Downtime in the Age of 100% Uptime–Futurum Tech Podcast Episode 052
Welcome to this edition of the Futurum Tech Podcast, FTP. On this episode of our FTP show we’re going to be talking a little bit about the cloud, SAS services outages and what it means to business and what is going to be tolerated in the future. We’re going to dive into a number of other newsworthy bits in our Fast Five. We will be circling back to talk about Zoom Zero Day, and in the end, we’re going to do a little prognostication around the PC.
Our Main Dive
We live in a world of 100 percent digital access, but what happens when the “online supply chain” fails and you experience downtime, as we witnessed when Twitter went down in the middle of a (so-called) Social Media Summit at the White House this past week. While this may have been a bit of an ironic inconvenience, the risks and downsides to businesses and enterprises can be significant if they continue to limit “techno-diversity” in their digital ecosystem.
Our Fast Five
We dig into this week’s interesting and noteworthy news:
- Amazon upgrades its Alexa in-home tech
- The latest in autonomous vehicle vision: LiDAR breakthrough to finally crush Elon Musk
- Amazon launches Upskilling 2025 to upgrade (upskill) its workforce, offering $700m to 100,000 to reach Employee 2.0
- The true price of buying security and surveillance equipment from shady Chinese companies
- The law of unintended services: Would you rent a car to take a nap? We uncovered a few people who are doing exactly that.
ZOOM’s Zero Day Vulnerability and the risks of video apps you might not know you’ve turned on, as highlighted by the recent vulnerability (that allowed hackers to turn on web cameras) found in the popular ZOOM video app. It’s not the kind of news ZOOM wanted to hear in the wake of their recent IPO success, but they’re not alone in this type of risk either.
Crystal Ball: Future-um Predictions and Guesses
The surprising growth of PC sales: Is the market really going to grow again? Or will the mobile and tablet market continue to eat away at the venerable desktop/laptop device? Hint: after years of being ignored, the laptop is finally getting the attention — and upgrades — it deserves, from better wireless connectivity options to improved batteries and multi-function designs.
Daniel Newman: Welcome to this edition of the Futurum Tech Podcast. FTP. I’m Daniel Newman, the host for this week and I’m back after a little bit of a hiatus with my always highly competent, highly intelligent cohorts at Futurum Research, Olivier Blanchard and Fred McClimans. I’m going to skip the welcome because it always creates this weird awkward pause to say, hey guys. I know you’re here and I know you’re ready to rock and roll. But this week on our FTP show we’re going to be talking a little bit about the cloud, SAS services outages and what it means to business and what is going to be tolerated in the future. We’re going to dive into a number of other newsworthy bits in our Fast Five. We will be circling back to talk about Zoom Zero Day, and in the end, we’re going to do a little prognostication around the PC, but kicking it off I want to talk about what is going on with outages.
Now, first of all, Fred and Olivier, hello. Welcome to the show. As I said, that’s all we need to know.
Fred McClimans: Awkward pause.
Daniel Newman: See, you’re laughing. I was testing just to make sure the audio was there. Was there applause? Bring the applause.
Fred McClimans: Yeah.
Daniel Newman: Thank you gents. Thank you gents. That was a good one. We had a social media summit this week and I’m not going to talk about that because I don’t want to fire up the crowds. It was quite eventful no matter what side of politics you’re on. You could not help but spew all over your desk if you watched all that stuff that was happening. It was hilarious, it was sad, it was gut-wrenching, but like I said, not going to talk about that, but I already did. But, we are going to talk about outages. During the event itself Twitter went down. Twitter went down for an hour. Now, if you all recall, back in May, Salesforce went out, and for some people it went out for almost a day.
When you have a software as a service running in the cloud like Salesforce that’s running your entire operation it’s a whole other story. Now, I’m going to be honest. When Twitter went down I kind of didn’t know what to do. I didn’t know how to twitter my thumbs on any other social platform, and since I’ve kind of abandoned Facebook I really had no idea where to go. I think people go to LinkedIn, but I’m pretty sure it’s just a dump and leave.
So, no Twitter, no Facebook. Didn’t have any idea where to be sharing my stories, but in all seriousness, it got me thinking. I was like, wow. What happens when your main applications, and not so much Twitter, but think of Salesforce, go down? What’s okay? What is going to be accepted? What’s the level of tolerance in the future and what immediately came to my mind is there is not room for failure in these areas. I still remember going back to the movie, The Social Network. If you guys haven’t seen it, it was a pretty good movie. I don’t know how accurate it actually was to the real timeline of Facebook, but the character, Jesse Eisenberg, that played Mark Zuckerberg in the movie, had this scene where he talks about how one of the investors tried to freeze the accounts, freeze the website and bring down the company. He goes, “We don’t go down ever. If we go down, people will leave. They will go elsewhere. They will change. They will…” Again, perfection is also not a reality. We’ve heard the term five nines because that’s the expected tolerance of the uptime of a highly-used application inside of a business.
