing their resources, making sure that they're shutting down resources which they're not consuming. By the way, they should be doing that all the time. The motivation's just a little bit higher in the current economic situation. You do see some discretionary projects which are being not canceled, but pushed out.

But every customer is welcome to purely “pay by the drink” and to use our services completely on demand. Every customer is free to make that choice. But of course, many of our larger customers want to make longer-term commitments, want to have a deeper relationship with us, want the economics that come with that commitment. We're signing more long-term commitments than ever these days.

AWS’ margins took a hit this past quarter, but do you think its margins in general are kind of fat?

We provide incredible value for our customers, which is what they care about. There have been analyst reports done showing that…for typical enterprise workloads that move over, customers save an average of 30% running those workloads in AWS compared to running them by themselves.

(Australian airline) Qantas, for example, is using AWS to do advanced analytics on flight paths — fuel-efficient flight paths, given wind conditions and what their flight paths should be — and they actually project they're going to save $40 million a year, in addition to…lowering their carbon footprint through better fuel efficiency. That kind of analysis would not be feasible, you wouldn't even be able to do that for most companies, on their own premises. So some of these workloads just become better, become very powerful cost-savings mechanisms, really only possible with advanced analytics that you can run in the cloud.

In other cases, just the fact that we have things like our Graviton processors and … run such large capabilities across multiple customers, our use of resources is so much more efficient than others. We are of significant enough scale that we, of course, have good purchasing economics of things like bandwidth and energy and so forth. So, in general, there's significant cost savings by running on AWS, and that's what our customers are focused on.

The margins of our business are going to … fluctuate up and down quarter to quarter. It will depend on what capital projects we've spent on that quarter. Obviously, energy prices are high at the moment, and so there are some quarters that are puts, other quarters there are takes.

The important thing for our customers is the value we provide them compared to what they're used to. And those benefits have been dramatic for years, as evidenced by the customers' adoption of AWS and the fact that we're still growing at the rate we are given the size business that we are. That adoption speaks louder than any other voice.

Do you anticipate a higher percentage of customer workloads moving back on premises than you maybe would have three years ago?

Absolutely not. We're a big enough business, if you asked me have you ever seen X, I could probably find one of anything, but the absolute dominant trend is customers dramatically accelerating their move to the cloud. Moving internal enterprise IT workloads like SAP to the cloud, that's a big trend. Creating new analytics capabilities that many times didn't even exist before and running those in the cloud. More startups than ever are building innovative new businesses in AWS. Our public-sector business continues to grow, serving both federal as well as state and local and educational institutions around the world. Only … in the vicinity of 10% of IT has moved to the cloud. It really is still day one. The opportunity is still very much in front of us, very much in front of our customers, and they continue to see that opportunity and to move rapidly to the cloud.

Do you ever see a cloud environment where customers could easily run say your machine learning services and Google's data offerings and Microsoft’s X offerings as one big tech stack easily?

In general, when we look across our worldwide customer base, we see time after time that the most innovation and the most efficient cost structure happens when customers choose one provider, when they're running predominantly on AWS. A lot of benefits of scale for our customers, including the expertise that they develop on learning one stack and really getting expert, rather than dividing up their expertise and having to go back to basics on the next parallel stack.

That being said, many customers are in a hybrid state, where they run IT in different environments. In some cases, that's by choice; in other cases, it's due to acquisitions, like buying companies and inherited technology. We understand and embrace the fact that it's a messy world in IT, and that many of our customers for years are going to have some of their resources on premises, some on AWS. Some may have resources that run in other clouds. We want to make that entire hybrid environment as easy and as powerful for customers as possible, so we've actually invested and continue to invest very heavily in these hybrid capabilities.

For example, in the management capabilities, that’s the first thing that customers ask for: “We want to be able to see and have visibility into and, in some cases, manage resources on AWS, on my own premises and, in some cases, on other clouds.” So we've built capabilities, many of our management services, to see and, in some cases, control what's going on across those environments.