So I come full-circle. Whether it’s Twitter, whether it’s Salesforce, we have reached an age where things shouldn’t go down or should they. And Fred, I’m going to let you jump in first here, but when Salesforce went down I jumped all over them. Of course, I am kind of known for liking to jump all over them. Probably something to do with Betty Ops outspoken ways, meaning my own, but people pay a lot of money for that application to potentially run every single part of their business. Going down for a day is insane. It’s crazy. What do you think about that?
Fred McClimans: I think it’s insane. I think it’s crazy. And I do, before we dive into talking about Salesforce and a few other folks here, I do want to remind our listeners, this podcast is for information and entertainment purposes only.
We’re going to talk about a couple of companies that are publicly traded and we do not want you to take anything that we say as recommendations or advice for what you should do with your hard-earned uptime money this market.
Daniel Newman: Wow, wow, wow, wow, wow. So, Fred got me there everybody. I’ve been off the podcast for about a month, forgot my lines and now you circled back.
Fred McClimans: That’s okay. It’s okay.
Daniel Newman: Thank you for doing the disclaimer for me.
Fred McClimans: Let’s kind of run through this from sort of a top-down perspective. We live in an age where 100% uptime is the standard requirement and unfortunately, downtime does interrupt that. One of the ways you can tell how significant or how important this is in my view is take a look at the number of sites that have the phrase, up or down in them that people can search on Google or DuckDuckGo or Yahoo or wherever you go to search when you like to find things, all these sites. Is it down right now? Is it up right now? When is it coming back up? How long has it been down? These things are tracked tremendously well across the board. By the way, Lenovo.com right now is down just to kind of tuck that one away. Dan, inside joke
Daniel Newman: We’re going to test that.
Fred McClimans: Yeah. But we have a society, we have a culture, we have an economy that is increasingly built on digital technology and it’s not just the sites that we like to go to. Maybe it’s a Twitter or maybe it’s a discord for a gaming app or something like that, but it’s the sites that we rely upon every day for banking, for purchasing, for information, for collaboration. These sites, they have to have a high level of uptime in order to be considered trusted and pretty basically to be profitable out there because downtime on a website for a Facebook, for a Salesforce, that translates directly not just into lost revenue for that company that’s down, but for all the other companies that rely upon that. When Facebook goes down, that’s a lot of advertisements we probably don’t need to see, but people are paying to have people see. When Salesforce goes down, that’s leads that are lost, leads that are delayed, deals that aren’t closed on time when they should be.
This, unfortunately, is part of this bigger picture that we have because as we have shifted in our economy from physical activities and physical devices and transactions and digital devices, we’ve also seen a shift from things that we own to things that we subscribe to. You know, we don’t have the picture album sitting here on the desktop or a coffee table anymore. We have Facebook, we have Instagram, we have Amazon Photos or Google Photos. These things are increasingly essential to our day-to-day lives. In fact, it’s hard to just walk away from technology and say, I’m not going to use any online service, I’m not going to use any mobile apps, I’m not going to pay my bills through the app. I’m going to go to the bank and pay it direct. It’s difficult to do that. So, this kind of downtime, unfortunately, unacceptable, but at the same time, like we know with data security, cybersecurity, with hacks, the techs, ransomware, incredibly difficult to stop. And just to kind of put a dollar metric against this.
A few months back we were talking about the city of Baltimore that had a series of ransomware attacks that literally shut down portions of the city’s ability to operate in the digital space and engage with citizens. They pegged that something like $18 million worth of downtime due to one relatively small ransomware attack. Think about that for a major corporation that’s down. It has a significant impact and it’s something that, unfortunately, we have to find a way to address I think relatively quickly because we’re close to that tipping point where downtime isn’t just a lack of uptime, it’s a lack of productivity. It’s a lack of revenue.
Olivier Blanchard: There’s something to add to that too is that there is an increasing number of organizations who spoke underground, black hat, that are essentially making their livelihood about creating these types of denial services, trying to take down, make difficult life for companies. I mean, even us, Fred, on a daily basis, you know, we have a number of tools, because we see daily activity of people trying to penetrate our site, and we’re tiny in comparison to some of these big companies. The amount of effort that needs to go in, and that, of course, can depend on what breaks it, right? Is it broken because of a denial service attack that came from outside of the organization or is it broken because of a software update, which we’ve seen it happen both ways where someone changes something in the application in firmware and the infrastructure and it doesn’t come back, at least doesn’t come back the way it’s supposed to and suddenly you’re down.
Fred McClimans: That’s an interesting aspect of the type of failures that we see, Dan, because while a lot of technology is designed to make our lives easier and to make the technology and the management of technology easier, these systems themselves are becoming increasingly complex and interwoven. Think of the application that you’re using on your mobile device. Think about the supply chain aspect of that, all the different components that go in to connecting you and your physical device all the way back through to the end data that you’re trying to access, all the intermediary steps, all the different service providers, all the different pieces of technology that can fail and unfortunately occasionally do.
Daniel Newman: Yeah. It’s crazy, and as the systems are gaining complexity the multi cloud, hybrid cloud architectures that are being built, there is a ton of additional complexity and management required, and a lot of companies essentially built these architectures with the goal of getting away from managing and sometimes it ends up becoming the entire existence of a company’s operations is just to manage to make sure this stuff is always up.
Now, Olivier, putting your business hat and not so much your technical hat on for a while, you come from a rich history of looking at impact of brand, right? So, when you look at when a company like Twitter or a company like Salesforce or Facebook, because we’ve had recently, I believe had a WhatsApp, Instagram and Facebook outage as well. What do you think the impact is today when applications go down? Obviously, the tolerance is much different when it’s a mission-critical application like Salesforce versus a social application, but just how important is it for brands? What do you think is going to be tolerated? What is tolerated? What do you think is going to be tolerated in the future?
Olivier Blanchard: Well, you know, every pain point can be measured on a scale of 1 to 10. How much does this hurt, right. It’s kind of like being at the hospital. This is now different. This is a pain point just like a physical, medical pain point. And so to me, the outage that crippled payment systems at Target nationwide like two weeks ago is far more of a problem from a business standpoint and a marketing standpoint, and it’s kind of a brand-loyalty standpoint than an outage that lasts several hours on Facebook or Twitter or even a cross-platform outage like the one we saw that you just mentioned with Instagram, Facebook and other properties. So, what I saw yesterday, and actually for several hours, just as a joke, I resurrected the Fail Whale graphic from yesteryears, which was part of the Twitter brand, right. I mean, Twitter had so many outages when it began that it created this really awesome iconic graphic with a Fail Whale, and now it’s kind of like an inside joke and it’s also a historical artifact and it’s something we can kind of slap onto that kind of outage with a smile and a smirk and not really be that inconvenienced by it.
Matter of fact, most of the feedback that I kind of gathered, not scientifically, but I just kind of saw on the internet was, hey, well, I’ll just get more stuff done today, and that’s even more so when it’s Facebook rather than Twitter going down. The thing about Twitter going down yesterday, it might not have been that big of a news item if it hadn’t have been timed exactly to coincide with the White House’s so-called social media summit. You know, I think that Facebook, Twitter, Instagram can absolutely survive and still thrive with these outages that have always been part of their culture, and they’re still, in my mind, relatively rare when you really look at the complexity and the load requirements of these platforms and what they’re capable of doing in real-time, it’s such an enormous global scale. I’m surprised that these outages don’t happen more often, honestly. I think it’s a testament to how good their IT departments are and how robust their systems are as well. But, again, I’m more concerned about outages that affect payment systems, outages that affect even data security and the integrity of our infrastructure than I do outages that affect Twitter and Facebook, honestly.
Fred McClimans: Olivier, I’m glad you mentioned that point about the infrastructure because when these type of outages, whether it’s on the surface side, whether it’s the network side, whether it’s an accident or whether it’s a denial of service attack, when you have that happen to critical infrastructure, that’s when really bad things happen.
You know, if the air traffic control network goes down and even right now I’m looking at one of the online monitors. The Commonwealth Bank of Australia, offline. The national rail system in the UK, they’re information portal, offline. When these things happen, it’s not just necessarily an inconvenience, but there are oftentimes severe consequences that can occur there and it’s troubling that we build these constructs so complex. I don’t think we’ve really yet figured out what do we really need? We may have 9.9999% reliability or 99.9999 reliability, but when that system does go down, especially if it’s critical infrastructure, the consequences can be severe, and I don’t think as governments, as industries, that we’ve given anywhere near enough thought to the need for what I’ll call techno diversity in the system, the ability to have redundant systems that aren’t just the same system twice, but systems that are actually fundamentally slightly different. Think of it sort as the LiDAR versus machine vision, you know, in an autonomous vehicle, things that complement each other that help mitigate that risk.
Daniel Newman: I know you’re teasing LiDAR because we’re going to be talking about that later.
Fred McClimans: Yes, I am.
Daniel Newman: You know when something, you read something, and it’s just like the vein in the top of your forehead and you’re just ready to talk about it, which we’re going to get there, but I want to close out this section. You guys made a lot of great points. I do think the critical infrastructure, the critical applications have to be weighed higher, but I think every outage is an inconvenience. I think every outage is an impact to net promoter. When you go down people see that as a negative. They might not come back to your site. It could be anywhere from the mom and pop shop, whether or not a potential customer comes back or ever gets to read the info that they might have come to see all the way to something like CRM/ERP power grids and everything else that can potentially become vulnerable and can take down massive users and infrastructures. As you said, Fred, and I think you made a great point, staged redundancy and we’re seeing this in cloud right now with multi cloud, the containers, the ability to move applications across infrastructure so it can be run from a different place.
If I’m not mistaken Google Cloud actually had an outage, Google Cloud’s productivity apps, for a while, for certain regions just recently. And so Google also can go down. There’s companies that are dependent on that to run their applications. So, it can happen at the cloud, it can happen in your applications, it can happen with social tools, it can happen at the infrastructure level. The tolerance, I think, continues to decrease. The risk, though, continues to increase and I think it’s every company’s responsibility to make sure that they have disaster planning to be able to handle these kinds of things. Now, I want to jump into our Fast Five because these are always fun little bits, and I’m going to jump in first and let Fred talk about LiDAR because it was the last thing on his mind and now it can be the first.