A lot of customers are using containerized workloads now, and one of the big container technologies is Kubernetes. We have a managed Kubernetes service, Elastic Kubernetes Service, and we have a … distribution of Kubernetes (Amazon EKS Distro) that customers can take and run on their own premises and even use to boot up resources in another public cloud and have all that be done in a consistent fashion and be able to observe and manage across all those environments. So we're very committed to providing hybrid capabilities, including running on premises, including running in other clouds, and making the world as easy and as cost-efficient as possible for customers.

Can you talk about why you brought Dilip Kumar, who was Amazon's vice president of physical retail and tech, into AWS as vice president applications and how that will play out?

He's a longtime, tenured Amazonian with many, many different roles – important roles – in the company over a many-year period. Dilip has come over to AWS to report directly to me, running an applications group. We do have more and more customers who want to interact with the cloud at a higher level – higher up the stack or more on the application layer.

We talked about Connect, our contact center solution, and we've also built services specifically for the healthcare industry like a data lake for healthcare records called (Amazon) HealthLake. We've built a lot of industrial services like IoT services for industrial settings, for example, to monitor industrial equipment to understand when it needs preventive maintenance. We have a lot of capabilities we're building that are either for … horizontal use cases like (Amazon Connect) or industry verticals like automotive, healthcare, financial services. We see more and more demand for those, and Dilip has come in to really coalesce a lot of teams' capabilities, who will be focusing on those (areas). You can expect to see us invest significantly in those areas and to come out with some really exciting innovations.

Would that include going into CRM or ERP or other higher-level, run-your-business applications?

I don't think we have immediate plans in those particular areas, but as we've always said, we're going to be completely guided by our customers, and we'll go where our customers tell us it's most important to go next. It's always been our north star.

Correction: This story was updated Nov. 18, 2022, to correct the name of Amazon EKS Distro.

Good morning! Elon Musk was in court yesterday with some interesting takes on what it means to be a CEO. Let’s take a closer look at what he said.

Elon Musk, the un-CEO

Elon Musk is CEO of Tesla, Twitter, SpaceX, and The Boring Company. But you shouldn’t think of him as a regular CEO, he told a Delaware court yesterday, as he took the stand to argue the case for his $56 billion Tesla compensation package as part of a shareholder lawsuit against him.

“CEO is often viewed as somewhat of a business-focused role,” Musk told the court, which is certainly an interesting way to start off a sentence.

• “In reality, my role is much more that of an engineer developing technology and making sure that we develop breakthrough technologies and that we have a team of incredible engineers who can achieve those goals,” he added.
• “At SpaceX it’s really that I’m responsible for the engineering of the rockets and Tesla for the technology in the car that makes it successful,” he said. Just call him technoking, right?

In fact, Musk may be demurring from the CEO role at some of his businesses.

• James Murdoch, long-time Tesla board member and friend of Musk, told the court that Musk had recently identified a potential successor for his CEO role at Tesla, though the identity of that person wasn’t revealed.
• “I did not want to be CEO,” Musk said at one point. Antonio Gracias, a former board member and also a friend of Musk, told the court that the board had in the past considered alternative CEOs, but not found a suitable replacement.
• He may look to get out of his new gig, too. “I expect to reduce my time at Twitter and find somebody else to run Twitter over time,” Musk said at one point during the trial. (For what it’s worth, Jack Dorsey is not interested.)

At the root of all this is a question of time, energy, and focus. The lawsuit contends that Musk used his position of leverage over the Tesla board to negotiate a huge compensation package, such that he was able to receive huge tranches of options without working singularly on Tesla.

• Musk argued that he worked incredibly hard: "The amount of pain, no words can express," he said. "It’s pain I would not wish to inflict upon anyone."
• "I pretty much work all the time," he added. "I don’t know what a punch clock would achieve."

The presiding judge, Chancellor Kathaleen McCormick, will have to determine whether the case against Musk stacks up, though a verdict isn't expected for months. She might need some of that time to work out what Musk and the board even thought the expectations of his job were all along.

SBF lays it bare

Just when you think the FTX saga couldn’t get any more weird, former CEO Sam Bankman-Fried went and had a confessional conversation with Vox’s Kelsey Piper via Twitter DM. It's an ... unconventional approach when you’re under investigation by federal authorities, but by this point little should surprise us.