Fred McClimans: Okay, Dan. LiDAR, for those who aren’t familiar, LiDAR is a mechanism that essentially bounces light off of objects. It’s a laser-based system that serves somewhat like a more refined or enhanced version of radar. It allows computer systems to detect images and if it’s robust enough to actually identify images, what they are, where they’re moving, what they may be made of, and what the chance might be of something impacting that particular object. In the autonomous vehicle world there are two main approaches that are used, or maybe three. Radar is still used somewhat out there, but most systems either follow the LiDAR path or they follow the machine vision path. Elon Musk and Tesla being probably the only really prominent example of a company that just relies on vision systems actually looking at what’s taking place through a camera lens.
The challenge with LiDAR is it’s been very expensive. If you look at the early cars that Google and Waymo and others put out there, that giant disk on top of the car, that was a LiDAR disk and they’re expensive, in some cases close to $1 million for one of these systems.
So, getting the cost of LiDAR down low enough so that you can have a lot of LiDAR in your autonomous vehicle has been a big goal and there’s a company that has just come out now with exactly that, a company called Luminar. They’ve released their iris sensor. It’s small, less than 2 pounds. It can fit multiple of them into your front, back, side, you know, panels or bumpers on your vehicle and allow you for a fraction of the cost, in this case we’re talking less than $1,000, to actually implement LiDAR technology in the vehicle. My hope with this, this is not an unexpected thing, we’ve been watching the prices come down and there are a lot of people, Intel and among others on the technology chip side that are really working to get the cost down on this. My hope is that some of the autonomous vehicle providers out there, including Tesla, wake up and realize that, hey, it’s low-cost enough, let’s actually build in some reverse redundancies into these autonomous vehicles and really make them safe moving forward. I give a tip of the hat to Luminar and their sub-thousand-dollar LiDAR technology.
Daniel Newman: Absolutely. So, Olivier, I’m going to have you go ahead and jump in, talking about Amazon doubling down on the smart home.
Olivier Blanchard: Yes. First of all, let me preface this by saying that we’re talking about the smart home, primarily about the smart speaker market, but also we’re going to talk about robots really briefly and kind of abstractly. Amazon has been killing it in the smart home space. I’ve always bemoaned the fact that Apple completely missed the mark on this and Apple should have owned the smart home market from the start and it didn’t. So, Amazon stepped in and beat out Google, beat out Apple, beat out everybody, currently is on track to having something like 63% of the US market on this with Google at 31% and then everybody else including Apple sharing the crumbs of the final 12%.
There’s one area where Amazon hasn’t been doing as well and it’s basically the quality of its smart speakers. They’re very good. They work super well. They’ve done a really great job of selling it to people, but the sound quality isn’t as good as Sonos, for instance. And so, Amazon is doubling down on this and planning to release a better version of the Amazon Echo that’s going to have superior sound quality to compete against the Sonos of the world and Bose speakers, etc., and assuredly it will be priced a little bit higher than what the regular Amazon Echos are priced at. But it’s interesting because it just shows that even the slightest little threat, the slightest negative in their SWOT analysis of somebody else potentially taking a little bit of their market share or finding a niche where they could beat Amazon, Amazon takes seriously and immediately kind of blocks that with a solution.
The other thing, which is kind of like related news is there are rumors that Amazon is also working on releasing a smart home robot. I think the code name right now is Vesta as opposed to Vista. Nobody knows exactly what it is other than it’s kind of built in the same technology. It responds to the voice. It can move around the house. So, the most rudimentary way of thinking about it is an Echo strapped to a Rumba, but nobody knows exactly what it’s going to look like, what it’s going to be able to do, but it will definitely have the same type of core technology that its Echo speakers already have. I don’t know. We’ll see, but it’s interesting that Amazon is so hardcore into smart homes ahead of everybody else and so aggressive about it.
Daniel Newman: Yeah. No. It’s very interesting, and I think they’ve done a lot of smart things between the Nest, between the Ring, to really find a way to be in every home that can afford even a small investment in smart technology. Speaking of Amazon, because why not make Amazon at least 40% of our Fast Five, I want to talk about Amazon’s Upskill 2025 in my Fast Five. I don’t know if you’ve heard, but this week the company announced a $700 million initiative to upskill 100,000 of their employees, remember, they have about 650,000 at this point give or take, over the next plus or minus six years. So, the idea is to help their current frontline workers, entry-level management workers to up skill to become data scientist machine learning experts, to become computer software engineers, to enhance their leadership skills. I think it’s a really positive initiative.