Anyway, the message exchange makes for fairly eye-opening reading. Here are some choice cuts.

On regulators:

• “F*** regulators. They make everything worse. They don’t protect consumers at all.”

On talking the talk on ethics:

• “It’s what reputations are made of, to some extent. I feel bad for those who get f***ed by it, by this dumb game we woke Westerners play where we say all the right shibboleths and so everyone likes us.”

On how FTX got into the mess with Alameda:

• “It wasn’t quite lending out – it was messier and more organic than that; each step was in isolation rational and reasonable, and then when we finally added it all up last week, it wasn’t.”

On his biggest mistake:

• “You know what was maybe my biggest single f*** up? The one thing *everyone* told me to do … Chapter 11.”

• "A month ago, I was one of the world's greatest fundraisers. Now, I'm the fallen wreckage of one."

​A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event are now available to live-stream.

Watch here

People are talking

Coinbase CFO Alesia Haas said the worst of the FTX debacle could be yet to come:

• "What we are seeing now is a fallout of FTX is becoming much more like the 2008 financial crisis where it's exposing poor credit practices and is exposing poor risk management."

George K. Lerner, a psychiatrist and performance coach at FTX, doesn’t think Sam Bankman-Fried is a “criminal mastermind”:

• “I just can’t see him doing that, honestly … I mean, I guess maybe I would have to sit down with him and understand why. But I have difficulties making that jump.”

Microsoft CEO Satya Nadella has high hopes for expanding operations in China and India:

• “We’re very, very bullish about what’s happening in Asia.”

Amazon employees have expressed concern about a lack of clarity around who the company’s layoffs will hit. Per Bloomberg, one employee wrote:

• “No one is safe.”

Making moves

Amazon is offering voluntary buyouts to some employees, according to CNBC. That’s alongside the layoffs it has already started, which were confirmed yesterday by senior vice president of devices & services Dave Limp.

TuSimple cofounder Mo Chen now has control of the company, with 59% of the voting power. TuSimple is currently under investigation for its relationships with a Chinese startup linked to Chen.

Evernote has been acquired by Bending Spoons, an Italian app developer. The deal is expected to complete early 2023.

In other news

Twitter is being sued by a contractor it fired. The lawsuit alleges Twitter failed to provide proper notice, final pay, and expense reimbursement.

Call it contagion: The Winklevoss twins' Gemini Earn crypto lending program has had to halt withdrawals in the wake of the FTX disaster. That follows BlockFi considering filing for bankruptcy.

The U.K. won’t allow a takeover of its largest chip factory. Nexperia, a Dutch chip company owned by China’s Wingtech, was ordered by the U.K. government to sell at least 86% of the plant.

Activision Blizzard games are going offline in China after the company failed to reach a licensing agreement with NetEase. Foreign game developers must have a domestic Chinese partner to distribute games in the country.

SpaceX workers claim they were fired for speaking out about Elon Musk, The New York Times reports.

How bad is the state of U.S. broadband? Pretty bad, according to a study by The Verge and Consumer Reports.

​A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event are now available to live-stream.

Watch here

Thoughts, questions, tips? Send them to sourcecode@protocol.com, or our tips line, tips@protocol.com. Enjoy your day, see you tomorrow.

Jameeka Green AaronOkta

CISO, customer identity at Okta

How do we make it harder for attackers to access our apps, but not for our users?

For every organization, in every industry, digital business is just business now. User authentication is both the gateway to services, and the biggest attack vector. As a result, we are now seeing more than 50,000 breached passwords a day on our platform.

CEOs should be asking their CISOs, “How do we make it harder for attackers to access our apps, but not for our users?” With the economic environment changing, this is really a question of revenue. Organizations have to be able to acquire and retain customers without taking security shortcuts that could make them a target for attacks. From a CISO perspective, credential stuffing and multi-factor authentication bypass are two of the most critical to protect against.

Balancing security and usability is often presented as a zero-sum game, and that’s just not true anymore. We have anti-phishing technologies like passkeys and FastPass that provide additional layers of security without adding friction for users. Identity threat detection can help us spot malicious behavior and reduce bot attacks by as much as 79%.

As organizations continue to transform digitally and move apps to the cloud, they are taking an identity-first approach to security. Put another way: They are treating the login box and people as the new perimeter. We are seeing first hand with these tools — eliminating passwords, and threat detection and response — it’s possible to keep users safe, and increase engagement and loyalty at the same time.

Tweet this.

Marcus FowlerDarktrace

SVP, strategic engagements and threat at Darktrace

How are we lowering our cyber risk to become a harder target for attackers, whilst driving efficiency in our cyber security program?

Today, CEOs are recognizing that the CISO’s role includes revenue protection, brand resilience, and employee security. Cyber is an operational and existential risk for a business. We’ve moved beyond the standard questioning following a high-profile attack (could that happen to us? Would we have stopped that?) and beyond the basic need to be compliant. Both insurance and compliance have long been viewed as ways of ticking the "protection" checkbox without achieving true operational assurance, and we need look no further than Colonial Pipeline to see that insurance cannot compensate for long-term business disruption and reputational damage.

With growing economic uncertainty, organizations are being forced to make tough decisions as they plan 2023 budgets. In order to maximize ROI in the face of budget cuts, CISOs will need to demonstrate investment into proactive tools and capabilities that continuously improve their cyber resilience. CISOs don’t lack to-do lists – they require technology which integrates with existing solutions and stitches together an evolving picture of the digital estate, prioritizing risks and continuously feeding that learning into hardening the organization’s defenses. This maximizes human resources on the team, enabling them to work on higher level tasks. Maturity models and end-to-end solutions will also be critical, as well as frank communication between CISOs and the board about the efficacy of continuously testing defenses in the background.

Tweet this.

​Dr. Robert BlumofeAkamai

EVP and chief technology officer at Akamai

What are you doing to ensure that if malware does get in, that it cannot get to our critical assets?

Given the rise in cybercrime and ransomware-as-a-service tools, it is imperative to focus on preventing the spread of malware. The question I would ask is: What are you doing to ensure that if malware does get in, that it cannot get to our critical assets? At some point, an employee will click on a phishing link or malware will gain access to a corporate device through some other means. The assumption that your organization will at some point be compromised must be a given. And the technology to prevent such breaches is important, but it’s not foolproof. The real question is, what then? What happens once the malware gets in? And the answer needs to be a heck of a lot better than traditional internal firewalls, regular patching, and malware scanning.

If I were answering this question, I would lean into technologies that improve a Zero Trust posture by focusing on the principle of least privilege and strongly identifying all users and devices. So even if an employee clicks on a comprised link, it is not a given the organization will be compromised. As security leaders, we must prepare for the worst — and this is where microsegmentation becomes critical. If malware does successfully get into the network, it's immediately contained so high-value assets are protected.

Tweet this.

Ryan OrsiAWS

Worldwide cloud foundations partner lead for security-MSSP/identity/ops/management at AWS

How are we making security a part of everyone’s job next year?

Assuming the organization has already implemented table-stakes user and application security mechanisms such as multi-factor authentication and least privilege access, creating a culture of security among employees is a great way to increase the company’s resilience to bad actors. Creating a culture of security begins with education and awareness to all levels and all roles within a company on what security policies and controls exist, how each department/team directly interacts with them, and training to empower individuals with methods to detect the common tricks bad actors use in a social engineering attack.

For example, phishing attacks rely on methods to trick users into providing information and/or installing software that is actually malicious, bringing a new threat into the organization that could lead to malware activity such as elevated privileges, communication with command and control destinations, and various exploit attempts. All employees should receive regular phishing education and even company-sponsored benign phishing campaigns can be implemented to further test a user community’s degree of preparedness. Leadership must carry the message to the company that security is not a burden intended to slow anyone down, but rather set the tone on how specific security policies and procedures support various corporate goals and thereby aligning to teams' and individuals’ goals. A culture of security starts with regular education, leadership reinforcement, and ultimately individual ownership.

Tweet this.

Christy WyattAbsolute

CEO at Absolute

What more can we get out of what we already have?