Olivier, in our book, Human Machine, this is kind of an example in the real world of what we’re talking about, about how this can be a positive and how it can enhance the world. However, I do have to say I’d meet it with a little bit of skepticism as six years and $700 million may sound like a lot, that only averages to about a $7,000 per-employee investment when you’re talking about 100,000 employees. We’re talking about a lot of skill needed for someone who maybe working on a front line in a fulfillment center being able to suddenly become an expert in computer vision, machine learning, AI or computer programming. I think these are the kind of efforts we’re going to start to see. We’ve heard about them from companies like AT&T. A lot of other big companies are following suit, but it’s early days, but the initiative of reskilling their workforce by 2025 is a positive one and one I hope to see a lot more of. So, I’m going to pass the baton back to you now, Olivier, and we’re going to talk a little bit more about surveillance.
Olivier Blanchard: We are. We’re totally going to talk about surveillance. By the way, our new book, Human Machine, just came out in the UK last week and will be released at the end of this month in the United States and Canada, so look for that. It’s Human Machine. It’s great. No matter who you are and what you do that book is going to help you understand how to prepare for the automation “apocalypse” that actually doesn’t have to be an apocalypse at all, so grab it. Okay. So, after that plug, yes, we’re talking about surveillance. A year ago, roughly, President Trump signed the National Defense Authorization Act, the NDAA, and in the National Defense Authorization Act was an amendment that focused on not purchasing cameras made in China for the entire federal government, most of the federal government because of security concerns and particularly a security concern that involved two companies that are not Huawei, by the way. They are Hikvision and Dahua, which are kind of like two major companies and component makers in the smart kind of surveillance camera market. So, the NDAA’s clause forbade federal agencies from purchasing security cameras for surveillance from China, particularly from these companies and also had a provision that forced critical agencies to remove any cameras that had been bought from these companies or had components from these companies by August 13 of this year. So, that’s just right around the corner. It’s a month from now.
According to the Government Accountability Office, so far only about 35% of those agencies have reported full compliance with the mandate. So, two issues here. One is we have a conundrum here when it comes to sourcing and global supply chains when it comes to security cameras and all sorts of equipment. This also touches on 5G. So much of the electronics that we use for national security and for critical infrastructure in the US comes from China and when we decide that China is now a security threat with regard to our technology that really affects our ability to purchase and also to manage or even identify the components that we need to make everything work.
The other issue is management and one of the bigger issues here is we can actually replace a lot of these components or kind of get a better handle on where the components of the products themselves come from, including cameras. The problem that we have now is that we don’t really keep track of what’s what and sometimes it’s also difficult to figure out what components go into what products when we buy them through third parties. We find ourselves in this position where a lot of these cameras, tens of thousands of these security cameras being used by the federal government with potential back doors that China can exploit are now untraceable. They’re impossible to actually locate. You can’t just look at it from the floor looking up at a security camera and know if it’s one of the affected cameras or not. I would circle back to earlier conversations that we’ve had, especially with Fred, about block chain and I’m kind of openly thinking here about whether or not block chain might be a good solution in the future for identifying components in sensitive technologies and also keeping better track of the technologies and the products that we already have in place that we may have to locate and replace at some future point.
Daniel Newman: Super interesting.
Olivier Blanchard: Yeah.
Daniel Newman: I’m going to spin it back to something even more interesting because Fred wants to talk about people renting cars as offices and places to live. Now, that was often a sign of bad times when you’d see people living or spending time in cars with a purpose other than to drive them, but that trend is changing.
Olivier Blanchard: Yes, it is, and for a brief moment I’m going to resist the urge to jump all over Olivier’s Fast Five story because that really was interesting and I think there’s a great conversation for a later time.
Daniel Newman: That’s why they’re Fast Fives.
Olivier Blanchard: That’s right. They’re Fast Fives. So, right now, it’s all about cars. In fact, in particular, we’re talking about ride sharing or car sharing services where you don’t own a car or you rent a car or you lease or you subscribe and you use a car for a short period of time. Now, we often talk in business about the law of unintended consequences. This becomes the law of unintended uses. So, in Japan there are several car companies or service providers like Orix that offers a car sharing service. They discovered that there were certain people or certain times that people were using their vehicles with zero miles. Somebody would take the car and they would return the car, but it would never have moved from one spot to the next. So, they did a survey. They reached out to their users along with a couple of other similar companies out there and they came back and they found that in Japan, at least, the cost value equation is such that if you don’t have a place to take a nap you can rent a car for that, if you don’t have a place to eat your lunch you can rent a car for that.
Apparently, it’s becoming a thing there where for the cost of several dollars, one person in this survey describes the same as staying for a bit in a cybercafé and getting a quick nap and a bit of online time they can rent a car and have some privacy to do exactly that. They even uncovered some people in the survey that during times of disasters would very quickly rent a car so they could charge their mobile phone while they were out and not at home. Interesting side note here. I’m not sure that there’s a huge future to this, but what it does expose in my mind is that there’s a business opportunity out there for these needs that is not presently being met. I would not be surprised to see mobile sleep vans start to appear on the horizon here for some enterprising entrepreneur. Interesting footnote on society, the unintended use of technology.