Coming into 2023, every CEO and boardroom are talking about the "macro" — whether it affects them directly or not. And yet, the risk landscape has never been more concerning — from global political shifts, to distributed workforce and fragmentation of tools and data. The beginning of a new year is usually the time to ask the question "what more can we do?" But 2023 will be the year for CEOs to ask their CISO "what more can we get out of what we already have?" Maximizing the coverage and protection of your existing tools and team and not letting your guard down must be the focus as we enter this new year. Even further, this prepares leadership for times of uncertainty, knowing just how far your investments can take you.

Wherever we see massive economic shifts that impact the workforce, we see confusion which increases risk. During the pandemic we saw bad actors take advantage of uncertainty and as a result phishing, and ransomware skyrocketed. Where we saw layoffs or unprepared users sent to work from home ... we saw them taking valuable data with them. We should not be surprised that 2023 will be more of the same. Organizations cannot afford to let their guard down, and CEOs must huddle with their CISOs to better understand what their coverage is, do they have the right tools, and are they working to protect their employees and their data.

Tweet this.

Andrew HowardKudelski Security

CEO at Kudelski Security

How does our security posture and security investment compare to our peers?

There are actually a few questions we should really be asking the CISO this year.

• How does our security posture and security investment compare to our peers? This is an important question to understand relative investment. No CEO wants to be less protected than their peers — making it crucial to understand other companies and their security practices.
  
• Where are we not sufficiently protected? What keeps you up at night? The CEO should understand the weakest link in order to accurately and efficiently address it.
• How can we increase our security maturity fastest and for the lowest cost? Budgets are a big concern for everyone this year, so identifying ways that our teams can see better security for the least spend is a top priority.
• Where are you being blocked by the business from improving our security maturity? Oftentimes there are obstacles that as a CEO you can’t see easily. Take the time to connect with your CISO and see how you can step in to address those challenges.
• What is our plan to respond when we are attacked and to mitigate the damage? It sounds obvious, but having a game plan for responding to incidents needs to be a major focus with attacks on the rise.

Beyond what we should be discussing as a security team, there is also a question that we don’t have to ask:

• Are we secure? The answer to this is always no.

Yaniv VardiClaroty

CEO at Claroty

What is our highest risk, and what are the actions we need to take to reduce it to a level that we can live with?

The truth is that achieving a risk level of zero is not realistic for any organization. But by focusing resources on the risks that have the biggest potential impact on business continuity, CEOs and CISOs can achieve cyber and operational resilience.

Tweet this.

Tim EadesvArmour

CEO at vArmour

How can we partner to create a proactive framework for security and resilience, designed for impact?

The truth is, most CISOs believe their organization is falling short in addressing cyber risks. Digital acceleration dramatically changed the state of security, and today's organizations depend on an interconnected tangle of apps, services, workloads, devices, clouds and users. If businesses aren't careful, the increase in new assets can be directly proportional to the increased risk of cyberattack or data breach.

To change that, CEOs should aim to become partners to their CISOs in endorsing, investing in and enforcing proactive frameworks for data and organizational security. While it might seem expensive in the moment, waiting to act until a breach has occurred is dramatically more costly. Each hour lost after a malware attack or data breach endangers business operations, jeopardizes customer trust, and opens the door to legal liability.

In contrast, proactive security frameworks can give CEOs and security teams alike a roadmap to find and patch vulnerabilities, as well as a clear playbook for how to respond and recover when a breach inevitably occurs. Organizations cannot protect what they cannot see, and CEOs should investigate how they can support their CISO in creating the strategic and technological frameworks to get this visibility. By doing so, CEOs confirm their dedication to effectively setting up their CISO — and by extension, their entire organization — to stay ahead of security risks.

Tweet this.

Jon France(ISC)²

CISO at (ISC)²

What areas of the business are the most at risk, and what areas have the greatest opportunity to utilize security as a business improvement and differentiator?

As the threat landscape becomes increasingly complex, the CISO and CEO must work together as congruent leaders for their organization. Cyber threats are not going away anytime soon — and the CEO must understand the fundamental value that cybersecurity solutions offer their organization and customers. To help CEOs understand the importance of security and, in turn, encourage buy-in, they need to ask, “How can I, as CEO, help you, as the CISO, protect the organization in the coming year?” The CEO must voice support for security needs while also providing the necessary resources to ensure the highest level of security. While this question is nothing out of the ordinary, the modern CISO role must have a strong working relationship with the CEO.