Daniel Newman: Well, it’s kind of like the San Francisco hostiles that are going up as new cool swanky workplaces where for $1,200 you can share a room with a bunk, a 32-inch TV and you can have Ramen noodles for the same price as you can have a 3-bedroom, 2-1/2 bath in the middle of the country, but as Daniel Tosh so effectively said, “If you don’t like the prices of the West Coast, good. Move east and give up your dreams like the rest of the world.” That is, by the way, being called out by me here in Chicago. Again, I do have at least four beds. Anyhow. All right. Well, that’s a great Fast Five everybody and if you can’t tell I’m feeling quite a bit Friday today. I hope everybody’s as chipper as I am, but a lot of good things have happened, a lot of interesting things are happening, and then, of course, every once in a while something that really bites happened.
This week Tech Bites was won by my good friends at Zoom. Now, I may note at one time we actually used to record this podcast on Zoom, and frankly between you and us and everybody that’s listening to this show Zoom’s had a really great year. They had a great IPO. The founder became a billionaire. Their technology in many ways has pushed the industry to improve collaboration. In case you haven’t used it they have simplified the video meeting and most people that use it really like it. What most people don’t like though is feeling like they’re vulnerable or potentially being watched, and there was a security researcher who basically, back in March prior to the IPO, interesting time, I know, had discovered that there was a vulnerability for the Mac application for Zoom that could easily allow using the links, and Zoom uses these very basic links that anyone clicks and accesses and they default their systems as such that when you click the link it starts the meeting and automatically engages the camera. If you know any other collaboration platform on the planet it doesn’t work that way. Well, as such, these links could then be utilized and could be distributed out to create denial-of-service attacks or it could be used to gain access to cameras or meetings or information that over 4 million or estimated 4 million people who were using the application who had Macs could have been exposed to this.
One of the more interesting things too when it comes to Zoom is that Zoom, much like Slack or Dropbox, is sort of one of those clandestine applications that finds its way into a lot of companies through shadow IT. It finds its way in because once you get invited to a Zoom meeting whether your enterprise IT department has ever looked at the application all you need to do is join that meeting. IT will download an application that then becomes part of the IT ecosystem inside of your organization. Furthermore, one of the things that this security researcher discovered was that when you downloaded the application it put a local host app on your computer that did not go away upon uninstallation of the application. So, even if you used it once and uninstalled it there was a local host, a web server, sitting on your computer that the next time you would click an app it would automatically relaunch the application and bring it back into your computer again, meaning the vulnerability wasn’t only for people who were actively using, but anybody who had ever had the application on their computer.
Now, what was probably the biggest problem because there were no major breaches reported as a result of this, but the security researcher very thoroughly documented the timeline by which he tried to report this issue. Now, again, this goes back to our beginning discussion about enterprise applications, the severity of outages or risks of vulnerabilities and no joke, he reported this to Zoom back in March and Zoom’s security engineer was out of the office or out as sick and was unable to respond and it took several days for this researcher to even get a hold of somebody. What made me laugh a little bit about a company that was on its way to a billion-dollar valuation plus was that their security engineer, one, was out of the office and unavailable and unable to respond for days. It literally took months and it wasn’t until this news broke this week and then somehow ironically the patch got fixed permanently in the period of about 48 hours once the news broke.
Now, in the interim there was a quick fix that got put into place. The researcher said there’s what’s called the disclosure period of time, giving the company a full 90 days to get it fixed where it wouldn’t go public like this. But the company did not, so the researcher put it out. I have to say I give a lot of information there. I’m sure, Fred and Olivier, you are positive you like the Zoom experience, but boy, what a story. I mean, to have that all happen amidst the company going IPO, anyone else suspicious that this was downplayed, that somehow during April’s IPO nobody knew about this and then after the company gets solid and gets its footing all of the sudden all of this comes to the surface.
Olivier Blanchard: It’s possible. It’s possible.
Fred McClimans: I’m still blown away that the security team at Zoom being out of the office couldn’t be reached on a Zoom call.
Daniel Newman: Yeah. You look back, and I actually posted this on our blog. I wrote about it the other day. I put the whole timeline in there. It’s really fascinating because this researcher really was thorough. He worked with Chrome. He worked with Mozilla. Because obviously this is part of the web RTC in your browser. Some of the things that are really interesting about Zoom, and I’ve done a little work on this, looking at their security, is they have a lot of data, metadata, that’s created when yo8u’re on a call that’s accessible pretty easily just using an IP sniffer. So, if I run a Zoom call at Starbucks and I do an IP sniffer and I actually can intercept the users there was a lot of stuff that you were able to grab like the user’s identification, some email addresses. There was even some backend tags that tied to LinkedIn, maybe something to do with a campaign for marketing and remarketing and targeting.
Zoom, as an application, has a fairly broad privacy license that gives them a lot of liberties in terms of data that they use and collect. A lot of people aren’t realizing what they’re collecting. This is getting to be a more interesting trend with enterprise software is that it’s enterprise and even when you’re paying for it they’re still grabbing data through privacy policies where, you remember they used to say if the application’s free you’re the product? Well, nowadays if you’re paying for the application you’re still the product. They’re still grabbing a ton of data and, again, this isn’t unique to Zoom, so this is by no means, but Zoom seemed to be… I put it very simply. I said, you know, user experience and security are not mutually exclusive. Clearly, Zoom was focused more on one than the other and they really nailed one, but they really kind of botched the other. What do you think, Fred, the implications are of this?
What do you think the long-term impact is with enterprise IT and CIOs as this goes from being a sort of shadow IT product to an enterprise-wide product? Are CIOs getting nervous?
Fred McClimans: Well, you know, if they’re not they should be and it’s not just a case of Zoom. Think about any collaboration tool that people are using today in the enterprise. There are a ton of them out there. I mean, you know, again, we did a research piece recently where we looked exactly at that, you know, the number of collaboration tools in use, Zoom being one of a few dozen that are commonly downloaded and installed, bypassing centralized IT. In a situation like this you have that initial risk where you have potential vulnerabilities in the software, but even once an IT organization accepts the software and says, we are going to support Zoom or Slack or Microsoft Teams or Cisco WebEx, we’re going to support that, you still have this hidden vulnerability issue in there that, to this researcher’s credit, there are a lot of good people out there, the bug hunters, that go out and identify these. For some it’s a profit motive. For others they’re being altruistic in what they’re doing. It is a huge risk, and I think what it points to on the part of a lot of organizations, especially.
I’ll put my hat on the provider side here for a moment, if you are somebody that is offering a service like Zoom, by all means, if you can find a way to increase your operational leverage through the use of data, you know, have at it. That’s a great thing to do, but you have to approach it from a perspective that puts data privacy first and anonymizes as much data as possible within the system. I’ll kind of put this back at Zoom and say, look, there’s a lot of information that you’re passing back and forth apparently that could be better protected or anonymized and maybe shouldn’t be opened up to monetization here. Enterprises everywhere, please understand what you’ve got and recognize that even when you think you’ve got 100% of it nailed down, there’s another 20-25% that you just have never ever seen before.
Daniel Newman: It kind of reminds back to when people started using Slack as enterprise and then Slack puts out a blog post talking about the most popular emojis used by its users.
Fred McClimans: Yeah. How did they know?
Daniel Newman: How did that happen? So, clearly it’s not encrypted end-to-end. But, you know, it’s really interesting. There was an immediate patch that was put into place, but it was a temporary patch and the security advisor told them this. They only used the quick fix. It was able to be rolled back and then, once again, as soon as it rolled back the vulnerability was exposed again. Like I said, it’s the behaviors of some of these companies that are not born at the core. They really are born on experience and it’s like, it’s going to be this interesting marriage that’s going to have to take place between these companies. I really do believe that this is where some of those enterprise companies, so whether it be Cisco or Dell or Microsoft, do have a chance to really make a play to win more with the UX if they can match it and that’s starting to happen. Of course, like I said, companies like Slack and Zoom nailed the experience and you can’t knock them for that because if anything they pressed those bigger companies to do better, but those bigger companies really do understand core IT infrastructure in a much bigger way, much bigger security teams.
If you’re leading IT and you’re looking at creating and rolling out plans for collaboration tools or those light tools that tend to get rolled into your organization without a lot of knowledge, it’s going to be something that you’re thinking about. Great comments.
Fred McClimans: If I could just add something real quick.
Daniel Newman: Yeah. Go ahead.
Fred McClimans: We tend to think of stuff like this as IT faced with this conundrum with we want to be able to be agile and let our employees use whatever tools they want, but at the same time we need to protect ourselves and there’s this kind of like, we can’t build a wall around this that’s not going to be porous, and if we can’t do that then we’re never going to be able to stop this. But, I think the discussion here is really one that needs to shift from the tech itself to one of practices and methods because it’s not about interdicting or blocking or building walls around the tech. It’s really about internal user practices and methods.
And so, one idea here for IT departments, if any IT managers are listening, is to take a more proactive role in educating employees and not blocking any applications necessarily, not being the police, but educating them by even as something as simple as security labeling of apps, right. It just goes back to like the old school national security and intelligence communications. Do you really have sensitive discussions on open lines? No. You want more secure channels. So, it’s just if you label all of these apps with a red, orange and green kind of tag next to it and let all of your employees know, okay, these are the applications that you can actually use for sensitive communications, these are the ones that are kind of iffy, we’re not really sure, and these are the ones you should absolutely never use for any kind of sensitive or confidential communications, I think that will help teach employees, even at a large enterprise, how to kind of manage their own use of these applications and mitigate that risk. So, it’s just kind of a simple non-technical idea that any company can apply immediately
Olivier Blanchard: Yeah. On that same thread or same thought process there, one of the challenges that users experience is very often the IT department is running behind the needs of the individual worker. They have a requirement to connect to this person on this team at a different company and it’s immediate. It’s right now. IT can tend to move a bit slow.