Additionally, a CEO must ask the CISO, “What areas of the business are the most at risk, and what areas have the greatest opportunity to utilize security as a business improvement and differentiator?” When answering this question, CISOs must communicate the areas of concern with little technical jargon and share what is needed to improve. More importantly, CISOs need to convey the business value that security measures are essential.

Tweet this.

Amit ShahDynatrace

Director of AppSec product marketing at Dynatrace

Do our cyber-insurance policies incentivize better risk management and cross-functional responsibility to deliver secure innovation?

According to recent Dynatrace research, 80% of CISOs agree that security must be a shared responsibility across the software delivery cycle, from development to production.

It is imperative to treat security as a shared responsibility that falls on everyone involved in innovation. In 2023, organizations taking out cyber-insurance policies will be required to demonstrate all innovators can manage risk, and CEOs should ask their CISOs, “Do our cyber-insurance policies incentivize better risk management and cross-functional responsibility to deliver secure innovation?”

Asking this question will enable their teams to focus on building out a holistic BizDevSecOps approach that leverages advanced monitoring solutions like observability platforms to support cross-departmental processes and ensure all teams have the insights needed to conduct due diligence and manage the risk associated with their actions.

Tweet this.

Yogesh BadweDruva

CSO at Druva

How can we reduce our cyber risk in 2023?

When organizations piecemeal solutions or keep security and data protection in silos, they can unknowingly make themselves more vulnerable to threats and less able to recover. As attacks become more sophisticated, security and IT leaders must focus on finding holistic solutions that bring together security and data protection. By taking a more integrated approach, organizations are able to increase their ability to assess risks and move beyond data recoverability to proactively prepare for threats.

Tweet this.

See who's who in the Protocol Braintrust and browse every previous edition by category here (Updated Nov. 17, 2022).

Good morning! As you may have read, we are sadly winding down Protocol. Source Code, however, will continue to be sent every day into December. So stick around with us and we’ll keep you up to speed on the biggest tech news of the day. And with that, let’s dig in!

How do you manage your AI? 

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to millions of models, many machine learning practitioners say that they have yet to find what they need from prepackaged machine learning operations systems, Protocol’s Kate Kaye reports.

Currently, MLops require compromise from companies that are looking to find ways to manage all their machine learning models.

• Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol.
• But some MLops systems that can manage a larger number of models might not have desired features such as robust data visualization capabilities or the ability to work on premises rather than in cloud environments, Nokleby added.

“That is the biggest gap in the tech industry right now,” said Nicola Morini Bianzino, global chief client technology officer at EY. The auditing firm has thousands of models in deployment that are used for its customers’ tax returns and other purposes, but has not come across a suitable system for managing various MLops modules, he said.

• “I’m actually surprised that none of the big companies have jumped in this space because the opportunity is massive,” Morini Bianzino said.

So what are companies doing? Many are going in-house, building tools for themselves, often using open-source tools.

• “A vendor may not have all the capabilities [we] need. Looking at an open-source solution and extending an open-source solution might be a better way of approaching that particular component versus going with a vendor,” said Brett Hollman, Intuit’s director of engineering and product development in machine learning.
• Still, even that can be tough, because many companies do not have software engineers on staff with the level of expertise necessary to design and build systems that can handle large numbers of models.

Read more: Why large enterprises struggle to find suitable platforms for MLops

FTX’s bookkeeping backdoor? 

The FTX saga continues to roll on, but perhaps the juiciest detail to emerge over the past 24 hours is from a report by Reuters that includes details about some of the practices at the company.

FTX’s bookkeeping comes under the spotlight in the report, and sources describe how Sam Bankman-Fried may have attempted to obfuscate what was happening between FTX and Alameda Research.

• “[Gary] Wang, [FTX co-founder and] a former Google software developer, built a backdoor in FTX's book-keeping software,” Reuters reports, citing anonymous sources. That backdoor apparently “enabled Bankman-Fried to hide the transfer of customer money from FTX to Alameda.”
• SBF apparently told employees that this accounting software was "the ultimate source of truth" about FTX’s accounts.
• When it came to light in early November that Alameda held as much as $6 billion worth of FTX’s digital token, FTT, there was a rush on withdrawals from FTX, at a rate of up to $100 million per hour, according to Reuters.
• “Staff initially remained calm,” Reuters explains. “The finance team could still see ample assets on the book-keeping portal as of last week. About $10 billion in client deposits remained, with a $1.5 billion surplus to cover any further withdrawals, according to a screenshot of the database seen by Reuters. In reality, those funds were gone.”

• "In presentations to investors, some of the same assets appeared simultaneously on the balance sheets of FTX and of Bankman-Fried's trading firm, Alameda Research – despite claims by FTX that Alameda operated independently."

But SBF is still trying to fill the void in funds that has been left at FTX. The Wall Street Journal reported yesterday that he continued to attempt to raise funds this past weekend in order for the company to repay its users.

• It’s not clear what he’s offering in return for capital, though, or how the bankruptcy courts would allow him to use it.
• Meanwhile, FTX’s Bahamas unit, FTX Digital Markets, sought Chapter 15 bankruptcy protection overnight, which helps foreign companies seek relief under U.S. bankruptcy law.

​A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event are now available to live-stream.

Watch here

People are talking

Sounds like FBI Director Christopher Wray probably isn’t on TikTok:

• “We do have national security concerns at least from the FBI’s end about TikTok.”

But TikTok CEO Shou Zi Chew said the company is working on a project to isolate U.S. user data so only U.S. staff can access it:

• “It’s unprecedented … we will come up with a solution that will reasonably address the national security concerns.”

Jenny Lee, a managing partner at GGV Capital, says that the tech industry is in the midst of a fundamental change:

• “The reset has arrived.”

Can Twitter comply with European regulation now its compliance teams have been hollowed out? One anonymous insider told the FT that they doubt it:

• “It seems they are on a collision course with Brussels.”

Making moves

Amazon started making layoffs in its Alexa and cloud gaming units. It’s expected to cut somewhere in the region of 10,000 jobs in total.

Meanwhile, AWS plans to invest $2.6 billion in Spain over the next 10 years, adding 1,300 jobs in the country.

Neill Occhiogrosso is the first COO at AppOmni, a SaaS security client. He previously held leadership roles at Johns Hopkins University, Costanoa Ventures, and Highland Capital Partners.

Three senior execs left Meta’s India team amid the company’s first major global restructuring, the WSJ reports.

In other news

Elon Musk issued Twitter staff with an ultimatum, according to The Washington Post: work "long hours at high intensity" or leave the company with three months of severance pay.

Twitter Blue will relaunch Nov. 29, according to Musk, who said the date was being pushed back to “make sure that it is rock solid." Sounds a lot like a Tesla launch.

And Musk will take the stand in a Delaware court today to defend his Tesla compensation package.

Apple hopes to source chips from the U.S. by 2024. They will come from a plant in Arizona, Tim Cook said. He added that he hoped to source chips from Europe, too.

YouTube is doubling down on shopping, allowing users to make purchases through its short-form video offering, Shorts.

Nvidia is working with Microsoft to build a powerful cloud-based AI computer.

Activist investor TCI wants Alphabet to cut costs by reducing staff count and cost, and reducing losses on its longer-term bets such as autonomous vehicles.

​A MESSAGE FROM THE FINANCIAL TECHNOLOGY ASSOCIATION

Hear some of the biggest players in fintech discuss the industry’s most pressing issues at the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance. Produced in partnership with Protocol, all sessions of the event are now available to live-stream.

Watch here

Thoughts, questions, tips? Send them to sourcecode@protocol.com, or our tips line, tips@protocol.com. Enjoy your day, see you tomorrow.

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Building this publication has not been easy; as with any small startup organization, it has often been chaotic. But it has also been hugely fulfilling for those involved. We could not be prouder of, or more grateful to, the team we have assembled here over the last three years to build the publication. They are an inspirational group of people who have gone above and beyond, week after week. Today, we thank them deeply for all the work they have done.

We also thank you, our readers, for subscribing to our newsletters and reading our stories. We hope you have enjoyed our work.