Maybe one of the things they consider is saying, look, we’re going to be more transparent and more receptive to third-party apps coming in and maybe have a streamlined process for somebody that when they do pull in an application to say, hey, look, we’re IT. We’re going to monitor this a bit, but we’re going to give you immediate support on this app and help you in whatever way we can. All you need to do is let us know that you’re installing the app. We’re going to put some bumpers around it perhaps to make sure we’re protecting ourselves initially, but make it easier for that person so that then when that person runs into an issue installing the app or it doesn’t work, at least there’s somebody from IT there saying, yeah, this may not be officially supported, but let me help you out and let’s see what we can do on that to make it easier for people to do that because if you don’t they’re just going to do it anyway and it’s going to screw you over at the end of the day.
Daniel Newman: Absolutely. And gents, I need to keep us moving here, but you have said it well and said it enough. Security and experience doesn’t have to be mutually exclusive and IT does not have to be a bottleneck. Nobody likes a bottleneck. I want to wrap up today. Some new reports came out from our friends at Gartner and IDC who do a lot of market size tracking and they were tracking the growth of the PC industry. There were some various growth numbers shown, but I just want to read these off directly here. But, it showed growth in the, in some cases, 1.5% plus all the way up to multi percent growth for the PC makers. Now, that sounds small, but as a whole everybody’s been proclaiming the demise of the PC. So, for our crystal ball here today, I wanted to ask you guys to quickly say, is the PC, let’s do the timeframe over the next three years, going to grow or is it going to shrink, and in 30 seconds or less, why? Fred, I’ll let you go first.
Fred McClimans: Well, sure. Over the next three years will the PC market grow or shrink? I think it’s going to grow slightly. It tends to be a very cyclical business. You can have different quarters that are predictably down versus up based on consumer demand and so forth. But, I think as the tablet starts to fade a bit that we’re going to see, A) An increase in the number of phone mobile devices that fill that niche there, but then also I think PCs themselves, the laptop/desktop market will benefit slightly from that. I don’t expect that the laptop market is going to die any time soon. If anything, what we’ve seen recently is some of the laptop manufacturers have actually caught up to the requirements that users are looking for today. They had kind of been lagging behind as everybody looked to their smartphone for the tablets and I think PC manufacturers, they’re picking up on that and they’re starting to deliver a little bit better products. I’ll say it’s going to go up slightly, but no breakthrough growth at this point.
Daniel Newman: By the way, IDC said 4.7% Olivier.
Olivier Blanchard: Yeah. I think laptops are going to continue to grow and here’s why. We had this movement when tablets came out that wow, tablets are great. They’re not as bulky. They have longer battery life. You can do more content consumption on them and play games. But, the thing is, tablets have kind of progressively been kind of moving back towards trying to become laptops and we’re even seeing that with the new iPad or the new iPad Pros becoming much more laptop like. We’ve seen Surface, which originally was supposed to be a table, actually, then becoming a tablet, then becoming more of a laptop.
And so now what we have are these super thin form factors for laptops. They’re not bulky like they used to be. They don’t have to have fans unless it’s a really high end kind of gaming laptop. So, they’re extremely portable. The performance for video playback and content consumption is just as good as tablets. They have the added functionality of having the keyboard and allowing you to be productive and on top of that now starting this year with ACPCs, always-connected PCs and next year with the 5G version of that, 5G PCs. You’re going to have almost tablet-thin laptops with the capabilities of pretty decent workstations for the enterprise for small businesses and also a battery life that will last more than 20 hours without a charge, so there’s really no reason to buy a tablet anymore. And so I think what we’re seeing is a revival of the laptop as the tablet technologies and laptops have converged to build a better laptop that actually delivers on the promise of true portability and wirelessness. That’s my analysis.
Daniel Newman: You hit it. So, I’ll say really quickly because we’ve got to wrap this baby up, but I see some growth. I see the unfoldable becoming the tablet and I see the tablet becoming an a PC or super ultra-lightweight tablet-like PC that’s maybe fully foldable. When I say foldable, you know, yoga-like. In the case of Lenovo you can turn it completely, spin it, disconnect the top. I have a surface. You can disconnect that top and use it as a tablet. I have a Lenovo ACPC that you could completely fold 180 degrees and have it operate like a tablet. Like you said, all-day battery, 5G connectivity. It’s a beautiful thing. I see this being the way you want to outfit your team in the future. It’s the unfoldable and it’s one of these devices. I think there’s going to be a little growth. I think it’s going to be single-digit, but the death of the PC was premature. It’s not going anywhere.
More innovation is coming. I like what I see from Lenovo, from Microsoft, HP, Dell. They all are doing good things. I expect it to continue. Apple, I’m looking forward to seeing them step up because they’ve actually been a little bit behind in terms of like touchscreen, the emoji bar, all that stuff. So, it’s going to grow a little, not a lot. But that’s it.
That wraps ups up for today’s episode of FTP. Thank you everybody out there for listening. We ask you if you enjoy the show please hit the subscribe button. Join us every week, every Friday and check us out futurumresearch.com or Futurum Tech Podcast. For myself, Olivier, Fred, Ron, Shelly, the whole team. We’re going to be getting more guests in and out. We’re going to be talking about more things, more Fast Fives, more controversial topics, but we appreciate everybody that joins us. For FTP, we’re out of here. We’ll see you soon.